TeamNewPipe / NewPipe

A libre lightweight streaming front-end for Android.
https://newpipe.net
GNU General Public License v3.0
31.77k stars 3.09k forks source link

Handle Copycats (License fraud) #539

Open theScrabi opened 7 years ago

theScrabi commented 7 years ago

Follow these instructions if you want to report an app on the Google Play Store!


Hey guys, I happen to notice some new copycats which seemingly violate our License.

Once again, it's OK to copy NewPipe as long as you do not violate our GPLv3 License. Please inform yourself about GPLv3 before forking!!!

I already mailed some of the copy kiddies, but they seem to not react on it (like always), so my question is how should we handle these copycats in the future?

List of known and active copies/forks

In the Google Play Store

In the Huawei AppGallery

In the Samsung Galaxy Store

Other copies/forks

ksh-b commented 7 years ago

Thats embarasing. How come they even stay on playstore.

https://support.google.com/googleplay/android-developer/contact/takedown

theScrabi commented 7 years ago

I've tried that, but google does not seem to respond? Maybe I'm doing something wrong here. Howerver, I know that it works sice there was already a fork that got kicket out.

yasinalm commented 7 years ago

don't worry, you don't need to to do anything. it is impossible(99.99%) a single app stays alive until 500 downloads. Play store takes care of it extremely very well as YT is his own too. they can earn 1-2$ but loose 25$ (account registration fee). So, it is not worth that much effort to do something. they punish themselves.

A few examples can be found but they won't live longer and the ads will be eventually ceased.

theScrabi commented 7 years ago

Sure? audiorocket sem tho have more than 400k downloads.

ericswpark commented 7 years ago

Unfortunately while copycats will always be there (I have some on my hands too) it's just easier for you to send a take-down notice to Google and let them deal with it.

That being said, Google hates your app so they might just not be taking it down in spite. Who cares, the average 99% of people in the world likes it anyway ;)

TheAssassin commented 7 years ago

This list has been mined out of 600 MiB of parsed email data. If you can spot some of them, please get in touch with us.

Edit: These are package names I parsed from the ones in the field that was added a few weeks after the introduction of the bug reporting. For this and other reasons, this list is not complete, there might be more.

co.at.newpipe
com
com.akkayaxm.mscPlayer
com.cubic3.MyDownloader
com.dl.video
com.facecampt.free.music.player
com.FloTemp
com.gawo.rohgf
com.green.music
com.halara.trap
com.hvlapps.freemusicplayer
com.mp3musicdownloader.mp3.music.downloader
com.mp3musicdownload.music
com.mp3musicdownload.musicmp3
com.mp3music.newlife
com.mpool.mytube
com.musicmp3downloader.ilovemp3
com.musicmp3.newmusic
com.musicmp3.new\nmusic
com.music.paradise
com.mwiz.pingmusic
com.tenlishir
com.youtube.audiorocket
com.youtubed.ydownloader
com.youtubelistening.youtubebackground
com.youtubelite.floattube
com.zbm.probasse
idev4mobile.karaoke
idev4mobile.videotube
inc.players.youlayer
musicstream.videostream.newpipe
org.bardo.newpipe
org.le.keep_video
org.schabi.newpipe
org.schabi.vbl2013
org.schabi.videodownloader
org.schabi.youdownload
org.schabi.youdownloader
org.testng01.tubeb44
coffeemakr commented 7 years ago

I've created a small script to check if they are on google play: https://gist.github.com/coffeemakr/8862e7903c4bea21b99c6a457268af71

The following packages are on google play:

A copyright violation can be submitted with this form: https://support.google.com/legal/contact/lr_dmca?&product=googleplay The description on how to fill out the form can be found here: https://support.google.com/legal/troubleshooter/1114905#ts=1115643%2C1115789%2C1117010%2C1697925

theScrabi commented 7 years ago

I didn't expect it to be so much xD

TheAssassin commented 7 years ago

Beware that this is not even the whole list, only the ones we captured on a side-channel. But yes, it's quite an amount. Time to take half a day and send some DMCA takedown notices, @theScrabi.

Zero3K commented 7 years ago

How about adding some code that checks the display/package name of NewPipe and if it has been changed, let the user know (and possibly refuse to work)?

TheAssassin commented 7 years ago

Then you'd also notify the copycat and tell them "oh, I need to remove that piece of code". They're not that stupid, because they must obviously know how how to develop for Android to create realistic apps. This measure is rather pointless IMO.

theScrabi commented 7 years ago

The only thing we could do is making it harder for copycats to change the email address where the but reports are send to.

Poussinou commented 7 years ago

@theScrabi Did you feel the DCMA takedown notice, out of curiosity? It only takes a few minuts and Google reacts in a few days (I already tried with an other app) I can see that the apps haven't all been taken down.

I would like to add this one (MOD edit: removed) to the list made by coffemakr !

TobiGr commented 7 years ago

Just found this app on Google Play: com.newpipestudio.newpipe They even use our screenshots.

Poussinou commented 7 years ago

There are also this other one: https://play.google.com/store/apps/details?id=com.newpipestudio.fildotube https://play.google.com/store/apps/details?id=com.newpipestudio.pelismagnet made by the same "developer"...

theScrabi commented 7 years ago

I found them to. hilarious xD. Sometimes it's funny what kind of B S they are creating :P

comradekingu commented 7 years ago

Better icon tho, ayyyyy :) Edit: Should we report all of them in a conduced effort? Seems my one complaint went on deaf ears.

theScrabi commented 7 years ago

I know that problem. Tho we should try to continue with reporting, because without punishment they might think it's ok what they do.

