Companies that want to add scanning features to their mobile apps without developing them in-house can choose between open-source software and a proprietary SDK. Both have their pros and cons, which we will cover in this article.
What is open-source software?
Open-source software differentiates itself from proprietary software by having its code publicly available. This allows any knowledgeable user to audit it – and to contribute. Open-source projects often result from the collaboration of a large, mostly unpaid community of developers. Well-maintained open-source projects are updated regularly by this community, receiving new features and security patches.
“Free Software” or FOSS (“Free and Open-Source Software”) goes one step beyond publishing the source code by defining four additional essential criteria:
- The freedom to run the program for any purpose
- The freedom to study how the program works and change it to one’s own requirements
- The freedom to redistribute copies of the software to help others
- The freedom to distribute modified copies
These freedoms define the “free” part in FOSS. To avoid confusion with “free” as in free-of-charge, some use the term “libre” – from "liberty" – instead.
This contrasts with the term “freeware” – software that actually is free-of-charge, though its code can still be proprietary. Therefore, freeware should not be confused with open-source or free/libre software.
An important aspect of open-source projects are the licenses they come with. Code is covered by copyright laws, meaning anyone using the software as part of a project should know the terms under which it is licensed. For example, some open-source software forbids its use for commercial purposes.
Open-source software licenses
There are many software licenses available for open-source projects, and they come with different restrictions on how the code can be used.
Some use a concept called “copyleft”. This means that any software incorporating code with such a license cannot be made proprietary. One example is the popular GNU General Public License (GPL). Companies should not take this issue lightly, since violating the software license can incite legal action. They may be forced to stop selling their product immediately and open-source its code.
At the other end of the spectrum are permissive licenses. These place minimal restrictions on how the code is used and allow its integration into proprietary software. The BSD License and the MIT License are good examples of this. Such code is generally safe to integrate into proprietary software, though companies should not do so blindly.
Sometimes, popular open-source projects are acquired by corporations, which can result in the community forking the project. A fork starts as a copy of a software’s source code, which is then developed independently. This results in a separate piece of software.
A famous example of this is MariaDB, a fork of the relational database management system MySQL. In 2009, before the latter was acquired by Oracle, its community of open-source developers grew worried about its future direction and decided to fork the project, resulting in MariaDB. What started as a drop-in replacement for MySQL is now a powerful tool in itself, providing many additional features and improved performance.
Advantages and disadvantages of open-source tools
As outlined above, the advantages of open-source code are that it is often free of charge, independently developed, and in many cases very secure, since any knowledgeable person can audit it.
However, there is a flip side to the community-driven development of open-source software. Since maintainers are mostly unpaid, there is little monetary incentive to contribute to a project longer than necessary. As a result, even fundamental building blocks of today’s software may be abandoned by their developers at some point, leaving them outdated and open to malicious actors.
According to Sonatype’s 8th Annual State of the Software Supply Chain Report, 1.2 billion vulnerable dependencies are downloaded each month. Correspondingly, the number of attacks on software supply chains increased by a staggering 742% per year from 2019 to 2022.
It’s also easy to stumble into conflicts with the variety of licenses used by open-source projects, especially if a software depends on many different libraries. For proprietary products, code with GNU GPL licenses should generally be avoided, whereas the Apache, BSD, and MIT licenses pose less of a risk.
Challenges of building a mobile app with open-source software
These licenses must be checked to ensure that every software component is used in a way that is legally compliant. If the software is forked for your company's business purposes, any changes made by the original developers must be manually incorporated. This ensures that the updated components stay compatible with your company’s software environment.
Implementing all these updates requires considerable time and effort for your company's internal development team. Thus, customers cannot always be immediately supplied with the latest component version.
Moreover, if a component’s original open-source code stops being maintained by the community, your company’s development team is responsible for any further improvements and security updates.
The initial investment needed to build a software product on open-source projects is often lower. However, these uncertainties can become considerable cost factors that are difficult to calculate in advance.
Advantages of proprietary software development kits
A proprietary software development kit (SDK) is a comprehensive solution that can be easily integrated and tailored to a company’s needs. This contrasts with the many individual software components usually needed for products built on open-source code. The adaptability of open-source software is retained through various customization options.
Customers automatically receive continuous updates and new functionalities, without need for further adjustments. SDK components can deliver state-of-the-art features while guaranteeing compatibility with operating systems and cross-platform wrappers. This ensures both an optimal user experience and accurate results.
By purchasing a proprietary software license, companies can depend on extensive support. Customers that use our Scanbot SDK in their products have access to a dedicated Slack channel where they can directly contact our in-house developers with any questions or issues.
All updates, new features, and bug fixes are included in the license fee, as is assistance from your dedicated Customer Success Manager, who ensures comprehensive support throughout the license period. This guarantees a flawless user experience.
5 things to look out for when deciding on an SDK
When it comes to SDKs, several factors can impact the success of your project. Here are five things you should consider when deciding which SDK to buy.