跳转到内容
The App Fair Project
文档 博客 应用

Blog

App Fair Retrospective, 2025

- 5 min read - 991 words

As 2025 draws to a close, it’s a good moment to pause and reflect on a year that proved to be both challenging and energizing for the App Fair Project. Building on the momentum of last year’s retrospective, 2025 saw the project deepen its advocacy work, expand its public presence, and respond to some of the most consequential shifts in the app ecosystem in over a decade.

Free App Stores and FOSDEM 2025

Section titled “Free App Stores and FOSDEM 2025”

At FOSDEM 2025 in February I presented “Free App Stores and the Digital Markets Act.” The talk focused on how the DMA reshapes the legal and technical landscape for app distribution in Europe, and what those changes mean for free software, alternative app stores, and user autonomy. You can watch the presentation and read the transcript at FOSDEM 2025: Free App Stores and the Digital Markets Act.

Earlier I had the pleasure of being interviewed for the FSFE’s Software Freedom Podcast by Bonnie Mehring1, where we discussed the App Fair Project, the role of regulation in restoring balance to app ecosystems, and why distribution freedom matters for both developers and users. Listen to the complete Software Freedom Podcast interview.

A Year of Public Engagement

Section titled “A Year of Public Engagement”

This year I joined the board of the F-Droid project. The App Fair Project takes much of its inspiration from F-Droid, and we regard it as a sister project with much wisdom and experience to share from its 15 years of providing free and open-source software to the Android community.

In October, I joined a panel at the Free Software Foundation’s 40-year anniversary celebration2, alongside representatives from the FSF, the Electronic Frontier Foundation, and Sugar Labs. It was inspiring to reflect on four decades of free software advocacy, and to situate today’s struggles over app stores and gatekeepers within that longer history. A write-up of the panel is available at FSF40-panel.

In November, I attended the Digital Markets Act enforcement symposium3, organized by the free-expression organization ARTICLE 19. I participated as a technical expert, helping to assess the issues and proposals raised by presenters at a time when regulators, advocates, and technologists are grappling with how DMA enforcement should work in practice.4 These conversations underscored that while the DMA is already having real effects, sustained technical and policy engagement is essential to ensure its goals are realized.

Google’s Developer Registration Decree

Section titled “Google’s Developer Registration Decree”

One of the defining moments of 2025 came in August, when Google shocked the Android world by unilaterally announcing5 that all developers would be required to register with Google in order to continue distributing their apps on Android Certified devices, even outside of Google Play.

This move fundamentally alters long-standing assumptions about sideloading and independent distribution on Android, and it prompted a series of posts in opposition, published through the F-Droid Blog. In September we posted “Free App Stores and Google’s Developer Registration Decree” and in October we published “What We Talk About When We Talk About Sideloading”, which resulted in an extraordinary amount of press coverage6 and increased awareness of the issue. I was interviewed by a variety or tech publications as well as the popular Techlore channel7.

In parallel, we launched keepandroidopen.org as a focused resource to document the implications of this policy shift, coordinate advocacy, and provide calls to action to resist the lockdown of Android.

Looking Ahead to 2026

Section titled “Looking Ahead to 2026”

As we turn toward 2026, there is no shortage of work ahead. I’ll be attending FOSDEM 2026 alongside members of the F-Droid team and board, and presenting on the main track: “Fear and Loathing in the App Stores: when FLOSS principles collide with the Gatekeeper interests.”8

The project will continue ongoing advocacy in support of strong DMA enforcement and continued opposition to Google’s Android Developer Registration Decree and similar efforts that undermine independent app distribution. We will also continue to forcefully oppose Apple’s “notarization” requirement for its third-party app marketplaces in the EU and Japan (as well as Brazil in the near future).

A founding principle of the App Fair Project is that you have the right to install whatever software you want on your computer, regardless of whether it is on your desk or in your pocket. Apple’s “notarization” and Google’s “developer registration” are two sides of the same coin: a ploy by the mobile duopoly to strengthen their gatekeeping and control what you are allowed to do with the devices that you own.

We’re also preparing the full opening of the App Fair submission process and launch of the appfair.net index, cataloging apps distributed through the App Fair Project and making them easier for users to discover. The technical pieces are mostly in place and we’ve been publishing a handful of sample apps throughout the year in an effort to make the pipeline stable and robust.

