Google and Android Open Source

What's the deal with the Android Open Source Project? You can go to source.android.com and clone it. And the license is Apache! So you can make your changes, install them on your own phone, and sell it! You don't have to share with Google!

The Android kernel is Linux; that part is covered by the GPLv2. The Apache license applies to all the Android-specific stuff.

But somehow this isn't happening. There is exactly one commercial offering of AOSP code on a non-Google-licensed device: the Amazon Kindle Fire (which I had no idea was Android). Frankly, nobody buys a Kindle to have an Android device.

How does Google keep everyone in line, and sell its licenses? What keeps every phone maker from cloning their own fork of AOSP?

Ars Technica's Ron Amadeo wrote about this in 2013, and the article was recently updated: arstechnica.com/gadgets/2018/07/googles-iron-grip-on-android-controlling-open-source-by-any-means-necessary.

Google started AOSP a few months after the first iPhone came out in 2007. Google clearly understood that mobile devices were the future, and that it would be all too easy for Google search to disappear. Google was probably paying Apple a lot more than they were happy with to have Google Search be featured on that first iPhone.

Android was open source because Google had no hardware platform. They had no mobile presence whatsoever. So they priced it to move, so to speak. Non-Apple alternatives at the time were the Blackberry OS and Symbian, started by Nokia. (Remember Symbian? Me neither.)

Tim Bray, former Googler, asked, during his interview with Google VP Vig Gundotra, asked "why is Google doing Android?". This was the (from memory, years later) answer he got:

The iPhone is really good. The way things are going, Apple’s going to have a monopoly on Internet-capable mobile devices. That means they’ll be the gatekeepers for everything, including advertising, saying who can and can’t, setting prices, taking a cut. That’s an existential threat to Google. Android doesn’t have to win, to win. It just has to get enough market so there’s a diverse and competitive mobile-advertising market.

Today Android has an 80% market share. So maybe Google regrets the open-source thing?

From the beginning, not everything was open source. Google had their proprietary apps:

Some of these may have equivalents in AOSP, but they are more-or-less abandoned. And you can use a web browser to get at most of the above, but that's not as slick.

If you have an Android phone, note the Google Search app. You can open Chrome instead, and go to google.com, or even create a desktop shortcut to google.com. But then you don't get the Google Assistant, or any voice response, or other handy features. (You do get to open selected search results in new tabs, which is oddly missing from the Google Search app.)

So this left Google with a carrot to phone makers: "license with us and you get all this cool stuff". The licensing is believed to be pretty cheap, if not free; the point is that it comes with strings. If you license with Google, you must use Google's flavor of Android. No open-source improvements allowed.

The AOSP Music player was a plain-vanilla player. The Google Play Music app is quite different, with hooks into streaming services, and places to buy music.

AOSP has a Calendar app too. But it doesn't sync to the Cloud. The closed-source Google Calendar is much slicker.

Google even has a proprietary swipeable keyboard app.

Ditto the Messages (SMS) app and even the Camera.

Lock In, Lock Out

Still, for a phone manufacturer to create its own clone of AOSP, so far all it has to do is update the various Google apps. Amazon did that. Samsung has its own version of all the Google apps. How hard can it be?

Google has a few more hoops.

First and foremost, if you as a manufacturer have a license to manufacture Google-licensed Android phones, then you are probably a member of the Open Handset Alliance. Getting a license without being a member of the OHA might be possible, but it's not clear anyone has ever done it. And a big part of your OHA agreement requires that you will not manufacture any non-Google-licensed phones. That leaves a phone company with a big problem, as most phone sellers are not their own manufacturers (Samsung is).

In China, stock Google Android is not allowed. Alibaba has an AOSP clone, called Aliyun. Acer was hired to make Aliyun phones, and Google told them to stop. Acer did. This may have changed; a more recent Google ToS says

Devices may only be distributed if all Google Applications authorized for distribution in the applicable territory are pre-installed on the device.

Since no Google Applications are authorized in China, Acer may now be ok. It is not clear whether Acer is in fact making Aliyun phones, however.

