Compiling ATAK from source
It is of the wider audience interest for a TAK Ecosystem that is Open Source and flourishing.
The key component in this ecosystem is ATAK, the Android Team Awareness Kit. It is an Android application that allows team members to have geographical awareness of an operation, being this a Search and Rescue operation, a Firefighting situation, or a community protecting their sovereign lands.
In order for ATAK to be considered Open Source, it requires:
- it's source code needs to compile,
- The licensing to be in good standing, ie. to have an open source license, and not to depend on a library that conflicts with its license.
Additionally, as it is a sensitive app it would be ethical for the code not to have any tracker.
So, we will:
- Compile the app from source
- Check the licensing
- Check for trackers
Compiling from source
There are two distributions of ATAK:
- The source code in https://github.com/deptofdefense/AndroidTacticalAssaultKit-CIV
- The Android application from https://play.google.com/store/apps/details?id=com.atakmap.app.civ
The Android application is not Open Source, as the binary is not derived from the source code distributed on the GitHub repository, so we will compile it ourselves.
I've used the amazing docker container https://github.com/realmalliance/atak-docker-build (thanks RealMalliance), and after more than two hours in a biffy computer, I got an APK.
I later also used the published scripts published in the source code that are executed each time there are new pull requests, called Actions in GitHub slang, and they also produced a functional APK. The caveat here was that I had to configure a self-hosted runner, as the ones provided by GitHub where resource constrained both in storage and RAM, so they were not able to finish the build.
For this binary to be widely available, it would be desirable for it to be installable through an app store. Regrettably, the one distributed over the Google Play Store is not open source, so I need to explore other options.
The other options that we have at hand are to distribute the binary over FDroid, or to distribute it over Obtainium.
The FDroid way might not be trivial for now, as it would require for the US Government to sign the APK. I've asked them over their support channel, and they replied that they would not do this as they can't distribute apps to sanctioned countries.
Using Obtainium would work, I would have to create a config for this... something to explore later on.
Checking for trackers
Additionally, Checked atak's APK for trackers: https://reports.exodus-privacy.eu.org/es/reports/269785/
It seems there is a tracker in the code, "Application Crash Reports for Android", only triggered when crashes happen, and an open source one but still... Would be good to be able to disable it at compile time.
A quick search for the library showed that it is used in 6 files... in a future iteration I might remove it (or add a flag to disable it by default): https://github.com/search?q=repo%3Adeptofdefense%2FAndroidTacticalAssaultKit-CIV%20org.acra&type=code
Check for Licensing
I will try to use the OSS Review Toolkit to analyze the repository in order to make sure there are no hidden dependencies bothering in the OSS process:
Definitely relevant, but not a high priority as I am not the one publishing the app.
Conclusion
For now, what I've explored is enough to continue progressing other fronts, as the the code allows to produce a binary, and the clearance process within the US government has to meet the rules, so the licensing must be sound.
I will explore publishing the APK in the future, once the path is clearer.
Member discussion