Closing Thoughts

Section titled “Closing Thoughts”

2025 reaffirmed that the fight for fair, open, and user-respecting app ecosystems is far from over, but it also showed that sustained advocacy, technical clarity, and community collaboration can make a real difference. I’m deeply grateful to everyone who supported the App Fair Project this year.

Here’s to carrying that momentum forward into 2026!

Footnotes

Section titled “Footnotes”

  1. Software Freedom Podcast #30: The App Fair Project with Marc Prud’hommeaux: https://fsfe.org/news/podcast/2025/episode-30.en.html

  2. Free Software Foundation 40th Anniversary Celebration: https://www.fsf.org/events/fsf40-celebration

  3. ARTICLE 19 DMA Report (PDF): https://www.article19.org/wp-content/uploads/2025/11/DMA-DIGITAL-FINAL-2025.pdf

  4. Tech Policy Press: “What Europe’s Digital Markets Act Has Delivered So Far and What Comes Next”: https://www.techpolicy.press/what-europes-digital-markets-act-has-delivered-so-far-and-what-comes-next/

  5. Android Developers Blog: “A new layer of security for certified Android devices,” 25 August 2025: https://android-developers.googleblog.com/2025/08/elevating-android-security.html

  6. Press reactions: https://keepandroidopen.org/#press-reactions

  7. The Fight for Android’s Open Ecosystem: https://www.youtube.com/watch?v=ZnYSwX45ODA

  8. FOSDEM 2026 Schedule: https://fosdem.org/2026/schedule/event/TYZH97-fear-loathing-app-stores/

What We Talk About When We Talk About Sideloading

- 6 min read - 1197 words

This is a cross-posting of an article I wrote for the F-Droid blog at: https://f-droid.org/en/2025/10/28/sideloading.html. As well as managing the App Fair Project, I also serve on the F-Droid board of directors.

We recently published a blog post with our reaction to the new Google Developer Program and how it impacts your freedom to use the devices that you own in the ways that you want. The post garnered quite a lot of feedback and interest from the community and press, as well as various civil society groups and regulatory agencies.

In this post, I hope to clarify and expand on some of the points and rebut some of the counter-messaging that we have witnessed.

Google’s message that “Sideloading is Not Going Away” is clear, concise, and false

Section titled “Google’s message that “Sideloading is Not Going Away” is clear, concise, and false”

Shortly after our post was published, Google aired an episode of their Android Developers Roundtable series, where they state unequivocally that “sideloading isn’t going anywhere”. They follow-up with a blog post:

Does this mean sideloading is going away on Android? Absolutely not. Sideloading is fundamental to Android and it is not going away.

This statement is untrue. The developer verification decree effectively ends the ability for individuals to choose what software they run on the devices they own.

It bears reminding that “sideload” is a made-up term. Putting software on your computer is simply called “installing”, regardless of whether that computer is in your pocket or on your desk. This could perhaps be further precised as “direct installing”, in case you need to make a distinction between obtaining software the old-fashioned way versus going through a rent-seeking intermediary marketplace like the Google Play Store or the Apple App Store.

Regardless, the term “sideload” was coined to insinuate that there is something dark and sinister about the process, as if the user were making an end-run around safeguards that are designed to keep you protected and secure. But if we reluctantly accept that “sideloading” is a term that has wriggled its way into common parlance, then we should at least use a consistent definition for it. Wikipedia’s summary definition is:

the transfer of apps from web sources that are not vendor-approved

By this definition, Google’s statement that “sideloading is not going away” is simply false. The vendor — Google, in the case of Android certified devices — will, in point of fact, be approving the source. The supplicant app developer must register with Google, pay a fee, provide government identification, agree to non-negotiable (and ever-changing) terms and conditions, enumerate all their current and future application identifiers, upload evidence of their private signing key, and then hope and wait for Google’s approval.

What this means for your rights

Section titled “What this means for your rights”

You, the consumer, purchased your Android device believing in Google’s promise that it was an open computing platform and that you could run whatever software you choose on it. Instead, starting next year, they will be non-consensually pushing an update to your operating system that irrevocably blocks this right and leaves you at the mercy of their judgement over what software you are permitted to trust.

