Businesses also steal code, a painful problem of the programming village

Patrick Warlde is a Mac malware expert and his code is being used so widely that he can't even imagine.

A former NSA and NASA employee, Wardle also founded the Objective-See Foundation: a nonprofit dedicated to creating security tools for macOS .

This means that a lot of our software code is available to download and decompile. Even some lines of his code are so good that they caught the eye of technology companies and they used them without his permission.

The researchers found that, over the years, code written by Wardle and released as open source has been included in a number of commercial products. All those lines of code are not credited or licensed and paid to its author.

Wardle himself is skilled at reversing software code, so he can easily identify code theft. However, other programmers who don't know how to decompile will have a hard time distinguishing between stolen code or just randomly used code.

"I can detect code theft because I can write both software and software reverse engineer. But there are not many people who can do it like me. Because I know both areas well. So I know what's going on with my code but other programmers don't, that's worrisome," Wardle told The Verge.

The code thefts are a wake-up call to the precarious state of open source code, which underpins huge chunks of the internet. Open source developers typically offer their products under specific licensing conditions. But since the code is often already public, there is little protection against unscrupulous developers who want to take advantage of people's hard work.

For example, the Donald Trump-backed app Truth Social was recently accused of stealing a lot of code from the open-source project Mastodon. The founder of Mastodon even filed a lawsuit.

In the Wardle case, the code for the OverSight software was stolen the most. OverSight is a way to check if any macOS apps are surreptitiously accessing the microphone and webcam. This tool is not only effective in detecting malicious code that is spying on users, but also helps uncover the fact that applications like Shazam are always listening for users in the background.

To create OverSight, Wardle used a combination of analytical techniques, resulting in unusual, unique code on the market.

Years after OverSight was released, Wardle was surprised to see a number of commercial applications using his code, copied from start to finish, even to bugs.

Three companies are taking Wardle's code into their commercial products. Wardle did not disclose the names of these three companies because he still believes that the code theft may stem from individual programmers and not the top-down strategy of the companies.

When feedback was received, all three companies responded positively. They acknowledge that Wardle's code has been used in their products without permission. In the end, all agreed to pay Wardle directly or donate to the Objective-See Foundation.

Code theft is a sad reality and by bringing attention to the issue Wardle hopes to help both developers and businesses protect their interests. For developers, Wardle advises people to think that their code (whether open or closed) will one day be stolen. Therefore, they should apply techniques to help detect this.

For businesses, Wardle recommends that they better educate employees about the legal frameworks around reverse engineering another product for commercial gain. And finally, Wardle hopes the programming community should stop stealing each other's code.