By ByteBot
A student developer has reverse-engineered Apple’s proprietary AirPods communication protocol and released the result as open source. LibrePods, built by Kavish Devar, hit v1.0.0-rc1 in June 2026, surpassed 28,000 GitHub stars, and is currently on the Hacker News front page with 212 points. It unlocks Active Noise Cancellation control, ear detection, conversational awareness, hearing aid profiles, and per-earbud battery monitoring on Android and Linux — all features Apple deliberately withholds from non-Apple devices.
A Single Config Line Exposes the Whole Strategy
Here is what Apple’s AirPods lock-in actually looks like under the hood: a Bluetooth Device Identification check against manufacturer ID 0x004C — Apple’s own ID. If your device doesn’t claim to be Apple hardware, the AirPods hand over basic audio and nothing else. On Linux, bypassing this takes two lines in /etc/bluetooth/main.conf: set DeviceID=bluetooth:004C:0000:0000 and restart BlueZ. That’s it. Ear detection, ANC switching, hearing aid mode — all enabled by telling AirPods you’re an Apple device.
This isn’t a technical limitation. Sony’s WF-C700N reports full per-earbud battery status on stock Android using standard Bluetooth. The Bluetooth Battery Service specification, which has existed since 2011, supports multiple battery instances natively. Apple’s restriction is deliberate product policy dressed up as an ecosystem feature. The manufacturer ID trick makes that impossible to argue against.
How LibrePods Works
LibrePods implements Apple’s AAP (Apple Accessory Protocol), which runs over an L2CAP Bluetooth channel at PSM 0x1001. Commands are unencrypted hex sequences — no proprietary encryption stands between you and your own earbuds. A second channel at PSM 31 handles ATT (Attribute) protocol for hearing aid configuration. The GitHub repository includes an AAP definitions file, packet parsing headers, and a Wireshark dissector — the full reverse-engineering toolkit is open for other developers to build on.
The feature split between platforms matters. On Linux, the configuration overhead is minimal: modify one config file, pair your AirPods, done. Android is more involved because it requires root on most devices — but for an entirely separate reason that has nothing to do with Apple.
Google Shares the Blame
LibrePods needs root on Android because of a bug in Android’s Bluetooth stack, not because of Apple’s protocol. The Android Bluetooth implementation fails to properly validate L2CAP channel modes, which breaks the connection LibrePods needs. Devar filed a detailed bug report — Google Issue 371713238. Google’s response: two requests for reproduction steps, then silence. The workaround is a native library patch (btl2capfix.zip) that modifies libbluetooth_jni.so directly, which requires root access.
The fact that OnePlus and Oppo devices running ColorOS or OxygenOS 16 can run LibrePods without rooting proves a non-root path is achievable. Google has simply chosen not to fix it. Both Apple and Google deserve scrutiny here — one deliberately gates features, the other refuses to fix the infrastructure that would make those features accessible.
Related: EU Chat Control Final Vote: What “Voluntary” Scanning Really Means
A Student Beat the Regulators
The EU’s Digital Markets Act is pressuring Apple to open its ecosystem to third-party hardware. iOS 26.3 brings AirPods-style fast pairing to third-party earbuds — but only in the EU, only for proximity pairing, and not for ANC, ear detection, or hearing aid features. Full feature parity is due by mid-2026. LibrePods is already there, globally, for free, with a regulatory deadline still on the calendar.
A lone student moved faster than a continent’s enforcement apparatus. The LibrePods project is also materially more complete than what Apple’s DMA compliance will deliver — it covers ANC, ear detection, hearing aid profiles, and conversational awareness, not just fast pairing. When Apple eventually opens these features under regulatory pressure, it will be following the blueprint a student open-sourced first.
Key Takeaways
- LibrePods unlocks full AirPods features — ANC, ear detection, hearing aid mode, battery monitoring — on Android and Linux by spoofing Apple’s Bluetooth manufacturer ID
- The two-line Linux config fix proves Apple’s feature lock-in is policy, not technical necessity — standard Bluetooth has supported this since 2011
- Android requires root due to an unpatched Google Bluetooth bug (Issue 371713238), not Apple’s protocol — both companies share responsibility
- The EU DMA is forcing Apple to open some of these features, but only in the EU, only partially, and only on a regulatory timeline LibrePods already beat
- 28,000+ GitHub stars and v1.0.0-rc1 mark a mature, maintained project — not a weekend experiment
