I am not a professional smartphone tech. nor I.T. trained. You may wish to follow along with my own layperson thoughts/conclusions that I am happy to share here after my internet research. Your own research, thinking & conclusions may be especially necessary if security of your calls is of prime importance. Hopefully I can save you some time by sending your thoughts in helpful directions & towards useful questions.
WiFi calling; can other (big) ears ‘listen’? I read some info. about WiFi calling security & this post will only scratch the surface, because (as most of us are aware) internet security is a fast moving target. Does perfect internet security exist? I think Not. Have there ever been some concerns raised?; yes. And lots of good players respond, e.g. creating security patches. It is often recommended to “update your phone as soon as new patches and software are made available.”
Wi-Fi calling may seem “fancy and new”, but the tech. it is based on is not that new; it’s Voice over Internet Protocol (VoIP). Many have probably already used VoIP at home or in the workplace (examples of popular platforms/mobile apps that run on VoIP include Skype, WhatsApp, Google Meet, Facebook Messenger).
So we might also ask whether VoIP calling is secure. Some perspective that I read from a few years ago: “Both VoIP and [non-VoIP] landlines are vulnerable to security breaches in their own ways”.
Although many referring to VoIP may be thinking of a standalone application or platform that one must install, Wi-Fi calling refers to carrier-branded calling that is automatically available (was included in the build) on many newer smartphones. Installing an app then not necessary; one can enable a Wi-Fi calling setting on the phone instead.
A while ago it was said that for securing VoIP calls, “some providers have incorporated security features like end-to-end encryption of voice data.” Fast forward to 2023 & hopefully most or all mainstream providers provide this now (if in doubt, can ask your provider). A good suggestion I saw to help find VoIP providers that have developed a good reputation for secure phone service, is to “take the time to read online reviews written by … current users”. Some VoIP programs/platforms are used by quite security-conscious workplaces.
Keeping in mind that the relative security might depend on the security rating of the VoIP platform being used by your smartphone carrier, so then how secure is VoIP?: “depends on the provider.” “Wi-Fi calling is generally safe because even though your data is being sent over (possibly unsecured) Wi-Fi networks, your mobile carrier usually encrypts your voice data.” This may be “regardless of whether a call is routed through their cellular network or a Wi-Fi network” (n.b. exception: I read that if/when using a voice-over-Wi-Fi app [bypassing your mobile carrier] you might not have this security).
Some examples I have read of security concerns (hopefully the following are resolved now):
– in a research paper dated May 2020 calling itself “the first study on the security implication of the operational Wi-Fi calling service over five operational networks” there were some security concerns raised then & the paper’s authors “proposed a solution to address all identified vulnerabilities”. Since 3 1/2 years ago can be a long time in terms of software improvements (with WiFi calling & VOIP calling growing in use), I would tend to surmise that these quite early days concerns were addressed; and
– in March this year it was reported that “If you have an Android phone, you may want to stop using Wi-Fi calling” because a team of security experts with Google “… had found “multiple vulnerabilities in Exynos chipsets”. It appears that some responses were swift because even within the same month “Pixel phones already received a fix … while Samsung [listed] that an update was released for some of the vulnerabilities.”
I conclude that WiFi calling can be made reasonably secure for my own purposes. If you need closer to “perfect security”, better do further research and/or engage services of a security tech.