How CoveLink Works

1 Discovery

The CoveLink desktop daemon broadcasts its presence on the local network using UDP multicast (239.255.44.10 : 44810). The Android app listens for these broadcasts and automatically populates its list of available desktops - no manual IP address entry required.

Android app Desktop daemon
   |       |
   |<──────── UDP multicast ─────────|
   |   {device_name, addr, port}     |
   |       |

Discovery is passive - the desktop just periodically announces itself. The phone caches discovered desktops with a last-seen timestamp, so previously paired desktops are remembered even if they are temporarily offline when the app starts.

2 Pairing - QR + cryptographic key exchange

Pairing binds a phone to a desktop permanently. It happens once and requires physical proximity - the phone must literally see the QR code on the desktop screen to scan it.

The QR code encodes a short-lived one-time token alongside the desktop's connection details:

Desktop device ID and device name
Desktop IP address and TCP port (52300)
Desktop's Curve25519 public key
A random 32-byte one-time token - expires after 5 minutes and is consumed on first use

Trust-on-first-use (TOFU)

The phone stores the desktop's Curve25519 public key permanently on first pairing. Any future connection from a device claiming the same ID but presenting a different key is rejected.

Phone is the trust anchor

All pairings are initiated by the phone. The phone owns the trust ring - it distributes desktop identities automatically so desktops trust each other without a separate pairing step.

3 Encrypted connection

After pairing, the phone maintains a persistent TCP connection to its primary desktop. Every message - notifications, SMS, clipboard, file chunks, media state - travels over this single connection, encrypted end-to-end.

The encryption layer uses NaCl box (libsodium / golang.org/x/crypto/nacl):

Curve25519 - Diffie-Hellman key agreement, 256-bit elliptic curve
XSalsa20-Poly1305 - authenticated stream cipher with 192-bit nonce
Each message has a unique random nonce; replay or reordering is detected and rejected
Plaintext only during the initial HELLO handshake (before keys are exchanged); all subsequent messages are ciphertext

Messages are wire format: newline-delimited JSON wrapped in an {"n":"…","d":"…"} envelope where n is the base64 nonce and d is the base64 ciphertext of the JSON payload.

4 Feature data flows

Once connected, all feature data flows over the same encrypted TCP channel. The message format is newline-delimited JSON with a type field and a payload object.

Notifications

Android NotificationListenerService captures notifications and sends them to the desktop as NOTIFICATION messages. Replies and actions are sent back as NOTIFICATION_REPLY or NOTIFICATION_ACTION.

SMS

The phone reads conversations from the system SMS content provider on request. Replies are sent via SmsManager when the desktop sends an SMS_SEND message.

Clipboard

Clipboard changes on the phone trigger a CLIPBOARD_PUSH to the desktop. The desktop can push text back via CLIPBOARD_SET.

Media

A MediaSession monitor on Android polls playback state and sends MEDIA_STATE. Desktop sends MEDIA_COMMAND (play/pause/next/prev/volume) back.

Files

Files are transferred as FILE_START + FILE_CHUNK messages (128 KB base64-encoded chunks), up to 50 MB. The phone's share sheet can send files to the desktop; the desktop can drop files onto the UI window.

Calls

Incoming call state is pushed as CALL_RINGING. The desktop can answer, decline, mute, or toggle speakerphone via CALL_ACTION.

5 Multi-desktop relay

CoveLink is designed for households and power users with more than one desktop. Rather than making the phone maintain a separate connection to every machine (which would drain the battery), the phone connects to one primary desktop only. All other desktops form peer connections to the primary and receive a relayed copy of every phone message.

Phone
   |             (single persistent TCP connection)
Primary desktop   ←──────→  Desktop B   ←──────→  Desktop C
                      LAN relay (TCP, encrypted hop-to-hop)

Relay connections are outbound from secondary desktops - they dial the primary. The primary re-encrypts each message before forwarding, so hop-to-hop encryption is maintained across the relay chain.

Primary promotion - the primary is whichever desktop the user last interacted with explicitly (replied to a message, triggered clipboard, etc.). Passive events like notifications arriving do not change the primary, preventing thrash.

Failover - if the primary desktop becomes unreachable, the phone connects to the most recently active secondary. No desktop coordination is needed; the phone drives failover entirely using its own last-active timestamps.

6 What "no cloud" actually means

CoveLink makes zero outbound connections to any external server during normal operation. All TCP and UDP traffic is between your phone and your desktop(s) on your LAN. The only external requests the app ever makes are:

Loading Google Fonts on the web UI (cosmetic - can be replaced with a local font)
Nothing else

There are no telemetry calls, no analytics SDKs, no push notification relay services, no "cloud clipboard" sync, and no servers owned by bazzaztech that sit between your phone and desktop. You can run CoveLink in airplane mode on your router's isolated VLAN and it will work perfectly.

Want to verify this? See the Security verification guide for exact tcpdump and Wireshark instructions to confirm no traffic leaves your network.

How CoveLink works