Patching LibreLink for Libre2 – clearing the FUD

*** Please be aware that since this article was published, Abbott have issued a DMCA take down notice to GitHub to remove the linked repository so this is no longer available ***

Last week, I posted a link to a github page on Facebook and Twitter, providing details of how to patch the LibreLink app on Android to allow it to present the output it produces to other apps for display. That link was:

https://github.com/user987654321resu/Libre2-patched-App

Unfortunately, Abbott saw it fit to issue a DMCA take down notice to Github to cease making this available. As the github repo never contained any of their app code and wasn’t distributing it, this seems a little unfair.

Following that announcement. there have been multiple questions about what it does, how it works and whether it is legal. Here I hope to answer many of those questions and reduce the FUD that’s being spread in relation to this product, given how it competes with existing third party add-ons that are already on the market.

Okay then, what does it do?

The github repository contains code and instructions for an Android LibreLink user to extend the LibreLink app to pass the glucose values that it interprets from the data it receives over bluetooth from Libre2 out to another listener app. It effectively creates an external interface for the LibreLink app. 

To be very clear here, the output is not the raw data from the sensor, rather it is the output of the Abbott algorithm that “doesn’t require” calibration. 

xDrip has been updated to include a receiver for this data and is then able to use it as it would any other CGM source. There is a calibration option for the data within xDrip, but it only allows calibration within 20mg/dl.

That’s essentially all there is to it. 

I’ve got that. How does this work then?

Essentially, what you are doing when you are adding the patch to the code is adding a small, precise incision to the app at the point where the values are generated to create an interface to distribute them out to a receiver app instead of just providing them to the alarm functions within the application. 

But doesn’t this affect the copyright?

***Please note that this is not a legal opinion. I am not a lawyer***

Perhaps surprisingly, this seems to be covered by the European Software Directive in article 6 which was implemented in member states years back, which allows for decompilation of the code by a licensed user in order to enable interoperability with another application (xDrip in this case). 

1. The authorisation of the rightholder shall not be required where reproduction of  the code and translation of its form within the meaning of points (a) and (b) of Article (1) are indispensable to obtain the information necessary to achieve the interoperability of an independently created computer program with other programs, provided that the following conditions are met:

(a) those acts are performed by the licensee or by another person having a right to use a copy of a program, or on their behalf by a person authorised to do so;

(b) the information necessary to achieve interoperability has not previously been readily available to the persons referred to in point (a); and

(c) those acts are confined to the parts of the original program which are necessary in order to achieve interoperability.

2. The provisions of paragraph 1 shall not permit the information obtained through its application:

(a) to be used for goals other than to achieve the interoperability of the independently created computer program;

(b) to be given to others, except when necessary for the interoperability of the independently created computer program; or

(c) to be used for the development, production or marketing of a computer program substantially similar in its expression, or for any other act which infringes copyright.

3. In accordance with the provisions of the Berne Convention for the protection of Literary and Artistic Works, the provisions of this Article may not be interpreted in such a way as to allow its application to be used in a manner which unreasonably prejudices the rightholder’s legitimate interests or conflicts with a normal exploitation of the computer program.

Or in other words, if you were to decompile and modify LibreLink yourself in order to provide an interface for the data that it creates which is not readily available from the app already at a programmatic level, then you appear to be covered by this clause of the directive.

You as the user of LibreLink for Libre2 have signed up to the license, and that license is not allowed to stop you doing the following under this directive, as stated in paragraph 16 (emphasis mine). 

Protection of computer programs under copyright laws should be without prejudice to the application, in appropriate cases, of other forms of protection. However, any contractual provisions contrary to the provisions of this Directive laid down in respect of decompilation or to the exceptions provided for by this Directive with regard to the making of a back-up copy or to observation, study or testing of the functioning of a program should be null and void.

At the same time, it’s very clear from the directive that if you were to undertake the patching process and then make the patched app available to others to use, you’d be breaching the copyright of the original software. 

