Skip to main content
SpringerLink
Log in

Android mobile VoIP apps: a survey and examination of their security and privacy

  • Published:
Electronic Commerce Research Aims and scope Submit manuscript

Abstract

Voice over Internet Protocol (VoIP) has become increasingly popular among individuals and business organisations, with millions of users communicating using VoIP applications (apps) on their smart mobile devices. Since Android is one of the most popular mobile platforms, this research focuses on Android devices. In this paper we survey the research that examines the security and privacy of mVoIP published in English from January 2009 to January 2014. We also examine the ten most popular free mVoIP apps for Android devices, and analyse the communications to determine whether the voice and text communications using these mVoIP apps are encrypted. The results indicate that most of the apps encrypt text communications, but voice communications may not have been encrypted in Fring, ICQ, Tango, Viber, Vonage, WeChat and Yahoo. The findings described in this paper contribute to an in-depth understanding of the potential privacy risks inherent in the communications using these apps, a previously understudied app category. Six potential research topics are also outlined.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18

Similar content being viewed by others

Notes

  1. Although the PRISM program by National Security Agency reportedly allows the U.S. intelligence community to gain access from nine Internet companies to a wide range of digital information [34], including VoIP and mVoIP communications, such capabilities are not typically available to other non-state actors or most non-U.S. state actors.

References

  1. Appelman, M., Bosma, J., & Veerman, G. (2011). Viber communication security: Unscramble the scrambled.

  2. Australian Government Department of Broadband Communications and Digital Economy. (2013). Statistical Snapshot.

  3. Azab, A., Watters, P., & Layton, R. (2012). Characterising network traffic for skype forensics. In Proceedings of the Third Cybercrime and Trustworthy Computing Workshop (CTC), Australia, 29–30 October 2012 (pp. 19–27).

  4. Azfar, A., Choo, K.-K. R., & Liu, L. (2014). A study of ten popular android mobile voip applications: Are the communications encrypted? In Proceedings of the 47th Anual Hawaii International Conference on System Sciences (HICSS), Hawaii, 6–9 January 2014 (pp. 4858–4867).

  5. BKAV Internet Security Corporation (2013). Critical flaw in Viber allows full access to Android Smartphones, bypassing lock screen. Accessed April 30, 2013, from http://www.bkav.com/top-news/-/view_content/content/46264/critical-flaw-in-viber-allows-full-access-to-android-smartphones-bypassing-lock-screen.

  6. Blond, S. L., Zhang, C., Legout, A., Ross, K., & Dabbous, W. (2011). I know where you are and what you are sharing: exploiting P2P communications to invade users’ privacy. In Proceedings of the ACM Internet Measurement Conference (SIGCOMM 2011), Germany, 24 November 2011 (pp. 45–60).

  7. Cagnina, M., & Poian, M. (2009). Beyond e-business models: The road to virtual worlds. Electronic Commerce Research, 9(1–2), 49–75.

    Article  Google Scholar 

  8. Carpenter, M., & Wright, J. (2009). Advanced metering infrastructure attack methodology. http://inguardians.com/pubs/AMI_Attack_Methodology.pdf.

  9. Chang, H. (2013). The security service rating design for IT convergence services. Electronic Commerce Research, 13(3), 317–328.

    Article  Google Scholar 

  10. Chang, Y. F., Chen, C. S., & Zhou, H. (2009). Smart phone for mobile commerce. Computer Standards & Interfaces, 31(4), 740–747.

    Article  Google Scholar 

  11. Chen, Q., Chen, H.-M., & Kazman, R. (2007). Investigating antecedents of technology acceptance of initial eCRM users beyond generation X and the role of self-construal. Electronic Commerce Research, 7(3–4), 315–339.

    Article  Google Scholar 

  12. Choo, K. K. R. (2009). Secure key establishment. Advances in information security (Vol. 41). New York: Springer.

    Book  Google Scholar 

  13. Choo, K.-K. R. (2014). Mobile cloud storage users. IEEE Cloud Computing, 1(3), 20–23.

    Article  Google Scholar 

  14. Choo, K.-K. R., Smith, R. G., & McCusker, M. (2007). Future directions in technology-enabled crime: 2007–2009. Canberra: Australian Institute of Criminology.

