At least that is what I learned while working at Sprint. The calls are technically "VOIP" too because they travel through the packet switched internet inbetween cell phone towers (With some exceptions I am sure).
What I was taught is that the connection to the cell tower uses hardware encryption and the data in the air is scrambled too. The audio data is sent out of order (which there must be a pattern to) and once it gets to the tower all cell calls through that tower are scrambled together in a sudorandom fasion with junk data dispersed throughout to fill up whatever bandwidth remains. This way the data flowing would appear to be the same size no matter if one or one hundred people are making calls at that time.
I am not sure how other companies do it but Sprint is rather proud of their voice security and they brag about it in official training materials given to most employees.
I understand the desire to run a 3rd party voice app with 3rd party encryption but for now the regular call is probibly more secure. (Patriot act excluded because that's cheating)
Keep Up with TechRepublic