So what about things like MiaoMiao, Droplet, Bluecon, etc?

That’s a very good question. Let’s ensure we’re clear on a few things in relation to these systems first:

  1. If you want the raw sensor data, rather than that which has been processed by Abbott’s algorithm, then you have no choice but to use one of the third party add-on transmitters;
  2. If you want to use a watch as a collector, this process doesn’t allow you to do that, so you’ll still need a transmitter, and;
  3. If you want to use Spike on an iPhone, this process isn’t going to work for you, and guess what, you’ll still need a transmitter.

Okay, so now we’ve cleared that up, what about the legality of creating and distributing third party transmitters?

Well there’s an interesting question in itself. The original Libre provided data in an unprotected form that could be read and transferred to an app to interpret the data. Effectively the hardware that was being produced was simply using standard NFC protocols to pass data between two devices. 

With the advent of Libre2, the data is now encrypted, which changes things slightly, as in order to create an interface, you need to break the encryption.

Now if you were to do this yourself, then you’d be fine, based on the previously discussed article, however, if you redistribute the code to do this as an app or device, then it seems to be a bit of a grey area as to whether this is now in breach of the directive, and I’d not be confident that it wasn’t, but as I’ve said, I’m not a lawyer.

Where does this leave potential users?

If what you’re looking for is an app on your Android phone that turns the Libre2 into a source of real-time glucose data using the Abbott non-calibrated algorithm, then it looks as though undertaking the process defined yourself in order for your independent application to use that data looks fine. 

If you want to get the data on another device, then this isn’t going to work, and if you choose to use another device to enable that, it’s questionable whether breaking the encryption and then selling the app/device to do that fulfills the rules in place.

16 Comments

  1. Is this specific to the LibreLink that works with Libre2, outside the US (since Libre2 has not been released in the US yet)?

    • If you follow the links to the Github page, this is a patch only for the German LibreLink software for Libre2.

  2. Thanks for sharing this.
    I managed to patch the app, but after installing it on my phone and starting it, I get a message saying “Please install this App from Google Play”
    My options are to cancel or to open Google Play and install the non-patched version.
    Did something go wrong while patching, or do I miss anything else?
    BR
    Thomas

    • Hi, I’d raise that as an issue in GitHub. I’ve not tried to install it as I’ve no access to Libre2.

      • Did a little more testing on different cell phone.
        I can confirm that the modified app runs without an error message, if an original version of the LibreLink app was installed on the cell phone before.
        When installing the modified apk on a “virgin” cell phone, an error message is displayed, saying you should install the app from Google Play.
        This also happens if PlayProtect is deactivated.
        I tried and application called “Lucky Patcher” to remove the licensing check and after trials with some different settings, I got it to work.
        Installing the OEM version of the app and uninstall it before installing the patched version is definitely the easier version though.
        Hope this is of use.

        • Im having this issue now where it says “Please install this app from google play”. I’ve tried disabling PlayProtect and fully uninstalling the OEM version but it still get this message. Do you have any tips that might help me Thomas?

        • Thomas, which original version of the app worked for you?

          I was on 2.80, patched DE version of 2.30 with ‘0001-Add-forwarding-of-Bluetooth-readings-to-other-apps.patch, and got the “Please install this app from google play” error.

          I tried deleting cache and storage, uninstalling then installing unpatched 2.30, but both that and the patched version trigger the error message.

          • Bear in mind that I do not understand techy things but I did manage to sort out the Patch and load a simplified instruction on to my blog bgonmywatch.com a couple of years ago. Several people have used this to install it on their phones.

            Lately I have got this error message which if you click on it reveals the it is not for my country and will not download. Because it is for .de Germany.