    Google Scholar 

  15. Does Skype use encryption? Retrieved January 30, 2014, from https://support.skype.com/en/faq/FA31/does-skype-use-encryption.

  16. Dorfinger, P., Panholzer, G., & John, W. (2011). Entropy estimation for real-time encrypted traffic identification (Short Paper). In J. Domingo-Pascual, Y. Shavitt, & S. Uhlig (Eds.), Traffic monitoring and analysis (Vol. 6613, pp. 164–171, Lecture Notes in Computer Science): Springer Berlin Heidelberg.

  17. Fring. Retrieved January 27, 2014, from http://www.fring.com/.

  18. Ghaemmaghami, H., Dean, D., Sridharan, S., & McCowan, I. (2010). Noise robust voice activity detection using normal probability testing and time-domain histogram analysis. In Proceedings of the IEEE International Conference on Acoustics Speech and Signal Processing (ICASSP), USA, 1419 March 2010 (pp. 4470–4473).

  19. Goldreich, O. (2004). Foundations of cryptography: Volume 2, basic applications. Cambridge: Cambridge University Press.

    Book  Google Scholar 

  20. Gomes, J., Inacio, P., Pereira, M., Freire, M., & Monteiro, P. (2013). Identification of peer-to-peer VoIP sessions using entropy and codec properties. IEEE Transactions on Parallel and Distributed Systems, 24(10), 2004–2014.

    Article  Google Scholar 

  21. Google How Hangouts encrypts information. Retrieved April 3, 2015, from https://support.google.com/hangouts/answer/6046115?hl=en#.

  22. Guo, J.-I., Yen, J.-C., & Pai, H.-F. (2002). New voice over Internet protocol technique with hierarchical data security protection. IEE Proceedings: Vision, Image and Signal Processing, 149(4), 237–243.

    Google Scholar 

  23. Hester, J. (2009). Big Blue Ball.com: Instant messaging & social networking. Accessed January 25, 2014, from http://www.bigblueball.com/im/googletalk/.

  24. ICQ. (2011). ICQ Privacy Policy. Accessed April 3, 2015, from http://www.icq.com/legal/privacypolicy/en.

  25. Infonetics Research raises VoLTE forecast; Over-the-top mobile VoIP subscribers nearing 1 billion mark (2013). Accessed January 15, 2014, from http://www.infonetics.com/pr/2013/Mobile-VoIP-Services-and-Subscribers-Market-Highlights.asp.

  26. Jahanirad, M., AL-Nabhani, Y., & Noor, R. M. (2011). Security measures for VoIP application: A state of the art review. Scientific Research and Essays, 6(23), 4950–4959.

    Google Scholar 

  27. Johnson, M., Ishwar, P., Prabhakaran, V., Schonberg, D., & Ramchandran, K. (2004). On compressing encrypted data. IEEE Transactions on Signal Processing, 52(10), 2992–3006.

    Article  Google Scholar 

  28. King, A., & Lyons, K. (2011). Automatic status updates in distributed software development. In Proceedings of the 2nd International Workshop on Web 2.0 for Software Engineering, USA, 2128 May 2011 (pp. 19–24).

  29. Lee, J., Ko, H.-S., Park, S., Seo, M., & Kim, I. (2011) .Study on secure mobile communication based on the hardware security module. In Fifth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies (UBICOMM 2011), Portugal, 2025 November 2011 (pp. 23–26)

  30. Ludwig, S., Beda, J., Saint-Andre, P., McQueen, R., Egan, S., & Hildebrand, J. (2009). XEP-0166: Jingle. Accessed January 30, 2014, from http://xmpp.org/extensions/xep-0166.html.

  31. Menghui, Y., Hua, L., & Tonghong, L. (2010). Implementation and performance for lawful intercept of VoIP calls based on SIP session border controller. In Proceedings of the IEEE 10th International Conference on Computer and Information Technology (CIT), United Kingdom, 29 June-1 July 2010 (pp. 2635–2642).