Amazon had to look very hard to find a manufacturer for its AOSP Kindle Fire. But then, Amazon has resources.They finally found Quanta (not exactly a familiar name).

Samsung has the alternative apps in place, and is probably the only Android phone maker in this position. So they could quit. But that would mean that Samsung would have to stop making Google-Android phones immediately. If a future Galaxy S-37 is AOSP-based, then no more sales of Google-Android S9's.

Also, customers like the Google apps.

Skyhook has built a competing location-service app; like Google's when GPS is off, it is believed to determine your location from nearby Wi-Fi access points. Some phone makers tried to drop Google's location service (built into the Android infrastructure; it is not an app) in favor of Skyhook's. Google made them stop. Skyhook's lawsuit is still pending. (Skyhook is also suing Google for patent infringment.)

Google Store

Google has one more line of defense: you must license the Google version of Android if you want access to the Google Play Store, that is, the app store. Amazon has built their own app store for the Fire Kindle. Nobody else has tried.

It's not even as simple as contacting 100,000 app devs and asking for their app to be included in your store too. Most apps use at least one Google proprietary API. That means most apps simply will not run on a vanilla AOSP device. Here are a few hard-to-go-without APIs:

There's even a games API, Play Games, that most game devs end up using.

One final sting: most of Google's APIs are in fact supported on iPhones. So using Google makes things a lot easier for devs; often it makes the Android and iOS versions almost the same.

Amazon maintains a list of alternative APIs for Kindle Fire devs at developer.amazon.com/docs/app-submission/migrate-existing-app.html. They've had their work cut out for them.

Bottom line: between the Google apps, the manufacturing rule, and access to the App Store, nobody dares to leave the fold. Not even Samsung, who is clearly best positioned to do so (Samsung does have their own App Store. It is annoying as heck, as their store does app updates independently of Google's.)

Margrethe Vestager and the EU fine

[Roughly "VES-dae-ya"] Why the EU thinks Google is engaging in anticompetitive behavior may now be a little clearer. The EU complaint focuses on two primary things Android phone makers are forced to install:

Around 2000, Microsoft was sued by the US Dept of Justice for antitrust violations because they required manufacturers of Windows computers to install Internet Explorer. Microsoft agreed to allow competing browsers, while at the same time trying to integrate IE into the desktop. (They later abandoned that plan.) Sun workstations, meanwhile, were all shipped with a browser made by Sun. (Mosaic was also available. That's not Mozilla; Mozilla was named because it is the Mosaic Killer.)

For a manufacturer to require the installation of B when a customer (the phone maker) wants to install A is called tying. It is generally forbidden under antitrust law.

Under US law, the government must not just show that Google's competitors were harmed by Google's tying rules. They must also show that consumers were harmed. This can be difficult.The FTC considered action against Google in 2012, following the recommendations of an internal committee, but Google was a major supporter of the Obama administration.

One theory is that Google is in trouble because they made Android open-source, but have schemed mightily to prevent meaningful adoption of AOSP on phones. This isn't quite true; Google would be in trouble if they simply licensed Android as a commercial project.

Apparently the EU received multiple complaints from US phone manufacturers (are there any?) objecting to Google's terms. The usual complaint was that it was the App Store (Google Play Store) that was the absolutely-must-have app, and that to get that, the vendors had to install Chrome and Google Search.

So the EU case really is about loosening Google's tight grip on Android, but not necessarily about unlocking AOSP.

DuckDuckGo greeted the EU fine announcement positively.

Google Chrome

The Chrome browser is based on Chromium, which is open source. Is Google being generous here? Google outsiders apparently do contribute code. But there is reason to believe that Google pushes Chrome in order to control the browser advertising platform.

Nobody uses Chromium per se, but all other browsers except Firefox use the Blink browser engine (formerly Webkit) on which Chrome and Chromium are based. Most of Blink is licensed under BSD, making it easy for other browser vendors to use. (A few library parts are licensed under the LGPL, but that's ok as other browser vendors don't tend to change that.)

