Field Deployment Guide
Google Play Store Deployment
The official and recommended deployment method. Google Play ensures automatic updates, signature verification, and the smoothest installation experience. All three SecureCall tiers are available through a single listing with in-app upgrade.
| Version | Description | Link |
|---|---|---|
| SecureCall (Free) | E2E encrypted calls, 10 contacts maximum, 15-minute call limit per session | Google Play |
| SecureCall Pro | Unlimited calls and contacts, HD audio, anti-recording protection, certificate pinning | In-App Upgrade |
| SecureCall Premium | Everything in Pro + GhostNet IP masking, hardware keystore, all security detections enforced | In-App Upgrade |
APK Sideloading (Advanced Users)
For users who prefer not to use Google Play, or whose devices lack Play Services, the official APK is available from GitHub Releases. This method requires enabling sideloading on your device.
Sideloading Procedure
- Navigate to github.com/NeaBouli/stealth/releases on your device or computer.
- Download the latest
.apkfile from the Assets section of the most recent release. - On your Android device, go to Settings → Security → Install unknown apps and enable the permission for your browser or file manager.
- Open the downloaded APK file and tap Install. Android will verify the package signature before proceeding.
- After installation, disable "Install unknown apps" for the browser/file manager to maintain device security.
If you downloaded the APK on a computer, transfer it to your Android device via USB cable, cloud storage, or a local network file share. Then open it from a file manager on the device.
Device Requirements
SecureCall has been designed to run efficiently on a wide range of Android hardware. The following are the minimum specifications required for stable operation.
| Requirement | Minimum Specification | Notes |
|---|---|---|
| Android Version | Android 10 (API 29) | Required for scoped storage and modern security APIs. Android 14+ recommended for full screen recording detection. |
| Free Storage | 50 MB | Includes the app binary, native Rust library, and runtime cache. No persistent data storage beyond preferences. |
| RAM | 2 GB | The Rust crypto engine and audio pipeline operate in native memory. Devices with 3+ GB will have smoother multitasking. |
| Permissions | Microphone (required) | Microphone access is mandatory for voice calls. The app will prompt on first launch. Notification permission is requested for call alerts. |
| Network | WiFi or mobile data | A stable internet connection is required. VoIP calls consume approximately 1-2 MB per minute of call time. TURN relay is used automatically when direct connections fail. |
| Architecture | arm64-v8a | The native Rust crypto library is compiled for 64-bit ARM. Virtually all modern Android devices support this architecture. |
First-Time Configuration
After installation, follow these five steps to complete the initial deployment and make your first encrypted call.
Step 1: Grant Permissions
When you first open SecureCall, the system will request the Microphone permission. This is required for voice calls and cannot be bypassed. Tap Allow when prompted.
On Android 13+, you will also be asked for the Notification permission. Granting this allows SecureCall to alert you to incoming calls even when the app is in the background.
Step 2: Automatic Key Generation
SecureCall automatically generates your cryptographic identity on first launch:
- An X25519 key pair is created entirely on your device using the native Rust crypto engine.
- The private key never leaves your phone. It is stored in memory during the session and used solely for Diffie-Hellman key exchanges.
- The public key is registered with the signaling server so other users can establish encrypted connections with you.
This process takes less than one second and requires no user interaction. There is no account creation, no email, no phone number verification.
Step 3: Get Your SecureCall ID
Your unique, anonymous SecureCall ID is displayed in the app's main screen. This ID is the only identifier associated with your account. Share it with your contacts through any channel you trust: messaging app, in person, printed QR code, or any other method.
Your SecureCall ID is not linked to your phone number, email, name, or any other personal information.
Step 4: Add Contacts
- Navigate to the Contacts tab in the bottom navigation bar.
- Tap the "+" button in the top-right corner.
- Enter your contact's SecureCall ID in the input field.
- Optionally assign a display name for local reference (stored only on your device).
- The contact appears in your list, ready for encrypted calls.
Step 5: Make Your First Call
- From the Contacts tab, locate the contact you want to call.
- Tap the phone icon next to their name to initiate the call.
- Wait for the connection to establish. The encryption handshake (X25519 key exchange + HKDF key derivation) takes 1-2 seconds.
- The lock icon turns green when the call is fully encrypted end-to-end.
- Speak freely. Your voice is encrypted with XChaCha20-Poly1305 before leaving your device.
Troubleshooting Common Issues
If you encounter problems during installation or operation, consult the following fault diagnosis procedures.
App Won't Install
- Insufficient storage: Verify that your device has at least 50 MB of free space. Go to Settings → Storage to check available capacity.
- Unknown sources disabled: For APK sideloading, ensure "Install unknown apps" is enabled for your file manager or browser. See Option 2 above for detailed steps.
- Incompatible architecture: SecureCall requires a 64-bit ARM device (arm64-v8a). Very old or low-end devices running 32-bit-only Android may not be compatible.
- Device restart: If the installation hangs or fails with a generic error, restart your device and try again. Clearing the Google Play Store cache can also resolve download issues.
Microphone Permission Denied
- If you accidentally denied the microphone permission, you can re-enable it manually.
- Navigate to Settings → Apps → SecureCall → Permissions → Microphone → Allow.
- Restart SecureCall after granting the permission.
- On some Samsung devices, the permission may also be controlled under Settings → Privacy → Permission Manager.
Can't Connect to Server
- Check network: Verify that your device has an active WiFi or mobile data connection. Open a browser and load any website to confirm internet access.
- Switch networks: Try toggling between WiFi and mobile data. Some corporate or public WiFi networks may block WebSocket connections on non-standard ports.
- Firewall/VPN interference: If you are using a VPN or firewall app, temporarily disable it to test if it is blocking the WebSocket connection to the signaling server.
- Server maintenance: The signaling server may be temporarily down for maintenance. Wait a few minutes and try again. Check the GitHub Issues page for any reported outages.
No Audio During Call
- Microphone permission: Double-check that the microphone permission is granted (see above).
- Volume level: Ensure your device volume (both media and call volume) is turned up. Try pressing the volume-up button during the call.
- Headset/Bluetooth: If using a Bluetooth headset, ensure it is properly connected and selected as the audio output device. Try disconnecting and reconnecting, or switch to the device speaker.
- Microphone conflict: Another app may be using the microphone. Close all other apps that might access the mic (voice recorders, video apps, voice assistants) and retry the call.
- NAT traversal: In some network configurations, direct peer-to-peer connections may fail. SecureCall will automatically fall back to TURN relay, but this may take a few additional seconds. If audio does not start within 10 seconds, hang up and retry.