I'm checking Twilio as a framework for VoIP calls we would like to integrate into our mobile application (Android and iOS).
I've gone over the Android tutorial and documentation, and so far it seems awesome.
One important requirement we have, though, is that the voice media streaming is encrypted.
I couldn't find anything about it in the documentation.
Anyone knows what the current situation and future plans on this subject are?
Thanks,
Yoram
They don't encrypt the data (that would require them to use SRTP, which they don't)
you can see https://www.twilio.com/docs/sip/sip-security for the Sip Security Best Practices, they offer SIP over TLS though, to prevent anyone from seeing your SIP messages, but from what I've read, the audio frames are not encrypted.
Related
I wanna try to make an application like Discord (Groups/Add Friends/Voice Call/Video Call/Streaming) and until now I was focus on messages and on an application for Web(ReactJS or any) and PC/Mac/Linux(ElectronJS or any), and working on backend with NodeJS/ExpressJS/Socket.IO/GraphQL/MongoDB. Recently got a solution for Voice Call and Video Call which is PeerJS, but now I asked myself how would this work in Androd/iOS application? Am I choosing well my frameworks and language? Because of course one Android/iOS user have to be able to join to a Voice/Video with users on PC/Web Is there other frameworks? Not just for Voice/Video Call, all the application. Can anyone please share some documentation or tips?
Thanks
A personal tip would be to refrain from using PeerJS, as it doesn’t support VP8 Simulcast. When creating high-load group video calling software like discord, you need VP8 Simulcast because it splits a stream into different bitrates for different users, dependent on their bandwidth and that of the person streaming.
Consider reading about WebRTC in JS WebAPI! Unfortunately, the main issue nowadays is hosting a Signalling server (which essentially manages who is where in terms of rooms) and TURN Servers (which gets information such as the IP address of a user joining a room).
In terms of the iOS app, and Android App, consider implementing with a language of your choice, such as Xamarin.
Personally, I prefer React Native for mobile applications. Take a look at it online!
Good luck in your venture!
My goal is to develop an Android app to record telephone call audio (incoming and outgoing calls). Not VoIP, not SIP, not anything else.
IMPORTANT: I will not create an app that relies on workarounds, rooting devices and/or hack it in any way, shape or form.
Surely enough, I also expect to sell this app on Google Play store. In other words: all by the book.
As far as I learned from the documentation (https://developer.android.com), the way to capture phone call audio is by using MediaRecorder with audioSource set to VOICE_CALL. This audio source requires permission "android.permission.CAPTURE_AUDIO_OUTPUT", which in turn is "reserved for use by system components and is not available to third-party applications.".
On the other hand, I also did my research in forums like this. Unfortunately and recpectfully, all of the "solutions" were, in fact, workarounds. Other than that I have found some people stating that the lack of API support was deliberately by design and that kind of app functionality is forbidden by Google. Though, no official references were provided to support those claims.
At this point, looks like it can't be done.
Before giving up, I would like to ask the following:
If It's really by design and forbidden to record phone calls, could you point out where, exactly, in some official documentation and/or some reliable source (like... android team, for instance) that explicitly validates those claims?
Kind regards,
Juan Soria
I have thesis to do this year. I want to create an android VOIP application. But I need it to be secure. I intent to use the SIP. Maybe I wasn't searching good enough but I have to find some information fast. Do you know some way to encrypt the voice using SIP? A few times I found some information about ZRTP but the information wasn't really useful. Any help would be useful. I have three months to finish the project (but I can't work all the time because I go to school).
Signalling and Media are to be managed differently to build a secure voip application.
Signaling - SIP is a signaling protocol and carried over UDP [usually]. Adding a layer of protection to this can be done by using TLS as the transport to make the message exchange secure. The SIP packets are all encrypted and makes it secure over the transmission.
RTP - Usually the media is carried as RTP. But the secure flavor is the SRTP and in that ZRTP is a particular mechanism to handle encryption of the packets.
Coming to building the VoIP Application, i would recommend with going with a stack like PJSIP or numerous other options and this should help you have the prototype faster and understand the concepts better. Good luck.
I want to implement my own encryption rule before the call data go into GSM network i.e. I want the call stream in the form of bits, I will implement my own encryption algo, and then send on to the network, my app on the other side(reciever's end) will recieve the data, decrypt it and make it into audio.
I want to know is it feasible, if it is how? I mean I want to use cell phone network as in like Airtel, Vodafone etc.
If it is not possible It will be of great help, if I can do it using internet (2G or 3G) ?
Any guidance in this, I want just direction.
Thanks in advance.
You can quickly create a chat application using Adobe Flex which will create an Adobe Air app that can run on Android (and also compile an iOS version if desired). The core strength of Adobe Flex is sending audio (and video) data with very little effort on the developers part.
You can configure your application to use SSL using the rtmps protocol if you want the data being transmitted to be encrypted.
This page shows you how you can create a simple video chat app for android using Flex http://coenraets.org/blog/2010/07/video-chat-for-android-in-30-lines-of-code/ - if you specifically don't want video you can send audio only data.
I can't imagine any reason why this wouldn't be possible as the networks are just passing data around, I don't think they care if it's encrypted or not encrypted - it's just a series of 1s and 0s.
As to how, that's a little beyond the remit of Stack Exchange - if you have a specific problems then post them with code.
There are other similar questions which you could look at:
Basic encryption on Android
https://stackoverflow.com/search?q=android+encryption
On Android, calls using the GCM (or other) network are handled by the baseband processor, which you don't have direct access to. You talk to it via the rild (Radio Interface Layer daemon) which uses proprietary library to talk to the actual hardware. So in practice you cannot mess with the mobile network.
A VOIP application would use the data connection and you can send/receive pretty much anything you want. If you use a standard technology such as SIP, there are ways to use TLS for the communication channel(s), so that traffic is encrypted. If you are creating your own, you might do something similar by using SSL sockets.
The 'how' part doesn't really fit the SO format, since it's very open ended and depends on how you decide to implement this.
I'm currently in an early stage of my internship at a company which offer VoIP solutions. I'm basically here to create a custom SIP-client App for iPhone. I told them however, if I were to set up the MVC pattern correctly and more efficient in terms of portability, there would be minimal code to write when porting to different platforms.
I've chose to go with MonoTouch C#.NET, for high portability and productivity (learning Objective-C is too steep for my timeframe + memory management too time consuming). To create even more portability I've been thinking of exposing a C# SIP library as webservice, so when porting to Android there's even less hooking up to different APIs. Also, MonoTouch for compile reasons does not allow usage of Dynamic Libraries.
My app would communicate to the SIP webservice and the webservice in turn to the SIP server.
SIP is very familier to HTTP, but could this solution work? As I'll be facing Realtime Transport Protocol aswell.
Kind regards
As far as I know, it won't work because, as you mentionned, you will face RTP. You'll probably get a lot of lag in your conversations. Also, you'll have to figure out how you are going to stream the data between the clients and the server.
However, to really know if this can be done would be to do a few prototypes to test these kind of issues.