  32. Misra, S. K., & Wickamasinghe, N. (2004). Security of a mobile transaction: A trust model. Electronic Commerce Research, 4(4), 359–372.

    Article  Google Scholar 

  33. Nimbuzz. Accessed January 30, 2014, from http://www.nimbuzz.com/en/support.

  34. NSA slides explain the PRISM data-collection program. (2013). The Washington Post.

  35. PcapHistogram. Retrieved January 30, 2014, from http://www.willhackforsushi.com/code/pcaphistogram.pl.

  36. Perez, J. C. (2013, May 25). Google defends its use of proprietary tech in Hangouts. PC World

  37. pyNetEntropy. Accessed January 30, 2014, from https://github.com/batidiane/pyNetEntropy.

  38. Sarkar, A. (2012). Yahoo! Voice Compromised, 450 K Login Credentials Stolen & Posted In Plain Text. Accessed January 30, 2014, from http://www.voiceofgreyhat.com/2012/07/yahoo-voice-compromised-450k-login.html.

  39. Shannon, C. E. (1951). Prediction and entropy of printed English. Bell Systems Technical Journal, 30(1), 50–64.

    Article  Google Scholar 

  40. Shepard, B. (2013). 10 Cool Ways Companies Use Skype. Accessed January 30, 2014, from http://blogs.skype.com/2013/08/28/happy-10th-ten-cool-ways-companies-use-skype/.

  41. Soupionis, Y., Basagiannis, S., Katsaros, P., & Gritzalis, D. (2011). A formally verified mechanism for countering SPIT. In C. Xenakis, & S. Wolthusen (Eds.), Critical Information Infrastructures Security (Vol. 6712, pp. 128–139, Lecture Notes in Computer Science): Springer Berlin Heidelberg.

  42. Tango. Accessed January 27, 2014, from http://www.tango.me/.

  43. Viber are my messages secure? Accessed April 3, 2015, from https://support.viber.com/customer/portal/articles/1600146-are-my-messages-secure-#.VR321vmUeSo.

  44. Viber Connect Freely. Accessed January 15, 2015, from http://www.viber.com/.

  45. VoIP Users Conference. Accessed January 27, 2014, from http://www.voipusersconference.org/2011/jabber-jitsi-nimbuzz/.

  46. Vonage Mobile. Accessed January 30, 2014, from http://www.vonagemobile.com/.

  47. Vrakas, N., & Lambrinoudakis, C. (2013). An intrusion detection and prevention system for IMs and VoIP services. International Journal of Information Security, 2(3), 201–217.

    Article  Google Scholar 

  48. Wang, C.-H., & Liu, Y.-S. (2011). A dependable privacy protection for end-to-end VoIP via Elliptic-Curve Diffie-Hellman and dynamic key changes. Journal of Network and Computer Applications, 34(5), 1545–1556.

    Article  Google Scholar 

  49. WeChat The New Way to Connect. Accessed January 15, 2015, from http://www.wechat.com/en/.

  50. Wright, C. V., Ballard, L., Monrose, F., & Masson, G. M. (2007). Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob? In USENIX Security, 2007 (Vol. 3, pp. 43–54, Vol. 3.6)

  51. Yahoo! 7 Messenger. Accessed January 30, 2014, from http://au.messenger.yahoo.com/features/.

Download references

Author information

Authors and Affiliations

  1. Information Assurance Research Group, University of South Australia, Adelaide, Australia

    Abdullah Azfar & Kim-Kwang Raymond Choo

  2. School of Information Technology and Mathematical Sciences, University of South Australia, Adelaide, Australia

    Lin Liu

Authors
  1. Abdullah Azfar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kim-Kwang Raymond Choo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Abdullah Azfar.

Electronic supplementary material

Appendix

Appendix

See Figs. 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Azfar, A., Choo, KK.R. & Liu, L. Android mobile VoIP apps: a survey and examination of their security and privacy. Electron Commer Res 16, 73–111 (2016). https://doi.org/10.1007/s10660-015-9208-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10660-015-9208-1

Keywords

Search

Navigation