Thursday , April 27 2017

Qualcomm issues DMCA takedown notices for 116 GitHub repositories – including their own

Qualcomm today issued DMCA takedown requests to code repository host GitHub, taking out over 116 different code branches and repositories, alleging that they are infringing on the chipmaker’s copyright.

Earlier today Ausdroid was alerted to the DMCA takedown of a number of github (source code) repositories, including at least one belonging to CyanogenMod developers. The takedown notices can be tracked back to this GitHub request posted this morning, which states :

Cyveillance has recently discovered the unauthorized publication, disclosure, and copying of highly sensitive, confidential, trade secret, and copyright-protected documents on the below web site. Specifically, we have confirmed that the documents whose locations and filenames identified below are confidential and proprietary to Qualcomm and were posted without Qualcomm’s permission.



Along with a CyanogenMod repository, the list of sites includes a couple of notable entries including Sony’s Xperia Dev Github repo, to which they recently began uploading kernel source for their latest flagship devices, in an effort to make good with the developer community. A further notable inclusion in the list is Qualcomm’s own github repository, leading to speculation that the sites included in the takedown list has been gathered by some sort of bot.

Qualcomm themselves has been attempting to better relations with the open-source community for sometime, having established a subsidiary – the Qualcomm Innovation Centre Inc.(QuIC) who “works closely with the open source community to enable the faster advancement of the wireless industry as a whole” in co-operation with the Code Aurora Forum (CAF) a consortium of companies associated with the wireless industry established in 2009, who provide ‘tested code needed to bring innovative, performance-optimized, open source-based products to market and also serves as a staging area for code that is submitted to upstream projects.’

The impetus behind the takedown request is a WiFi config file – literally a text file – which is taken straight from a Sony firmware release. In this takedown Qualcomm also took down PRIMA mirror which is open source code for Atheros wireless chipsets that they release on the CodeAurora gitweb site.

Where to from here?
At this stage the CyanogenMod team are attempting to reach out to Qualcomm and sort out what they believe to be a misunderstanding. At the time of writing, there has been no response from Qualcomm, at least a public one. With an association with CAF through the QuIC, there should be some sort of amicable arrangement found which will allow developers to return to developing rather than become involved in legal wrangling.

Until a response is received and the issues sorted out, CyanogenMod nightlies for the Sony Xperia SP – the only device affected by the takedown notice at this stage, have been turned off – but the effect could be felt on others named in the takedown.

Whether this is a legitimate takedown, or a result of an automated BOT-search gone awry, DMCA takedown notices have been issued to Android developers in the past, sometimes mistakenly

The takedown request should hopefully be resolved in the coming days, but nothing is certain. Qualcomm have done a lot of work with the open-source community and we have serious doubts that they would issue these takedown notices deliberately, without good cause. Qualcomm’s work with the open source Linux kernel community has helped advance mobile technology in the past few years and it would be a shame for this to be endangered.

We look forward to reporting the resolution of this takedown soon.

Update (July 5, 2014):
It appears that the takedown notice has been retracted. GitHub repositories affected by the takedown have begun coming back online.

A Qualcomm representative spoke to Ausdroid in response to our request for comment on the takedown saying :

Recently Qualcomm issued a number of DMCA take-down requests for files posted to GitHub containing Qualcomm Confidential markings. Those requests were identified on the GitHub website at

Since issuing these requests, we have been advised that at least one of these files may, in fact, not be Qualcomm Confidential. At this time, Qualcomm is retracting all of those DMCA take-down requests, and will be either reviewing such files further for possible approval for posting, or reaching out collaboratively to the project maintainers for assistance in addressing any remaining concerns. To those project maintainers who received these DMCA notices, we apologize for the approach taken.

Source: GitHub - DMCA.

Scott Plowman   Senior Associate

  • benanov

    And if it was found to be incorrect, no penalties for Qualcomm whatsoever, even if the lawyers have to sign “under penalty of perjury”

    • Fred

      Exactly, it shouldn’t be the toothless threat of ‘penalty of perjury’ – any lawyer that put their name to a DMCA request that’s found to be incorrect should get struck off. That might concentrate their minds and kill the bots.

  • JeniSkunk

    It definitely seems like DMCA botcode gone haywire, because why else would it also go after Qualcomm’s own stuff.

  • JT

    It was definitely generated by a bot. I’ve dealt with Cyveillance bots before, they run spiders with spoofed user agents all day against every site they can find, with no regards for robots.txt files, and no throttling limit. They just hammer everything in their way, looking for violations for their clients.

    We’ve got some absolutely massive IP blocks blacklisted to keep these guys from slamming our servers.

Check Also

Fine Dining and Exploding Kittens are on the menu in this weeks Google Play Deals of the Week

Make up your minds Google! Do you want me in shape or gorging on the …