Licensing
Tetherand is a composite project. Different subdirectories ship under different licenses depending on what they fork, port, or link.
The canonical, in-repo licensing map lives at LICENSE.md. This page summarises it.
Headline
- Original work in this repository — code, scripts, configuration, and documentation written for Tetherand — is licensed under the MIT License.
- Forked, ported, and vendored code keeps its upstream license. Per-subdirectory
NOTICEfiles document specific upstream origins. - The assembled APK and the host-side
tetherandbinary are governed by GPL-3.0-or-later in aggregate, because GPL-3.0 ports are linked into them.
Reusing the MIT-licensed parts
If you want to extract just our original work — the build scripts, the documentation, the deterministic AI Guard heuristics in isolation, the bundle-combination tool, the hash-sidecar tool, the macOS LaunchAgent, the hardened-mode orchestrator — MIT terms apply.
You can do this freely without GPL-3.0 obligations attaching, as long as you don't redistribute the assembled APK or binary, because those are aggregations that include GPL-3.0 code.
Building a thin "MIT-only" APK
It is technically possible to produce an APK that ships under MIT-compatible terms only, by omitting:
- The Mullvad client libraries (drops M4).
- The threat-detection module that ports AIMSICD, SnoopSnitch, NetMonster, and Crocodile Hunter (drops M7a).
The resulting APK loses the privacy-chain Mullvad option and the cellular threat detection. The rest of the app continues to function. This is not a supported build target — you'd need to patch android/app/build.gradle.kts and remove the relevant Kotlin packages from the source set yourself.
Subcomponent licenses at a glance
| Component | License |
|---|---|
| Tetherand original work | MIT |
| Gnirehtet relay-rust fork (M1) | Apache-2.0 |
| BoringTun WireGuard userspace (M3) | BSD-3-Clause |
| Mullvad client libraries (M4) | GPL-3.0-or-later |
| nym-sdk (M5, opt-in) | Apache-2.0 with some GPL-3.0 modules |
| Arti and tor-* family (M6) | MIT OR Apache-2.0 |
| obfs4 / meek / webtunnel implementations (M6.x) | MIT (clean-room) |
| Conjure / gotapdance client (M6.x) | Apache-2.0 |
| Threat-detection ports (M7a) | GPL-3.0-or-later |
| librtlsdr, libhackrf (M7b) | GPL-2.0-or-later |
| libusb (M7b) | LGPL-2.1-or-later |
| TensorFlow Lite / LiteRT (M10 runtime) | Apache-2.0 |
| AndroidX libraries | Apache-2.0 |
Notes on the GPL aggregation boundary
Several spec milestones (M3, M5, M6, M6.x, M9, M10) carry MIT or Apache-2.0 source on their own, but get linked into a single APK alongside GPL-3.0 ports (M4, M7a). Under GPL-3.0 the combined work falls under GPL-3.0-or-later for distribution purposes, even though the individual files remain under their declared licenses for the purposes of reuse and reattribution.
In practical terms:
- You can freely extract and reuse any MIT-licensed file from this repo without GPL obligations attaching. The MIT terms travel with the file.
- You cannot redistribute the assembled APK under MIT-only terms once M4 or M7a are included — the GPL-3.0 sources demand GPL-3.0 redistribution of the whole binary.
- You can build a "thin" APK that omits M4 and M7a entirely (drop the relevant native libraries from
jniLibs/and the Mullvad and threat-detection Kotlin packages from the build inputs); that variant can ship under MIT terms.
This is identical to how many composite Android projects handle license-blending; it follows the FSF's published guidance on aggregation versus combination.