Why Licenses Matter
Every mobile app built in 2026 uses open source software. Whether you use React Native, Flutter, Swift packages, or Kotlin libraries, your app depends on dozens to hundreds of open source components, each with a license imposing specific obligations.
Ignoring these obligations can lead to legal action, app store removal, or reputational damage. Some licenses require you to release your own source code.
Permissive Licenses
These allow use in commercial, closed-source apps with minimal restrictions:
- MIT License - Most common. Include the license text and copyright notice.
- Apache License 2.0 - Like MIT but with patent protections. Include license, copyright, and NOTICE file if present.
- BSD Licenses (2/3-Clause) - Similar to MIT. 3-Clause adds an endorsement restriction.
- ISC License - Functionally equivalent to MIT.
Copyleft Licenses
These require derivative works to use the same license:
- GPL v2/v3 - Requires releasing source of any work incorporating GPL code. Risky for closed-source apps.
- LGPL - Weaker copyleft. Allows linking without releasing your source, but library modifications must be released.
- AGPL - Strongest copyleft. Applies even for network use. Relevant for backend code.
- MPL 2.0 - File-level copyleft. Only modified MPL files must be shared.
Quick Reference
| License | Attribution | Source Release | Safe for Closed-Source |
|---|---|---|---|
| MIT | Yes | No | Yes |
| Apache 2.0 | Yes | No | Yes |
| BSD 2/3 | Yes | No | Yes |
| LGPL | Yes | Library mods only | Usually |
| MPL 2.0 | Yes | Modified files only | Yes |
| GPL v2/v3 | Yes | Entire derivative | No |
Attribution in Practice
Create a "Licenses" or "Acknowledgments" screen in your app's settings listing each library's name, copyright holder, and full license text. Both iOS and Android apps commonly include this.
Automated Tools
- license-checker (npm) - Scans Node.js dependencies
- CocoaPods Acknowledgements - Auto-generates plist for iOS
- AboutLibraries (Android) - Generates license screen
- flutter_oss_licenses - License info for Flutter projects
- license-plist (iOS) - Generates Settings.bundle with licenses
Run these in your CI/CD pipeline to catch issues before release.
Handling GPL
If you include GPL code in your app binary, the GPL requires making your entire source available. Strategies:
- Avoid GPL libraries in mobile app code. Check before adding dependencies.
- Find alternatives. Most GPL libraries have MIT or Apache alternatives.
- Backend isolation. Run GPL software on your server. Distribution triggers GPL, and server use does not count (except AGPL).
License Compatibility
When combining libraries, licenses must be compatible:
- MIT + Apache 2.0: Compatible
- MIT + BSD: Compatible
- Apache 2.0 + GPLv3: Apache can go into GPLv3, not vice versa
- GPLv2 + GPLv3: Incompatible unless GPLv2 has "or later" clause
Compliance Checklist
- Audit all dependencies for licenses before each release
- Include a licenses screen in your app
- Avoid GPL libraries in your app binary
- Use automated scanning in CI/CD
- Keep a license inventory document
- Review licenses before adding new dependencies
- Check transitive dependencies (dependencies of dependencies)