ダウンロード

通信監査

Verify with Wireshark on your own network. We list every endpoint Cove apps reach.

Cove apps run on-device. The privacy claim is: nothing user-generated leaves your phone. Below is a line-by-line audit of every network call any Cove app makes — the only way to verify a privacy claim is to enumerate the actual traffic.

  • 5 total network call types
  • 0 contain user content
  • 4/5 can be disabled

  1. Initial model download

    No user content Required for app to work
    Purpose
    Download the Google Gemma 4 E2B weights to your device the first time you open any Cove app. After this, every translation, photo analysis, voice transcription, and health question is computed locally.
    When it happens
    Once per app install. About 2.5 GB.
    Destination
    models.covebase.app (Cloudflare R2 mirror of ai.google.dev/gemma)
    User content
    Pure binary weight file. No identifiers in the request beyond a generic User-Agent and the file path.
    How to disable
    Cannot be disabled — without the model, the app does nothing. You can verify the file by checking the SHA-256 listed on the download page.

  2. Model update check

    No user content Can be disabled
    Purpose
    Once a week, the app checks whether a newer Gemma model is available. If yes, the user is prompted; the actual download only happens after the user taps Update.
    When it happens
    At most once per week, on app open.
    Destination
    models.covebase.app/version.json
    User content
    Request body contains the locally-installed model version string only. No translations, photos, or audio.
    How to disable
    Settings → Updates → Disable automatic checks. Manual update check is still available.

  3. Google Play Billing (Pro purchase)

    No user content Can be disabled
    Purpose
    When you buy Cove Pro, the Android system makes a billing call to Google Play. Cove receives a purchase token from Play and verifies the entitlement on-device. We do not run our own billing server.
    When it happens
    Only when the user explicitly initiates a Pro purchase or Restore Purchases flow.
    Destination
    Google Play Services (system API; no direct HTTPS from Cove code)
    User content
    Google Play Services handle the billing handshake. Cove receives a Play-issued purchase token; we do not see your card number or your Google account email.
    How to disable
    Don't tap Buy Pro. The free tier never triggers this call.

  4. Crash report (opt-in)

    No user content Can be disabled
    Purpose
    If the app crashes, and only if you opted in during onboarding, a stack trace plus device model and Android version is sent. This helps fix the bug; it is the only diagnostics traffic Cove makes.
    When it happens
    Only on a crash, and only if you opted in.
    Destination
    crash.covebase.app (self-hosted Sentry instance)
    User content
    Stack trace and breadcrumbs only. No translation text, photo bytes, voice audio, or health journal entries are included. Sentry is configured with PII scrubbing on the server side as a second guard.
    How to disable
    Settings → Diagnostics → Crash reports off. Or simply skip the toggle during onboarding (off by default in EU regions).

  5. Google Play app update (system)

    No user content Can be disabled
    Purpose
    When you have auto-update enabled in Google Play, the system downloads new Cove APK versions in the background. This is handled entirely by Google Play, not by Cove app code.
    When it happens
    Whenever Cove publishes a new version and your phone meets Play's auto-update conditions (Wi-Fi + power).
    Destination
    play.google.com (Google Play system, not Cove)
    User content
    This is Google Play system traffic and follows your Google Play settings, not Cove's. We list it here for completeness — to make clear we don't have a parallel update channel.
    How to disable
    Google Play → Network preferences → Auto-update apps → Don't auto-update apps. Or update Cove only over Wi-Fi.