            When my Patch was working fully it would bluetooth direct to xDrip+, while at the same time run a Bubble or MiaouMiaou transmitter to a 2nd phone while at the same time being swipeable to LibreLink on the 1st phone

            It is still possible to do this but the LibreLink app closes down once ithas swiped and I cannot access the alarms or statistics within the app. As a result the lost signal alarm which I cannot turn off may well precipitate my divorce!

            In addition the Patch rarely runs for the full 14 days although the transmitter generally does. I think the bluetooth signal from the sensor packs in while the NFC keeps going with the transmitter but not generally with the Librelink swipe.

            My consultant has offered me G6 and I think I will probably abandon Libre and the Patch for a system where there are paid advisors on hand at least 5 days a week – but I will miss the reassurance that multiple answers currently gives me. My latest Libre 2 sensor stated off reading 2 mmoll too high.

            My consultant who is Type 1 himself has tried Libre 3, Dexcoms 6 and 7 at the same time and reports that there are accurate and not so accurate sensors in each and he has no preference.

            Sorry if this is change of subject but would be interested in any further comment on where the Patch is going. I suspect that the Germans have lost interest as they are on Libre 3.

          • After the comments above and seeing my sensor was about to end in a few hours I gave it another shot and manage to get it to work perfectly today!
            I now have the patched Libre app and it syncs automatically with xDrip+, which is great. I can now see my estimated values just from my Wear OS watch 😀

            I’m based in the Netherlands using this prepared github repo and guide:

            https://github.com/TinoKossmann/LibreLink-xDrip-Patch

            It’s written in german but google translate got me a quite accurate translation. Ofcourse the shell scripts are not translated but that wasn’t much of a problem.

  3. Hi Tim,
    Nice to meet you at St Thomas’s during Sufyan’s techy event and sorry I could not talk for longer. Also missed the Dai’s Swansea event last weekend but watched online.

    Reason for this message is that what you speculated about seems to have come to pass and Abbott have threatened action against users of the patching of Libre 2. In case you have not picked up on this yet here is the link https://github.com/github/dmca/blob/master/2019/11/2019-11-08-abbott.md
    The threat seems to have been enough and Marek has backed off and stopped development of his edroplet app and is trying another method.
    I had stopped stocking up with Libre sensors once I had learnt of the patch and the probability of the transmitter manufacturers producing successful products. My next email is to order some more!!
    I await your far better informed comments – perhaps in an updated version of the above post.
    Thank you for all the interesting stuff you put out.

12 Trackbacks / Pingbacks

  1. Abbott Labs kills free tool that lets you own the blood-sugar data from your glucose monitor, saying it violates copyright law - Perk Epic
  2. Abbott Labs Kills Free Tool That Lets You Own The Blood-sugar Data From Your Glucose Monitor, Saying It Violates Copyright Law - RSSFeedsCloud
  3. CH Abbott Labs uses copyright law to shut down open diabetes monitoring software - CyberHero.TV
  4. Quem é o dono de seus níveis de glicose? – TiaBeth.com
  5. Abbott Laboratories Sends Heavy-Handed Copyright Threat To Shut Down Diabetes Community Tool For Accessing Blood-Sugar Data – Curtis Ryals Reports
  6. Abbott Laboratories Sends Heavy-Handed Copyright Threat To Shut Down Diabetes Community Tool For Accessing Blood-Sugar Data
  7. Abbott verbietet Patch für LibreLink – Jurastudio
  8. [Old] Patching LibreLink for #Libre2 – clearing the FUD https://www… | Dr. Roy Schestowitz (罗伊)
  9. Libre 2 kao punokrvni rtCGM bez ikakvih dodataka! - NaInzulinu.com
  10. Human Rights and TPMs: Lessons from 22 Years of the U.S. DMCA - John Jason Fallows
  11. Human Rights and TPMs: Lessons from 22 Years of the U.S. DMCA – SoftMachine.net
  12. Human Rights and TPMs: Lessons from 22 Years of the U.S. DMCA

Leave a Reply to Thomas Cancel reply

Your email address will not be published.


*