You, the creator, can no longer develop an app and share it directly with your friends, family, and community without first seeking Google’s approval. The promise of Android — and a marketing advantage it has used to distinguish itself against the iPhone — has always been that it is “open”. But Google clearly feels that they have enough of a lock on the Android ecosystem, along with sufficient regulatory capture, that they can now jettison this principle with prejudice and impunity.

You, the state, are ceding the rights of your citizens and your own digital sovereignty to a company with a track record of complying with the extrajudicial demands of authoritarian regimes to remove perfectly legal apps that they happen to dislike. The software that is critical to the running of your businesses and governments will be at the mercy of the opaque whims of a distant and unaccountable corporation. Monocultures are perilous not just in agriculture, but in software distribution as well.

As a reminder, this applies not just to devices that exclusively use the Google Play Store: this is for every Android Certified device everywhere in the world, which encompasses over 95% of all Android devices outside of China. Regardless of whether the device owner prefers to use a competing app store like the Samsung Galaxy Store or the Epic Games Store, or a free and open-source app repository like F-Droid, they will be captive to the overarching policies unilaterally dictated by a competing corporate entity.

The place of greater safety

Section titled “The place of greater safety”

In promoting their developer registration program, Google purports:

Our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.

We haven’t seen this recent analysis — or any other supporting evidence — but the “50 times” multiple does certainly sound like great cause for distress (even if it is a surprisingly round number). But given the recent news of “224 malicious apps removed from the Google Play Store after ad fraud campaign discovered”, we are left to wonder whether their energies might better be spent assessing and improving their own safeguards rather than casting vague disparagements against the software development communities that thrive outside their walled garden.

In addition, other recent news of over 19 million downloads of malware from the Play Store leads us to question whether the sole judgement of a single corporate entity can be trusted to identify and assess malware, especially when that judgement is clouded by commercial incentives that may not align with the well-being of their users.

What can be done?

Section titled “What can be done?”

Google has been facing public outcry against their heavy-handed policies for a long time, but this trend has accelerated recently. Last year they crippled ad-blockers in Chrome and Chromium-based browsers by forcing through their unpopular “manifest v3” requirement for plugins, and earlier this year they closed off the development of the Android Open Source Project (AOSP), which is how they were able to clandestinely implement the verification infrastructure that enforces their developer registration decree.

Developer verification is an existential threat to free software distribution platforms like F-Droid as well as emergent commercial competitors to the Play Store. We are witnessing a groundswell of opposition to this attempt from both our user and developer communities, as well as the tech press and civil society groups, but public policymakers still need to be educated about the threat.

To learn more about what you can do as a consumer, visit keepandroidopen.org for information on how to contact your representative agencies and advocate for keeping the Android ecosystem open for consumers and competition.

If you are an app developer, we recommend against signing yourself up for Google’s developer registration program at this time. We unequivocally reject their attempt to force this program upon the world.

Over half of all humankind uses an Android smartphone. Google does not own your phone. You own your phone. You have the right to decide who to trust, and where you can get your software from.

Panel opening statement for the FSF40 Celebration

- 4 min read - 582 words

I was honored to be invited as a panelist at the FSF 40-year celebration event in Boston this weekend. Along with Paige Collings, senior speech and privacy activist from the EFF, Devin Ulibarri, the executive director of Sugar Labs, and Greg Farough, the FSF’s campaigns manager, we spent an hour discussing issues around software freedom and privacy, and answered a variety of interesting questions from the audience.

FSF40 panel

Once they post video and transcription, I will reproduce it here, but until then I’ll convey my notes in response to the opening question:

How has the freedom of users of mobile phones changed since the beginning of the F-Droid, in 2010?

In 2010, there were about 25 million active Android devices around the world. In 2025, it has grown to over 3 billion. Given that Android is built on free software — insofar as it runs atop the GPL-licensed Linux kernel — this can be viewed as a phenomenal expansion of free software adoption. The fact that nearly half of humanity is walking around today with a free-software-powered smartphone in their pocket is a testament to the power of the ideas that started right here, 40 years ago, with the Free Software Foundation.

Also since 2010, the F-Droid Project has grown from a small personal hobby project with a handful of apps, into a repository of thousands of free and open-source applications. F-Droid and the App Fair are the app stores you can trust, because all the apps are reviewed to keep out closed and proprietary software dependencies and flag any marginal “anti-features”, so the user is always in control of the software they are running on their device. It is truly the free software Garden of Eden.

