Strategic Development Roadmap

Home ▸ Wiki FAQ ▸ Roadmap

SecureCall development roadmap — completed, active, and planned features · Last updated April 3, 2026

Objectives Achieved (as of v1.0.12)

Completed Milestones

The following objectives have been fully implemented, tested, and verified as of v1.0.12 (versionCode 30). Current release: v1.0.28 (vC50). All 20 tests pass on 3 physical devices.

End-to-End Encryption (XChaCha20-Poly1305 + X25519 key exchange)
Rust Crypto Engine with JNI bridge for native performance
Double Ratchet forward secrecy protocol
Node.js Signaling Server with WebSocket transport
WebRTC peer-to-peer audio with ICE/STUN/TURN
Opus audio codec (48kHz, high-fidelity voice)
Anti-Recording Protection (6 independent detection layers)
Material Design 3 UI with dynamic theming
3 Product Tiers (Free / Pro / Premium) with feature gating
In-App Purchases & Subscription management
Firebase Cloud Messaging (FCM) for push notifications
Security Audit (48 findings — all Critical and High fixed)
R8/ProGuard optimization and code shrinking
Crashlytics integration (Free tier, opt-out available)
Landing page website (stealthx.tech)
Complete documentation & Wiki
Google Analytics 4 (GA4) — deployed across all 23 HTML pages
Bing Webmaster verification — meta tag + BingSiteAuth.xml
Invite System with Deep Link & SPA router
Emergency Delete (STEALTH-DELETE) — 5-tap instant wipe
One-Click Update System — UpdateManager auto-detect
Auto-reconnect on network change (ConnectivityManager NetworkCallback)
Diagnostic Logs + CSV Export (Pro/Premium SecLog)
Phone Normalization — E.164 format, 00→+ conversion
Collapsible Settings Sections with ▶/▼ toggle
Samsung Battery Kill Protection (WakeLock, AlarmManager, BootReceiver)
Dark Mode as default
Connect/Disconnect Button with status colors
Beta Testing — 15/15 testers enrolled, Alpha Track live

Active Operations

Currently In Progress

These objectives are actively being worked on for the next release cycle.

BUG-010: FCM background wakeup reliability — incoming calls when app closed
BUG-011: WebRTC call stability — call drops after connecting
Google Play Store Production Launch — pending beta validation
Google Play Service Account for billing verification (TODO-029)

Planned (v1.1)

Next Release

Critical bug fixes and production preparation.

FCM + WebRTC critical call fixes
German Store Listing in Play Console (TODO-030)
Firebase + AdMob Console integration (TODO-033)
Beta activation codes deactivation + IAP (TODO-047)

Matrix Integration (v1.7 — v2.2)

Matrix Protocol Integration

SecureCall is integrating with the Matrix federated network — the open protocol used by the German Bundeswehr, Mozilla, and 28M+ users worldwide. Full details →

v1.7 — Matrix contact exchange — share SecureCall ID via Matrix DM, QR code, deep link. No SDK required.
v2.0 — Matrix federation — Synapse/Dendrite homeserver, @sc_xxx:stealthx.tech IDs, cross-platform calling
v2.1 — Olm E2E signaling encryption — encrypt call signaling metadata via Matrix Olm
v2.2 — Group calls via MSC3401 — multi-party encrypted calls through Matrix rooms

Relay Decentralization (v1.x — v3.x)

Relay Architecture Roadmap

Based on the StealthX Relay Architecture Handbook v1.0. Goal: minimize relay dependency and metadata exposure through progressive decentralization.

v1.x — Immediate (< 4 Weeks)

ICE-Monitoring in SecLog — connection_type logging (host/srflx/relay) for P2P baseline
STUN-Optimierung — multiple STUN servers, candidate prioritization for better NAT traversal
Tor-Signaling — WebRTC handshake over Tor/.onion (protects IP during connection setup)

v2.x — Medium-Term (1–3 Months)

IN DEVELOPMENT Self-hosted TURN Server as Tor Hidden Service (.onion)
IN DEVELOPMENT UnifiedPush Evaluation — decentralized push as FCM alternative

v3.x — Long-Term

RESEARCH Nym Mixnet Integration — timing-resistant privacy network (2027+)

Long-Range Objectives

Future Vision

These long-range objectives represent the strategic direction for SecureCall beyond the Android platform. Each item requires significant research and development effort and will be prioritized based on community feedback and security requirements.

iOS Client — native Swift implementation with shared Rust crypto engine
Desktop Client — Linux, macOS, and Windows applications for secure calls from any platform
Post-Quantum Cryptography — migration to Kyber/ML-KEM for quantum-resistant key exchange
GhostNet multi-hop relay network — onion-routed transport for metadata resistance
End-to-end encrypted messaging — secure text communication alongside voice
GhostOS — hardened Android distribution optimized for SecureCall and privacy

Explicitly Out of Scope

Non-Goals

The following features are explicitly not planned for SecureCall. These decisions are deliberate and rooted in our security and privacy commitments. Adding any of these would compromise the threat model or violate user trust.

Cloud backup of call history — storing call metadata on remote servers creates an unacceptable attack surface
Social media integration — connecting to social platforms leaks identity information and expands the trust boundary
Read receipts or “last seen” status — presence information enables surveillance and behavioral analysis
Contact sync with phone contacts — uploading contact lists to servers is a privacy violation regardless of encryption
Any form of analytics or tracking — we do not collect, transmit, or store any usage telemetry beyond opt-in Crashlytics on the Free tier