With this in mind, this typical BSD line becomes a little more significant:

    //    * Neither the name of Google Inc. nor the names of its
    // contributors may be used to endorse or promote products derived from
    // this software without specific prior written permission.

If you make a Blink-based browser, you basically cannot advertise the fact that it's based on Google's work.

With control of Blink, Google can add new Javascript features at will that enable additional user surveillance, and thus enhance Google's dominance of browser-based advertising.

WebRTC is one such new feature that, while fully supported by the more privacy-focused Firefox, also does expose some elements of the user's internal network.

On the spectrum of browser loyalty, from users to advertisers, Google's Chromium project has done a lot to shift the balance towards advertisers.

Despite making the source code available, Google has often certainly seemed to be gunning for Firefox, the only serious browser today that is not based on the Blink engine. In a series of twitter posts, Johnathan Nightingale describes how Google put the muscle on Firefox (twitter.com/johnath/status/1116871231792455686?lang=en). When the Firefox team started working with Google, there was no Chrome. Since then:

But Google as a whole is very different than individual googlers. Google Chrome ads started appearing next to Firefox search terms. gmail & gdocs started to experience selective performance issues and bugs on Firefox. Demo sites would falsely block Firefox as “incompatible.”

All of this is stuff you’re allowed to do to compete, of course. But we were still a search partner, so we’d say “hey what gives?” And every time, they’d say, “oops. That was accidental. We’ll fix it in the next push in 2 weeks.”

Over and over. Oops. Another accident. We’ll fix it soon. We want the same things. We’re on the same team. There were dozens of oopses. Hundreds maybe? I’m all for “don’t attribute to malice what can be explained by incompetence” but I don’t believe google is that incompetent.

I think they were running out the clock. We lost users during every oops. And we spent effort and frustration every clock tick on that instead of improving our product. We got outfoxed for a while and by the time we started calling it what it was, a lot of damage had been done.

Is this anticompetitive behavior based on open source? Is Google trying to marginalize Firefox, just as Microsoft had once tried to marginalize Netscape?

Suppose you simply want to use Chromium, or else fork Chromium to build your own Chrome-compatible browser? That isn't quite as simple as it sounds: Chromium turns out to be "broken by design". Samuel Maddock tried to do just this, to build a simple browser for watching streaming video.

But Maddock's browser needed to support DRM (specifically for streaming, but this is a de facto requirement for all browsers), and the Chromium DRM module, known as WideVine, is not open source. Maddock's project failed, as Google would not allow WideVine's use. So Chromium isn't really open source. See bloomberg.com/news/articles/2019-05-28/google-s-chrome-becomes-web-gatekeeper-and-rivals-complain, and also Cory Doctorow at boingboing.net/2019/05/29/hoarding-software-freedom.html.

Realistically, DRM modules can never be open-source: if you can modify the source, you can figure out how to save the streaming content unencrypted. But Google's use restrictions certainly cut into the utility of Chromium.

Google does provide a plugin, chromium-widevine, that makes WideVine available for Chromium, but not variants.

Chrome and ad-blockers

Google has announced that the existing ad-blocking API for Chrome extensions will change, from the webRequest API to the declarativeNetRequest API. The change will make it much harder to implement traditional ad-blockers. The latter interface currently allows a maximum of 30,000 rules, though the Easylist ruleset has 76,000 entries. See androidpolice.com/2019/05/29/google-still-plans-to-kill-chromes-existing-adblock-apis, and also 9to5google.com/2019/05/29/chrome-ad-blocking-enterprise-manifest-v3. The latter source discovered the following in a Google SEC filing:

New and existing technologies could affect our ability to customize ads and/or could block ads online, which would harm our business.

Technologies have been developed to make customizable ads more difficult or to block the display of ads altogether and some providers of online services have integrated technologies that could potentially impair the core functionality of third-party digital advertising. Most of our Google revenues are derived from fees paid to us in connection with the display of ads online. As a result, such technologies and tools could adversely affect our operating results.

However, ad blockers are potentially a user-privacy threat.