And with free software applications running on top of a free kernel, what’s not to love about the current state of the world? We live in a magical time, right?

So also since 2010, the mobile phone ecosystem has contracted from a slew of competing systems — Blackberry, Symbian, Palm OS, Firefox OS, Ubuntu Touch, etc. — down to just two: Android and iPhone, with Android currently holding around 70% global market share. And with the entrenchment of this global smartphone duopoly has arisen increasingly extractive behavior from the corporations that control their ecosystems.

This year, 2025, has been especially dark. In March, the “Android Open Source Project” closed off its development from the public, switching to delayed and periodic snapshot source releases. This has been very difficult for projects like GrapheneOS which are based on AOSP.

And last month, the other shoe dropped: Google announced that starting next year, they would be blocking all app installations on Android certified devices from any developer who has not registered with the Google Developer Program, which requires the scanning of government identity documents, the payment of a fee, and the agreement to Google’s non-negotiable and ever-changing terms and conditions. Developers of Android apps around the world — regardless of whether they distribute through F-Droid, some other commercial app store, or simply by uploading an apk to their web site — will be cut off from their users forever unless they comply. If this goes into effect, it is an extinction event for F-Droid.

And so to answer the original question, “how has the freedom of users of mobile phones changed since in 2010”, I’ll summarize by saying: it went up, and then it went down. And that’s where we are today.

FSF40 panelists

Free App Stores and Google's Developer Registration Decree

- 6 min read - 1147 words

This is a cross-posting of an article I wrote for the F-Droid blog at: https://f-droid.org/en/2025/09/29/google-developer-registration-decree.html. As well as managing the App Fair Project, I also serve on the F-Droid board of directors.

For the past 15 years, F-Droid has provided a safe and secure haven for Android users around the world to find and install free and open source apps. When contrasted with the commercial app stores — of which the Google Play store is the most prominent — the differences are stark: they are hotbeds of spyware and scams, blatantly promoting apps that prey on their users through attempts to monetize their attention and mine their intimate information through any means necessary, including trickery and dark patterns.

F-Droid is different. It distributes apps that have been validated to work for the user’s interests, rather than for the interests of the app’s distributors. The way F-Droid works is simple: when a developer creates an app and hosts the source code publicly somewhere, the F-Droid team reviews it, inspecting it to ensure that it is completely open source and contains no undocumented anti-features such as advertisements or trackers. Once it passes inspection, the F-Droid build service compiles and packages the app to make it ready for distribution. The package is then signed either with F-Droid’s cryptographic key, or, if the build is reproducible, enables distribution using the original developer’s private key. In this way, users can trust that any app distributed through F-Droid is the one that was built from the specified source code and has not been tampered with.

Do you want a weather app that doesn’t transmit your every movement to a shadowy data broker? Or a scheduling assistant that doesn’t siphon your intimate details into an advertisement network? F-Droid has your back. Just as sunlight is the best disinfectant against corruption, open source is the best defense against software acting against the interests of the user.

Google’s move to break free app distribution

Section titled “Google’s move to break free app distribution”

The future of this elegant and proven system was put in jeopardy last month, when Google unilaterally decreed that Android developers everywhere in the world are going to be required to register centrally with Google. In addition to demanding payment of a registration fee and agreement to their (non-negotiable and ever-changing) terms and conditions, Google will also require the uploading of personally identifying documents, including government ID, by the authors of the software, as well as enumerating all the unique “application identifiers” for every app that is to be distributed by the registered developer.

The F-Droid project cannot require that developers register their apps through Google, but at the same time, we cannot “take over” the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications.

If it were to be put into effect, the developer registration decree will end the F-Droid project and other free/open-source app distribution sources as we know them today, and the world will be deprived of the safety and security of the catalog of thousands of apps that can be trusted and verified by any and all. F-Droid’s myriad users will be left adrift, with no means to install — or even update their existing installed — applications. (How many F-Droid users are there, exactly? We don’t know, because we don’t track users or have any registration: “No user accounts, by design”)

The Security Canard

Section titled “The Security Canard”

While directly installing — or “sideloading” — software can be construed as carrying some inherent risk, it is false to claim that centralized app stores are the only safe option for software distribution. Google Play itself has repeatedly hosted malware, proving that corporate gatekeeping doesn’t guarantee user protection. By contrast, F-Droid offers a trustworthy and transparent alternative approach to security: every app is free and open source, the code can be audited by anyone, the build process and logs are public, and reproducible builds ensure that what is published matches the source code exactly. This transparency and accountability provides a stronger basis for trust than closed platforms, while still giving users freedom to choose. Restricting direct app installation not only undermines that choice, it also erodes the diversity and resilience of the open-source ecosystem by consolidating control in the hands of a few corporate players.

