Keeping your licenses in check

A quick and easy way to check the third-party licenses for your Android app

Licences are a tricky beast, but more often than not we tend to ignore them even though we really should not. The fact that a third-party library is open-source easily deceives us into thinking that we can do whatever we want with it, because why not? The code is there for everyone to see, we can copy or modify it, and there is no physical limitation that prevents us from doing so. But, as it turns out, licenses are extremely important from a legal perspective.

We can summarize what we have learnt from these examples by saying that licenses are important from a legal perspective, that there are many different types, and that each type comes with permissions and obligations.

As Android developers, we are blessed to be part of an incredibly active community that has released a ludicrous amount of libraries that everyone can use. We are so used to either just take them for granted, or to simply assume that there must be one for our current specific need.

At the very beginning, I used to completely ignore the licenses. I had a problem, the library could help me solve it, end of story. However, regardless of the fact that you work as an independent developer or for a company, you are legally liable for not obliging to a particular license. After you develop this awareness, you will be much more careful about the libraries that you use, and you will check what licenses they come with.

But what if you, or your company, already have an app with dozens of third-party libraries? How can you check the licenses for each one of them?

The most naive but completely valid approach would be manually going through each one of them and somehow check their license, either by looking into their archive or by looking them up online. This approach, even though effective, is very cumbersome and tedious. Moreover, “it doesn’t scale” over time and complexity: what if you add 10 more libraries? And how frequently do you have to check if a license has changed or not?

and it was ready to go. As you can see, we’re using a SNAPSHOT version of master. The plugin is also modular, and what we’re interested in is exclusively the reporting part, hence license-report.

To use it, we first need to provide a configuration, a basic version of which looks like this

The dependencyConfiguration parameter allows you to specify the Gradle task for which you will have dependencies to check: simply specify the task that you use to build your app. The includeProjectDependencies parameter allows you to include the transitive dependencies in the analysis.

To run the plugin, it suffices to invoke the respective Gradle task, like so

The plugin will then analyze the dependencies, fetch all the LICENSE files it finds, and group them both by dependency and by license. We can find the results of the analysis by looking at the build/reports directory, where there will be two HTML files (other formats available): dependency-license.html, which maps each dependency to its license, and license-dependency.html, which groups dependencies by license. They look something like this

It looks great! Now we have an easy way to keep the licenses of the current libraries we use in check. 🤓

Related posts:

For all the many articles that have been written about organizational culture, it’s still a very misunderstood topic. So here’s my attempt to dispel two myths that I see as pervasive — even amongst…

You know how you used to collect stickers, or trading cards, or coins? Well, what if I told you that there are new kinds of collectibles in town and they’re better than any of those things ever were…

Relationships are reflections of who we think we’re not because in them we find out who we really are. Some of the things I dislike in my partner are the same things I’m struggling with myself, but…