Android mobile VoIP apps: a survey and examination of their security and privacy

Voice over Internet Protocol (VoIP) has become increasingly popular among individuals and business organisations, with millions of users communicating using VoIP applications (apps) on their smart mobile devices. Since Android is one of the most popular mobile platforms, this research focuses on Android devices. In this paper we survey the research that examines the security and privacy of mVoIP published in English from January 2009 to January 2014. We also examine the ten most popular free mVoIP apps for Android devices, and analyse the communications to determine whether the voice and text communications using these mVoIP apps are encrypted. The results indicate that most of the apps encrypt text communications, but voice communications may not have been encrypted in Fring, ICQ, Tango, Viber, Vonage, WeChat and Yahoo. The findings described in this paper contribute to an in-depth understanding of the potential privacy risks inherent in the communications using these apps, a previously understudied app category. Six potential research topics are also outlined.

[1]  Claude E. Shannon,et al.  Prediction and Entropy of Printed English , 1951 .

[2]  Jiun-In Guo,et al.  New voice over Internet protocol technique with hierarchical data security protection , 2002 .

[3]  Vinod M. Prabhakaran,et al.  On compressing encrypted data , 2004, IEEE Transactions on Signal Processing.

[4]  Nilmini Wickramasinghe,et al.  Security of a Mobile Transaction: A Trust Model , 2004, Electron. Commer. Res..

[5]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[6]  Rick Kazman,et al.  Investigating antecedents of technology acceptance of initial eCRM users beyond generation X and the role of self-construal , 2007, Electron. Commer. Res..

[7]  Charles V. Wright,et al.  Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? , 2007, USENIX Security Symposium.

[8]  Kim-Kwang Raymond Choo,et al.  Future directions in technology-enabled crime: 2007-09 , 2008 .

[9]  Maria Rosita Cagnina,et al.  Beyond e-business models: the road to virtual worlds , 2009, Electron. Commer. Res..

[10]  Hao Zhou,et al.  Smart phone for mobile commerce , 2009, Comput. Stand. Interfaces.

[11]  Kim-Kwang Raymond Choo Secure Key Establishment , 2008, Advances in Information Security.

[12]  Sridha Sridharan,et al.  Noise robust voice activity detection using normal probability testing and time-domain histogram analysis , 2010, 2010 IEEE International Conference on Acoustics, Speech and Signal Processing.

[13]  Tonghong Li,et al.  Implementation and Performance for Lawful Intercept of VoIP Calls based on SIP Session Border Controller , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[14]  Dimitris Gritzalis,et al.  A Formally Verified Mechanism for Countering SPIT , 2010, CRITIS.

[15]  Peter Dorfinger,et al.  Entropy Estimation for Real-Time Encrypted Traffic Identification (Short Paper) , 2011, TMA.

[16]  Walid Dabbous,et al.  I know where you are and what you are sharing: exploiting P2P communications to invade users' privacy , 2011, IMC '11.

[17]  Mehdi Jahanirad,et al.  Security measures for VoIP application: a state of the art review , 2011 .

[18]  Abayomi King,et al.  Automatic status updates in distributed software development , 2011, Web2SE '11.

[19]  Chia-Hui Wang,et al.  A dependable privacy protection for end-to-end VoIP via Elliptic-Curve Diffie-Hellman and dynamic key changes , 2011, J. Netw. Comput. Appl..

[20]  Nikos Vrakas,et al.  An intrusion detection and prevention system for IMS and VoIP services , 2012, International Journal of Information Security.

[21]  R. Layton,et al.  Characterising Network Traffic for Skype Forensics , 2012, 2012 Third Cybercrime and Trustworthy Computing Workshop.

[22]  Hangbae Chang The security service rating design for IT convergence services , 2013, Electron. Commer. Res..

[23]  Manuela Pereira,et al.  Identification of Peer-to-Peer VoIP Sessions Using Entropy and Codec Properties , 2013, IEEE Transactions on Parallel and Distributed Systems.

[24]  Kim-Kwang Raymond Choo Mobile Cloud Storage Users , 2014, IEEE Cloud Computing.

[25]  Kim-Kwang Raymond Choo,et al.  A Study of Ten Popular Android Mobile VoIP Applications: Are the Communications Encrypted? , 2014, 2014 47th Hawaii International Conference on System Sciences.

[26]  Kim-Kwang Raymond Choo,et al.  Cloud Forensic Technical Challenges and Solutions: A Snapshot , 2014, IEEE Cloud Computing.