Furthermore, Google’s framing that they need to mandate developer registration in order to defend against malware is disingenuous because they already have a remediation mechanism for malware they identify on a device: the Play Protect service that is enabled on all Android Certified devices already scans and disables apps that have been identified as malware, regardless of their provenience. Any perceived risks associated with direct app installation can be mitigated through user education, open-source transparency, and existing security measures without imposing exclusionary registration requirements.

We do not believe that developer registration is motivated by security. We believe it is about consolidating power and tightening control over a formerly open ecosystem.

The Right to Run

Section titled “The Right to Run”

If you own a computer, you should have the right to run whatever programs you want on it. This is just as true with the apps on your Android/iPhone mobile device as it is with the applications on your Linux/Mac/Windows desktop or server. Forcing software creators into a centralized registration scheme in order to publish and distribute their works is as egregious as forcing writers and artists to register with a central authority in order to be able to distribute their creative works. It is an offense to the core principles of free speech and thought that are central to the workings of democratic societies around the world.

By tying application identifiers to personal ID checks and fees, Google is building a choke point that restricts competition and limits user freedom. It must find a solution which preserves user rights, freedom of choice, and a healthy, competitive ecosystem.

What do we propose?

Section titled “What do we propose?”

Regulatory and competition authorities should look carefully at Google’s proposed activities, and ensure that policies designed to improve security are not abused to consolidate monopoly control. We urge regulators to safeguard the ability of alternative app stores and open-source projects to operate freely, and to protect developers who cannot or will not comply with exclusionary registration schemes and demands for personal information.

If you are a developer or user who values digital freedom, you can help. Write to your Member of Parliament, Congressperson or other representative, sign petitions in defense of sideloading and software freedom, and contact the European Commission’s Digital Markets Act (DMA) team to express why preserving open distribution matters. By making your voice heard, you help defend not only F-Droid, but the principle that software should remain a commons, accessible and free from unnecessary corporate gatekeeping.

The GPL and Commercial App Stores: Time for a Reconsideration

- 7 min read - 1330 words

The App Fair Project requires that all apps that it distributes be licensed under the GNU General Public License. When the project builds and distributes these apps through to the commercial app store channels (e.g., the Apple App Store and the Google Play Store), the GPL is the one and only license that dictates the distribution terms. While many developers have historically chosen the GPL on moral grounds, the App Fair’s choice of this license is more pragmatic: a strong copyleft license is the practical way to protect the community efforts that go into building these applications and defend them against bad actors.

A major problem with free or open-source software on commercial app stores is that once they achieve any level of notoriety, they immediately become a target for grifters who take the source code, bundle in some extra profit-seeking software (typically ad-banners or spyware “analytics” packages), and then re-publish the same app with a deceptively similar name and some slick marketing. When the app’s source code has been published under one of the non-copyleft permissive licenses (Apache, BSD, MIT, etc.), there is basically nothing the developer can do to prevent it: you gave your code away, no strings attached, and they took it and monetized it. Fair play, as far as the free-riding imposters are concerned. For these reasons, the permissive licenses are often referred to as “pushover licenses”.

Copyleft licenses like the GPL serve as an effective defense against these grifts. The GPL permits anyone to create derivative works from the published source code, but only if those derivative works themselves also publish their source code. And that includes all the source code, which would include all the data-gathering and advertisement-serving SDKs that infest so many of the ostensibly “free” apps that dominate the charts of the commercial app stores. Publishing and distributing an app without also publishing the source code, while certainly possible, is a violation of the terms of the GPL, and thus the original developer has a very straightforward recourse: report the violation to Apple or Google or whoever runs the store, and they will be obligated to remove the offending application promptly.

One might therefore assume that copyleft licenses would be the dominant form of license for free/open-source apps on the commercial app stores. However, in iOS app developer circles, there is a persistent misconception that GPL apps are not permitted at all on the Apple App Store. On the face of it, this is clearly nonsense: many of the most-downloaded apps on the App Store are published under the GPL: Signal, Element, Wordpress, SimpleNote, IceCubes, iSH, Bitwarden, Mastodon, Telegram, and Proton Mail, just to name a few. I myself have published numerous GPL apps to the App Store, with nary a peep from Apple about the license during their app review process.

