Once upon a time, only high level government agents (Military, CIA, NSA, etc.) had “secure” phones. The first such phones used analog scramblers to transpose the signals. The Secure Telephone Unit (STU) models that were made for the NSA, beginning in the late 1980s, were built on proprietary technologies that digitized and encrypted voice communications between two STU handsets. These special phones plugged into standard phone jacks and made unsecured calls to regular phones, as well. However, they were expensive and not widely available.

Today, privacy is an issue for almost everyone, so businesses and individuals may need a way to ensure that important or sensitive calls can’t be overheard. Thanks to Voice over IP (VoIP) technologies and the data plans that so many of us have with our smartphones, it’s now much easier and cheaper to accomplish.

There are a number of end-to-end voice encryption solutions out there, which work with Android, iOS, BlackBerry, Symbian and/or Windows phones. Let’s take a closer look at one example.


I’ve recently been testing TrustCall, a voice encryption solution that’s currently available for (some) Android and BlackBerry phones. There are plans to make it available for the iPhone and possibly for Windows Phone if there’s market demand. TrustCall is easy to install and even easier to use. And unlike with some solutions, it’s very clear whether or not a particular call is being place through the secure system.

Figure 1

With TrustCall installed, you can place secure or “normal” calls.

When you select to make a “normal” call, it goes over the cellular network as usual. During my testing, the called phone rang within 1 to 2 seconds. When you place a secure call to the same number, it takes almost twice as long for the other phone to ring, and then there’s a brief (one second or less) period of “authenticating” before the call connects.

Figure 2

Secure calling requires that both phones belong to the same TrustGroup.


Once the call is connected, the TrustCall screen is displayed to remind you that this is a secured call. You’ll note at the bottom of this screen that it refers to the TrustGroup through which you’re connected. In order to connect to another phone through TrustCall, both must belong to the same TrustGroup. TrustGroups can be defined within or across organizational boundaries and can contain any number of phones/users. The TrustGroup(s) to which you belong are contained, along with the TrustCall software and the encryption keys, on a TrustChip.

TrustGroups can be prioritized to determine which TrustGroup will be used if two phones have multiple TrustGroups in common.


The TrustChip is a cryptographic device on a microSD card that is recognized by your phone like any other removable flash memory card. You can store data in the unused space on the card, but the current TrustChip only has a 128MB capacity. This is a drawback, since the TrustChip uses your microSD slot and thus limits your ability to add storage space to your phone.  Koolspan, the company that makes TrustCall, has plans to release a 2GB card later this year.

The other problem I see is that you can’t use the current TrustChips with phones that don’t have a microSD slot. So, even though Android is supported, it excludes the Galaxy Nexus and other Android phones that lack a card slot. I was told the company is working on a “sled” attachment that would enable the TrustChip to be used with iPhones.

If you have a compatible phone, though, you can take the TrustChip out of one phone and put it in another. You’ll need to install the TrustCall software (which is stored on the card) and you’re good to go — that is, as long as your TrustChip has an account configured on a TrustCall relay server.

Within the TrustCall app on your phone, you can set it to use a distinctive ringtone for TrustCall calls. You can also configure it to enable TrustCall for all outgoing calls, specify whether to keep the screen turned on while in a secure call, set the invitation timeout duration, and select to use the Audio Boost feature. In addition, you can set up a number to which incoming calls will be forwarded if you’re in a TrustCall call.

Figure 3

Users can configure settings to control TrustCall behaviors.

How it works

“Normal” calls are transmitted over your carrier’s GSM or CDMA network. TrustCalls use the voice network’s SMS only for the initial setup of the call. Calling plans usually include a specific number of cellular minutes (unless you have an unlimited voice plan). Encrypted calls use VoIP technology for the calls themselves and are transmitted over the data network, optimized for 3G. Thus, they don’t count against your allocated voice minutes, but they do count against your data allocation if you have a capped data plan.

However, if your phone is connected to a Wi-Fi network (such as your home wireless network or a public Wi-Fi hotspot), TrustCall will use the Wi-Fi network so that the call doesn’t use your phone carrier’s data network.

The server side

TrustCall secure calls go through a Linux-based relay server, which holds the accounts for each TrustChip and the TrustGroup assignments. Koolspan operates a Universal relay server that can be used, and phones that use it belong to a Universal Trust Group so they can all place secure calls to one another. The Koolspan server is configured with failover capabilities for high accessibility.

The preferred scenario is for organizations to set up their own relay servers, and they can then create custom Enterprise TrustGroups. In this case, your calls don’t go through Koolspan’s servers. You have complete control, with the ability to create and remove TrustGroups and manage your TrustChips through the TrustCenter management software. The number of TrustGroups you can create depends on your site’s license.

The TrustCenter is accessed via a web browser. With it, administrators can remotely manage TrustChips, including destroying the TrustChip in a lost or stolen phone. The TrustCenter console uses a dual-paned interface similar to Microsoft management consoles, with a navigation pane on the left and a details pane on the right. There’s a dashboard-styled home page that displays statistics, system health information, and pending transactions. You must import the license manifest for your TrustChips and register your TrustChips to your TrustCenter site to create the encryption keys that are stored in its database. This is done with a separate application that can reside on the same server as the TrustCenter software or on a separate workstation.

The TrustCenter database contains profiles for all your users. You can import user profiles from LDAP directory services or create the user profiles manually. Users who are designated as administrators can log on to the TrustCenter management console. Administrators assign TrustChips and devices to users. More than one TrustChips can be assigned to a user, but only one user can be assigned to a TrustChip.

From the TrustCall app on your phone, you configure it to use either the Universal relay server or a relay server of your choice. The former is as easy as checking a box. For the latter, you’ll need to know the server name, port number, server password, username, and user password.

Security details

TrustCall uses FIPS validated encryption and provides a unique 256 bit AES key with no key exchange taking place over the air (thus preventing interception) and peer-to-peer authentication to prevent man-in-the-middle attacks. The keys that are associated with a TrustGroup are not used to encrypt the user data. Since the cryptographic operations are performed within the TrustChip, you don’t need a public key infrastructure or certificate management system to deploy your TrustCenter. Key generation, storage, and management are taken care of by the TrustChip, and every encrypted packet is authenticated individually.

The TrustCenter registration application uses Windows authentication or SQL login credentials to access the database where the keys and information are stored.

The user experience

It’s easy for even the most non-technical users to place secure calls with TrustCall. Setting up the phone to use a particular relay server (other than the Universal relay) requires only a few items of information, and the interface is clear and easy to understand. There was obvious attention to detail in designing this application, and I didn’t encounter the “assumption syndrome” that you sometimes see in configuration interfaces. For example, rather than just ask for “host name,” leaving the user wondering whether to enter the phone’s name or the server’s, it spells out that the server host name is what’s needed.

The only negative aspect of using TrustCall (or any voice encryption) is the lag time that you experience during a conversation. Encryption takes time, so this is inevitable. And while there’s only a delay of a second or two, it’s enough to make it a little awkward to carry on a spirited back-and-forth discussion. I found myself waiting for the other party’s response and then starting to say something else as it came through. This is something you could get used to with practice, but it’s slightly disconcerting.

Lag aside, if you need to talk over your mobile phone about sensitive or confidential matters, knowing the call is being protected by strong encryption is important, and voice encryption technology such as TrustCall can enable you to have those conversations without the worry of exposing information.