Strategic Development Roadmap
Development roadmap and upcoming features.
Completed Milestones
The following objectives have been fully implemented, tested, and verified for v1.0.40 (versionCode 69). Current release checks include the legacy 44/44 regression suite plus expanded automated, backend, website and physical-device tests on S10, S7 and Tab S4 hardware.
- End-to-End Encryption (XChaCha20-Poly1305 + X25519 key exchange)
- Rust Crypto Engine with JNI bridge for native performance
- Double Ratchet forward secrecy protocol
- Node.js Signaling Server with WebSocket transport
- WebRTC peer-to-peer audio with ICE/STUN/TURN
- Opus audio codec (48kHz, high-fidelity voice)
- Anti-Recording Protection (6 independent detection layers)
- Material Design 3 UI with dynamic theming
- 3 Product Tiers (Free / Pro / Premium) with feature gating
- In-App Purchases & Subscription management
- Firebase Cloud Messaging (FCM) for push notifications
- Security Audit (48 findings — all Critical and High fixed)
- R8/ProGuard optimization and code shrinking
- Crashlytics integration (Free tier, opt-out available)
- Landing page website (stealthx.tech)
- Complete documentation & Wiki
- Google Analytics 4 (GA4) — deployed across all 23 HTML pages
- Bing Webmaster verification — meta tag + BingSiteAuth.xml
- Invite System with Deep Link & SPA router
- Emergency Delete (STEALTH-DELETE) — 5-tap instant wipe
- One-Click Update System — UpdateManager auto-detect
- Auto-reconnect on network change (ConnectivityManager NetworkCallback)
- Diagnostic Logs + CSV Export (Pro/Premium SecLog)
- Phone Normalization — E.164 format, 00→+ conversion
- Collapsible Settings Sections with ▶/▼ toggle
- Samsung Battery Kill Protection (WakeLock, AlarmManager, BootReceiver)
- Dark Mode as default
- Connect/Disconnect Button with status colors
- Release QA — GitHub APK, Play Console AAB, Stripe checkout, and physical-device smoke tests verified
Currently In Progress
These items remain tracked for the next release cycle. They are not launch blockers for the v1 scope unless marked as a blocker in the release checklist.
- FCM background wakeup reliability — verified in release QA
- WebRTC call stability — verified in release QA
- Google Play AAB prepared and uploaded for production rollout
- Stripe checkout activation code flow verified against live checkout sessions
Next Release
Critical bug fixes and production preparation.
- WireGuard call retest on external VPN profile (BUG-029)
- German Store Listing polish in Play Console
- PostgreSQL migration for activation and purchase data after v1 growth
- Additional store-distribution hardening and monitoring
Matrix Protocol Integration
SecureCall is integrating with the Matrix federated network — the open protocol used by the German Bundeswehr, Mozilla, and 28M+ users worldwide. Full details →
- v1.7 — Matrix contact exchange — share SecureCall ID via Matrix DM, QR code, deep link. No SDK required.
- v2.0 — Matrix federation — Synapse/Dendrite homeserver, @sc_xxx:stealthx.tech IDs, cross-platform calling
- v2.1 — Olm E2E signaling encryption — encrypt call signaling metadata via Matrix Olm
- v2.2 — Group calls via MSC3401 — multi-party encrypted calls through Matrix rooms
Relay Architecture Roadmap
Based on the StealthX Relay Architecture Handbook v1.0. Goal: minimize relay dependency and metadata exposure through progressive decentralization.
v1.x — Immediate (< 4 Weeks)
- ICE-Monitoring in SecLog — connection_type logging (host/srflx/relay) for P2P baseline
- STUN-Optimierung — multiple STUN servers, candidate prioritization for better NAT traversal
- Tor-Signaling — WebRTC handshake over Tor/.onion (protects IP during connection setup)
v2.x — Medium-Term (1–3 Months)
- ROADMAP Self-hosted TURN Server as Tor Hidden Service (.onion)
- ROADMAP UnifiedPush Evaluation — decentralized push as FCM alternative
v3.x — Long-Term
- RESEARCH Nym Mixnet Integration — timing-resistant privacy network (2027+)
Future Vision
These long-range objectives represent the strategic direction for SecureCall beyond the Android platform. Each item requires significant research and development effort and will be prioritized based on community feedback and security requirements.
- iOS Client — native Swift implementation with shared Rust crypto engine
- Desktop Client — Linux, macOS, and Windows applications for secure calls from any platform
- Post-Quantum Cryptography — migration to Kyber/ML-KEM for quantum-resistant key exchange
- GhostNet multi-hop relay network — onion-routed transport for metadata resistance
- End-to-end encrypted messaging — delivered through the SecureChat product line
- GhostOS — hardened Android distribution optimized for SecureCall and privacy
Non-Goals
The following features are explicitly not planned for SecureCall. These decisions are deliberate and rooted in our security and privacy commitments. Adding any of these would compromise the threat model or violate user trust.
- Cloud backup of call history — storing call metadata on remote servers creates an unacceptable attack surface
- Social media integration — connecting to social platforms leaks identity information and expands the trust boundary
- Read receipts or “last seen” status — presence information enables surveillance and behavioral analysis
- Contact sync with phone contacts — uploading contact lists to servers is a privacy violation regardless of encryption
- Any form of analytics or tracking — we do not collect, transmit, or store any usage telemetry beyond opt-in Crashlytics on the Free tier