Apple has never said that GPL-licensed apps are disallowed on their app store. The truth is, Apple couldn’t care less about how you license your software. The origin of the anti-GPL App Store policy canard started as a result of a one-sided kerfuffle from 2010, where the Free Software Foundation heard that there was a rogue GNU Go app floating around the App Store. As the copyright and trademark holders, the FSF complained to Apple about the app violating their rights1, and as a result, Apple removed the app from their App Store. Such actions are a daily occurrence: when a piece of software is identified as violating the laws of a jurisdiction, the distributor of the software is obligated to remove it. Unfortunately, the FSF decided to interpret this in a follow-up blog post as evidence that Apple “has it in” for free software:

Apple has removed GNU Go from the App Store, continuing their longstanding habit of preventing users from doing anything that Apple doesn’t want them to do.2

Fast-forward 15 years to the present day, and the chilling effect of this statement has metastasized – with much strategic amplification by opponents of software freedom – into an overwhelming sentiment among iOS app developers that the GPL is an outright prohibited license for their App Store. No amount of evidence – such as the aforementioned list of GPL apps like Signal, etc. – seems enough to dissuade iOS developers from shunning the GPL in favor of non-copyleft pushover licenses that leave them at risk of having their work taken and re-distributed as adware-infested junk with impunity. Or, more likely, they simply choose to keep their source code closed rather than share it with the world and risk being taken advantage of.

Much has changed since 2010. In 20153, Apple loosened their grip and started permitting anyone to compile and run software on their own iPhone, without needing an Apple Developer account. And the Digital Markets Act in the European Union, which came into effect in 2023, compelled Apple to open up their App Store monopoly to competition, enabling for the first time alternative app marketplaces to begin distributing software under their own terms4. These two factors alone are sufficient to comply with the GPL’s requirements and the four essential freedoms5 that it protects.

It is true that the Apple App Store has many problematic policies: usage restrictions, mandatory DRM, and the ability for a single central company to remotely disable and remove software without the user’s consent. But the Google Play Store also has nearly identical policies, and yet the GPL is a relatively popular license to use among Android app developers. One of the main drivers for the difference in this perception is the FSF’s historic antipathy towards Apple and general tolerance towards Google, despite these corporations being two halves of the mobile device duopoly and enacting nearly identical policies for the terms of software distribution on their commercial app marketplaces. But regardless – and even without the aforementioned concessions on the part of Apple – the GPLv3 has a clause that renders any concerns about the policies of these app stores moot. Section 7 states:

If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term.6

In other words, the commercial app stores can slap whatever GPL-violating terms and conditions they want onto the software that they distribute. And the end user can duly ignore all of them, and continue to exercise their rights to study, modify, and redistribute the software however they want.

When the FSF first took their position on the GPL and the Apple App Store in 2010, smartphones were still something of a novelty. Since that time, their presence has expanded astronomically: there are over 5 billion active smartphones in 2025, and nearly 90% of adults worldwide possess one and use it daily. Like it or not, smartphones are the central computer in the everyday life for the vast majority of humanity. If free software is denied to users of these devices, then free software is doomed to extinction, and humankind will be forever subject to the injustices of proprietary and opaque software. It is time the Free Software Foundation took another look at their position on how free software – specifically, apps licensed under the GPL – can have a place in this modern world.

Footnotes

Section titled “Footnotes”

  1. GPL Enforcement in Apple’s App Store https://www.fsf.org/news/2010-05-app-store-compliance

  2. More about the App Store GPL Enforcement https://www.fsf.org/blogs/licensing/more-about-the-app-store-gpl-enforcement

  3. Xcode 7 allows anyone to download, build and ‘sideload’ iOS apps for free https://9to5mac.com/2015/06/10/xcode-7-allows-anyone-to-download-build-and-sideload-ios-apps-for-free/

  4. Digital Markets Act https://en.wikipedia.org/wiki/Digital_Markets_Act

  5. The four essential freedoms https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms

  6. GNU General Public License Section 7: Additional Terms https://www.gnu.org/licenses/gpl-3.0.en.html#section7