Poussinou commented 7 years ago

@TeamNewPipe @theScrabi

It looks like there is another one here ! Do not forget to report :)

theScrabi commented 7 years ago

Oe come on. Tho the icon looks nice. Can't we just steel that bock from him?

Ostefanini commented 7 years ago

Does play store will really help you in this war? Play yt in background is something quite illegal for them...

theScrabi commented 7 years ago

Well I wouldn't raise, there attention to much.

ghost commented 7 years ago

I found the following ones in the Play Store atm. Is there nothing we can do about them?

theScrabi commented 7 years ago

Report them. Thats the most we can do.

theScrabi commented 7 years ago

That guy releasing Fildo even calls himself. "New Pipeplayer" and rebranded NewPipe 3 times. ... Funny.

anantoghosh commented 7 years ago

@theScrabi Tweeting to https://twitter.com/GooglePlay may help. Those guys are pretty responsive.

comradekingu commented 7 years ago

Just contact a news outlet about the nature of what is actually on the Play store. It writes itself.

theScrabi commented 7 years ago

Someone put this on Reddit. Thanks :)

Zykino commented 7 years ago

Just as a side note : you may add the license to the github repository so everyone see it at the "usual place" and there is no "I don't know what I can do with GPL but it's open source". Github have a nice presentation of the current license of a repository, It won't hurt to use :)

theScrabi commented 7 years ago

Well we have a license, I don't know why it's not recognized by github.

Zykino commented 7 years ago

Official doc: https://help.github.com/articles/licensing-a-repository/

TheAssassin commented 7 years ago

Tried to rename it, didn't work: https://github.com/TeamNewPipe/NewPipe/commit/eee3ccafc33981daa276cf88644b2edaeff68c69

@Zykino any ideas?

TobiGr commented 7 years ago

Did you already try to delete the existing license and then adding it as described here?

TheAssassin commented 7 years ago

I'll try so next.

TheAssassin commented 7 years ago

@TobiGr tried to, didn't work.

@theScrabi maybe you want to give it a try?

Zykino commented 7 years ago

@TheAssassin I'm owner only for old school project so didn't tested it.

ghost commented 7 years ago

@TheAssassin: When I create a new repo at GitHub with GPLv3.0, clone it, diff LICENSE from that new repo (which shows that fancy GitHub license thingy) with LICENSE from NewPipe, I get exactly 0 differences, so it's really weird…

TobiGr commented 7 years ago

Hm. Maybe we can ask the GitHub support team. They answer quite quickly and we don't waste time.

ghost commented 7 years ago

I've asked them and they said it's because there are multiple files starting with the word license (including some Java files).

TheAssassin commented 7 years ago

Reverted the malicious commits.

@wb9688 they are technically right, there's these files:

NewPipe (dev)> find | ag license | 
./app/src/main/java/org/schabi/newpipe/about/License.java
./app/src/main/java/org/schabi/newpipe/about/LicenseFragment.java
./app/src/main/java/org/schabi/newpipe/about/LicenseFragmentHelper.java
./app/src/main/java/org/schabi/newpipe/about/StandardLicenses.java
./app/src/main/res/layout/fragment_licenses.xml
./LICENSE

However I don't understand why their detection logic even considers files called anything other than LICENSE{.md,.txt}. Their documentation implies those are the only permitted files. Also, it should be possible for them to detect it even if there's other files with similar names. They could even show a warning if there were multiple licenses and they wouldn't know which one's the right one, or show a list. This is really an issue with GitHub rather than our repository.

ghost commented 7 years ago

@TheAssassin: Yeah, I agree with you. Btw those last two don't start with License (but contain it), so they didn't count. And what's ag?

ghost commented 7 years ago

@TheAssassin: Hmm… now GitHub support says it's because of the copyright file.

comradekingu commented 7 years ago

@wb9688 Usually the license is to be found in a file called COPYING

TheAssassin commented 7 years ago

@wb9688 the GitHub support replies sound like excuses, to be honest.

I suggest to publish the whole topic here: https://github.com/isaacs/github (or even https://github.com/isaacs/github/issues/887). This might help others to sort out similar problems. My suggestion would be to just show what's wrong when there's problems detecting the license. I'd like to see GitHub implement something like that.

racuna commented 6 years ago

Found this on Google Play "recommended for you": https://play.google.com/store/apps/details?id=com.isong.up

TheAssassin commented 6 years ago

Thanks. We'll add it to the TODO list.

theScrabi commented 6 years ago

Lol what is this guy iSong up to: http://www.appisong.xyz/happy-new-year-contest.html

They even embedded push notification into the app, for what ever reason :/

yeahtheboys commented 6 years ago

Someone selling sourcecode. Is this allowed? :/

https://www.chupamobile.com/android-video/candytube-video-s-downloader-16258

nico202 commented 6 years ago

@yeahtheboys If I understand the GPL correctly, yes. BUT they have to give credit AND if anybody buys/gets the binary from them, they HAVE TO give the source for free, too. And everybody buying it is free to give it away for free

edit: I'm wrong here, please see the following post from TheAssassin

TheAssassin commented 6 years ago

@nico202 let me correct a few bits:

If I understand the GPL correctly, yes. BUT they have to give credit

So far, so correct. But they don't just have to give credit, they need to release it under the same license as before. This is called copyleft principle, and that makes the GPL a copyleft license.

AND if anybody buys/gets the binary from them, they HAVE TO give the source for free, too.

Nope. If they sell the binary release, they must hand out the source code to people who request it, too, but they may demand a fee that must not be higher than the price for the binary release. The GPL FAQ have this topic covered, see https://www.gnu.org/licenses/gpl-faq.html.

And everybody buying it is free to give it away for free

That makes it free software, yes, rather than gratis.