I'm going to release an Apache 2.0 Android library on Maven.
As in most of the cases, it relies on some third party dependencies, imported via build.gradle (e.g. androidx, etc).
When you publish an app, the copyright process for 3rd party is straightforward: you gather all the dependencies in OssLicensesMenuActivity which you display somewhere in the app.
But what's the process when you release a library? there are no activities to notice the user about your 3rd parties. So, should them be gathered into some file, and this file included in the release?
I've searched a lot about this topic but I didn't find any answer because I've only found answers about app store releases, but not aar releases.
That's all, thanks, have a good day.
I did a little more research and found an answer by myself :) There are some steps to ensure you're respecting attribution when you publish on github:
Add to README.md - in a dedicated section - a list of all the 3rd-party dependencies used by the project, along with their licensing. You can obtain a list of them with a tool like gradle-licenses-plugin.
Generate pom.xml as suggested above. This can be done automatically via Maven Publish Plugin.
If you're publishing an app, e.g. if your library project contains an app module for testing, make sure this 3rd party list will be visible to the user of the app, i.e. it should be put in a dedicated Activity reachable from some Activity of the app. This plugin will generate for you a OssLicensesMenuActivity containing all of your 3rd parties. The next thing you have to do is to put a License button somewhere in your app which, when clicked, starts an Intent calling OssLicensesMenuActivity. I've found the best solution is to put the License button in a Settings screen dialog whose icon button is in the app top-bar, always present during navigation. See nowinandroid to check how they made it.