The Dangers of the Developer API

It is well known that if a product is provided to you for free, the real product is most likely you, or more specifically in the case of online services, your data. But even people who are very aware of this as individuals, don’t take this into account with regard to their even more valuable business data.

In using a product that is provided without charge, even if, and perhaps especially if, the product is a B2B product, one should consider where the interests of the developer lie. Some components are made available as part of open source projects in a bona fide intent to contribute to the advancement of the developer community, but certain developer tools are not made available under one of the common open source licenses, but under a custom license. Before using such a developer tool, that license and any other terms that govern the use of such tool should be carefully examined to confirm whether the license contaminates your company’s proprietary code, but also whether it contaminates your data.

The implications of contaminating data can go beyond affecting only your rights in your product, and whether it is proprietary to you. If you inadvertently provide a third party with rights to use your data by not thoroughly examining the terms of the tool you’re using, this can harm your customers in allowing third parties to harness such data for products competitive with your customers’ products. It can also have detrimental effects on your compliance efforts.

You should carefully review the terms of each developer tool you use to avoid these adverse consequences, by confirming rights in data are appropriately limited.

Is Open Source Software Really Not an Issue for SaaS Companies?

It’s a commonly held position that SaaS companies can freely use software licensed under open source licenses, as they do not distribute their products. However, one use case which I see more and more of, challenges this widely held conception.

If your product is a B2B SaaS platform, for instance if you provide an analytical tool for online merchants to be integrated into their platform for analysis of customer behavior, you probably provide your customers with an SDK and API for implementation of your service in their own online service. I have recently been approached by a few clients providing a tool for online businesses, to assist them in preparing a license for the documentation they provide to their customers to facilitate such integration, specifically sample codes for implementation of their mobile SDK.

Sometimes, these sample codes are developed internally by the company providing the SDK, but often the sample codes are a third party product licensed to the company from a third party, especially in start-up companies running on a limited budget, providing a tool for more complex applications which would cost significant time and money to develop internally. For this use case, it is clear why using code licensed under an open source license would be ideal. Under open source licenses software is made available in source code form, free of charge, including for modifications and redistribution. So using such software would allow you to provide the sample application in source code form to your customer, to assist them in integrating your SDK.

And if you rely on the information online regarding use of open source in SaaS, you might think that you can use applications licensed under any open source license. But in this use case, that is not true. Some open source licenses, namely the GNU licenses, require that the program using the licensed software itself be made available as an open source program and/or distributed or made available in source code form. These requirements come into effect when the work incorporating or based on the open source component is distributed. That is why it is commonly held that they do not cause an issue for SaaS products. Sample codes, however, are in fact distributed. So you should be very mindful of the license under which the sample codes you use are provided, as this license could also apply to the lines of code calling your company’s SDK, and in some cases, your SDK itself, thus requiring you to make your SDK available in source code form.

On a side note, one qualification should be made regarding the general use of open source in SaaS. GNU do not use the legally defined term “distribute”, but rather the words “propagate” and “convey”. In their FAQs, they expressly state that they do not use the word distribute to avoid the narrow interpretation of “distribute” used by copyright legislation in most jurisdictions. They also state that they intend these terms to include making available over a network. So though we might say it is safe to use certain open source licenses in SaaS products which would not be recommended for use in a traditional license model, GNUs licenses remain risky, at the very least.