Updated Distribution & License for Mapbox Mobile Maps SDK

Just received this e-mail from Mapbox

Starting with the next release in July, the Mapbox Mobile Maps SDK will use a new distribution model and an updated version of our core map renderer, Mapbox GL Native. The core rendering library used by the Mapbox Mobile Maps SDKs will be a proprietary build of Mapbox GL Native. The Mapbox Mobile Maps SDKs themselves remain open source under a BSD-2 license.

Moving to a proprietary build of Mapbox GL

With these new releases, the core Mapbox GL dependency will no longer be licensed under BSD-2 but will be a proprietary build and licensed under the Mapbox Terms of Service.

Tasks.org uses Mapbox Maps, and it turns out I’ve been shipping a non-free transitive dependency since April. I assumed the licensing was a mistake (mapbox-gl-native-android #316), but now I see that it was not. I’m going to downgrade the Mapbox SDK to version 7.4.1 for the F-Droid build, which was the last release without mapbox-accounts-android

3 Likes

The email talks only about the binary build. Does the source code of Mapbox GL Native remain free?

1 Like

I assume the source code is going to remain on GitHub but not under a free software license, which I thought prohibited it from inclusion in F-Droid

1 Like

Cross linking to this thread: Java dependencies and free software

In case anyone is interested in using the current version of mapbox maps sdk without the proprietary dependency library, it’s actually rather easy:

  1. exclude the mapbox-android-accounts module by adjusting the gradle dependencies:
dependencies {
    implementation("com.mapbox.mapboxsdk:mapbox-android-sdk:9.2.1") {
        exclude group: 'com.mapbox.mapboxsdk', module: 'mapbox-android-accounts'
    }
    // If you are using additional mapbox dependencies, you also need to exclude the module in them
    implementation("com.mapbox.mapboxsdk:mapbox-android-plugin-annotation-v9:0.8.0") {
        exclude group: 'com.mapbox.mapboxsdk', module: 'mapbox-android-accounts'
    }
}
  1. Make sure that ./gradle dependencies no longer shows the mapbox-android-accounts module.
  2. Create a new file in your source code com/mapbox/android/accounts/v1/MapboxAccounts.java (I’m considering making it a little maven library for easier inclusion), with following content:
package com.mapbox.android.accounts.v1;

import java.util.UUID;

/**
 * This class is used from within the Mapbox library
 */
@SuppressWarnings("unused")
public class MapboxAccounts {
    public final static String SKU_ID_MAPS_MAUS = "00";
    private final static String MAPS_SKU_PREFIX = "100";

    /**
     * Generates random UUID without hyphens
     */
    public static String obtainEndUserId() {
        String uuid = UUID.randomUUID().toString();
        return uuid.substring(0, 8) + uuid.substring(9, 13) + uuid.substring(14, 18) + uuid.substring(19, 23) + uuid.substring(24, 36);
    }

    /**
     * Generates a SKU which is the user id prefixed with 100 and base-36 encoded timestamp
     */
    public static String obtainMapsSkuUserToken(String userId) {
        String stamp = Long.toString(System.currentTimeMillis(), 36);
        return MAPS_SKU_PREFIX + stamp + userId;
    }
}

That’s all I needed to make it work without the proprietary library.

2 Likes

One issue is that the AccountsManager class that references MapboxAccounts has the following comment:

/**
 * REMOVAL OR MODIFICATION OF THE FOLLOWING CODE VIOLATES THE MAPBOX TERMS
 * OF SERVICE
 * <p>
 * The following code is used to access Mapbox's Mapping APIs.
 * <p>
 * Removal or modification of this code when used with Mapbox's Mapping APIs
 * can result in termination of your agreement and/or your account with
 * Mapbox.
...

“the following code” is not removed or modified. :woman_shrugging:

The motivation for that note is that with the rights edits to AccountsManager you can probably trick their billing server into thinking that multiple users/devices are only one, effectively reducing your costs when using their service. This is not the case with the changes I suggested.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.