← Back to Home

Security Architecture

How SecureCall protects your voice calls · Last updated February 2026

Cryptographic Primitives

SecureCall uses proven, peer-reviewed cryptographic primitives. We do not invent our own cryptography — we use established algorithms implemented in a memory-safe language.

Component	Algorithm	Details
Symmetric Encryption	XChaCha20-Poly1305	256-bit AEAD cipher with 192-bit extended nonce
Key Exchange	X25519	Elliptic Curve Diffie-Hellman on Curve25519
Forward Secrecy	Double Ratchet	Per-session key derivation with ratcheting
Key Derivation	HKDF-SHA256	HMAC-based key derivation function
Transport	DTLS-SRTP	Encrypted peer-to-peer media transport
Audio Codec	Opus	48kHz, adaptive bitrate 6-510 kbps

Architecture Overview

Key Generation

When you install SecureCall, your device generates an X25519 key pair using a cryptographically secure random number generator (CSPRNG). The private key never leaves your device. The public key is used to establish encrypted channels with your contacts.

Call Establishment

1. Caller sends encrypted signaling message via our relay server
2. Both parties perform X25519 Diffie-Hellman key exchange
3. Shared secret is derived using HKDF-SHA256
4. Double Ratchet initializes with the shared secret
5. Direct peer-to-peer connection is established via WebRTC
6. Voice frames are encrypted with XChaCha20-Poly1305 before transmission

Perfect Forward Secrecy

The Double Ratchet protocol ensures that each call session uses unique encryption keys. Even if an attacker compromises your long-term key, they cannot decrypt past or future calls. Each voice frame uses a fresh key derived from the ratchet state.

Signaling Server

Our signaling server facilitates call setup but cannot decrypt any content. It only sees:

• Encrypted signaling payloads (opaque to the server)
• Temporary connection identifiers (not linked to identity)
• IP addresses (transient; not logged; masked for Premium users)

Once a peer-to-peer connection is established, voice data flows directly between devices without touching our servers.

Rust Crypto Engine

The cryptographic core of SecureCall is written in Rust, a systems programming language that guarantees memory safety at compile time. This eliminates entire classes of vulnerabilities:

• No buffer overflows — Rust prevents out-of-bounds memory access
• No use-after-free — The ownership system ensures memory is properly managed
• No data races — Thread safety is enforced by the compiler
• No null pointer dereferences — Rust uses Option types instead of null

The Rust crypto engine is compiled to a native library and called from the Android app via JNI (Java Native Interface).

Anti-Recording Protection

SecureCall includes active protection against call recording attempts (Pro and Premium tiers):

• FLAG_SECURE — Prevents screenshots and screen recording of the call screen
• Audio Focus Lock — Exclusive audio focus prevents other apps from recording
• Screen Recording Detection — Detects active screen capture via API 34+ callbacks and process monitoring
• Microphone Monitoring — Detects if other apps are accessing the microphone during calls
• Spy App Detection — Identifies known surveillance apps via accessibility service and package scanning
• Call Recording App Detection — Scans for installed call recording applications

When a threat is detected, the response depends on your tier:

Tier	Response
Free	Warning notification
Pro	Block threat + alert dialog
Premium	Automatically terminate call

Audit & Source Code

SecureCall's complete source code is publicly available for security review:

• Repository: github.com/NeaBouli/stealth
• Crypto Engine: core_crypto/ directory (Rust)
• Android App: client_android/ directory (Kotlin/Java)
• Signaling Server: backend/signaling/ directory (Node.js)

We welcome security researchers to review our code and report vulnerabilities responsibly. Contact: GitHub Issues

What We Cannot Do

Due to our architecture, we are technically unable to:

• Decrypt or listen to your calls
• Provide call content to law enforcement (we don't have it)
• Identify who you called or when (no metadata logging)
• Associate calls with real identities
• Insert backdoors without the change being visible in our public source code