SecureCall FAQ

Frequently Asked Questions

Practical answers about encrypted calls, privacy, pricing, billing, and security.

SecureCall public support wiki · Last updated July 2026

General
SecureCall is an Android app for end-to-end encrypted voice calls. Every call is encrypted using XChaCha20-Poly1305 with X25519 key exchange and Double Ratchet forward secrecy. The cryptographic engine is written entirely in Rust for memory safety, and the complete source code is publicly available on GitHub. No accounts, no phone numbers, no personal data required.
No. Calls are encrypted end-to-end. Encryption keys are generated on your device and never sent to our servers. We are technically unable to decrypt your calls, even if compelled by a court order. Our signaling server only sees encrypted payloads and temporary connection identifiers — it cannot associate calls with real identities or read any content.
No. SecureCall generates an anonymous ID on your device. No phone number, email address, or personal information is required. You share your SecureCall ID with contacts through any channel you choose — in person, via messaging, or any other method you trust.
Not yet. SecureCall is currently Android-only (Android 10+). An iOS version is planned but not under active development. The Rust crypto engine is cross-platform, so the core security and encryption will be identical when the iOS version is built.
Transparency builds trust. By publishing our source code, we allow anyone — security researchers, journalists, privacy advocates — to verify that our encryption works as claimed. Any backdoor would be visible in the public code. We believe that security through obscurity is no security at all. You don't have to trust us; you can verify.
Privacy & Data
It depends on your tier:

Free: Optional anonymous crash reports (opt-out) and ads.
Pro & Premium: No ads, no crash reporting.
All tiers use Firebase Cloud Messaging for push and STUN/TURN for connectivity. No call content or recordings stored server-side. No persistent call logs, no contact uploads.

See our Privacy Policy Custom Call ID for detailed data collection tables by tier.
SecureCall is designed for GDPR-aligned data minimization. It avoids call content, contact uploads, and persistent server-side call history. Operational services such as FCM, STUN/TURN, Free-tier ads, and crash reporting where enabled are documented in the Privacy Policy. StealthX is operated by Vendetta Labs, based in Greece (EU).
No. We cannot provide call content because we do not have it. End-to-end encryption means only the two call participants possess the decryption keys. We cannot comply with wiretap requests because it is technically impossible for us to decrypt calls. We also do not log call metadata, so we cannot identify who called whom or when.
Security
SecureCall uses a modern, layered cryptographic stack:

Symmetric Encryption: XChaCha20-Poly1305 — 256-bit AEAD cipher with 192-bit extended nonce
Key Exchange: X25519 — Elliptic Curve Diffie-Hellman on Curve25519
Forward Secrecy: Double Ratchet protocol — per-session key derivation with ratcheting
Key Derivation: HKDF-SHA256 — HMAC-based key derivation function
Implementation: Native Rust via JNI — memory-safe, zero buffer overflows

See the Security Design page for the full architecture.
Pro and Premium tiers include active protection against call recording attempts:

FLAG_SECURE prevents screenshots and screen recording of the call screen.
Exclusive audio focus blocks other apps from accessing the microphone.
Continuous monitoring detects screen recording apps, microphone hijacking, and known spy/surveillance applications.

Pro blocks the threat and shows an alert dialog.
Premium automatically terminates the call to ensure maximum protection.
Rust guarantees memory safety at compile time, eliminating buffer overflows, use-after-free, and data races — the most common sources of security vulnerabilities in cryptographic code. Unlike C/C++, Rust's ownership model ensures that memory is managed correctly without a garbage collector. The Rust crypto engine is compiled to a native library (.so) and accessed from Android via JNI, providing both safety and performance.
Yes. An internal security audit was conducted in February 2026. The audit covered the Rust crypto engine, the Android client, the signaling server, and the GhostNet transport protocol. All 7 Critical and 18 High findings were identified and fixed. The full audit report is available on the Security Audit page.
Tier Comparison

Full Feature Comparison

All tiers include end-to-end encryption. Here is a complete breakdown of what each tier provides:

Feature Free Pro (€3.49/mo) Premium (€4.99/mo)
E2E Encrypted Calls
Audio Quality Standard HD (48kHz Opus) HD (48kHz Opus)
Contacts 10 max Unlimited Unlimited
Call Duration 15 min max Unlimited Unlimited
Screen Capture Detection
Anti-Recording Protection ✓ (Block) ✓ (Auto-Terminate)
Spy App Detection
GhostNet IP Masking
Multi-Hop Relay
Crash Reports Opt-out Disabled Disabled
Telemetry Minimal Zero Zero
Billing
A Forever License is a one-time purchase that gives you permanent Premium access — no subscription needed. The Premium Activation Code costs €49 and is delivered through Stripe checkout. Enter the code in Settings to unlock Premium forever. Lifetime purchases include all future updates and never expire.
Lifetime (€49): Pay once, own Premium forever. Includes all future updates. Enter the activation code in Settings → instant upgrade. Non-refundable.

Subscription: Pay monthly or yearly. Cancel anytime — features remain active until end of billing period. Always available, no license limits. Choose this if you want flexibility.
To upgrade: Open SecureCall > Settings > Subscription > tap the upgrade button for your desired subscription tier, or buy a one-time Stripe activation code from the website.

To cancel: Open Google Play > Subscriptions > SecureCall > Cancel. Your Pro/Premium features remain active until the end of the billing period. Lifetime purchases never expire and cannot be cancelled.
No. Subscription payments are processed through Google Play Billing; one-time activation codes are processed by Stripe checkout. We do not receive your full card number or wallet credentials, only the purchase or activation data needed to unlock your tier.
Open SecureCall Settings > Delete All Data, then uninstall the app. This permanently erases all local data including encryption keys, contacts, call history, and settings. Since we don't store any data on our servers, uninstalling removes all traces of SecureCall from existence. This action is irreversible.