Secure calls with end-to-end encryption

Keep your phone calls secure with end-to-end encryption, so conversations stay between you and the person you talk to. If you both use Android phones on Fi, your calls are kept private with end-to-end encryption.

Use end-to-end encryption

Your call is automatically end-to-end encrypted when:

  • You use Fi on an Android phone and call another Fi Android user.
  • Your call is between yourself and one other person.
  • You have a strong connection on Wi-Fi or service on LTE or greater during the call.

  • Both you and the person you call have microphone permissions turned on for the Fi app.

You can turn on microphone permissions for the Fi app by changing app permissions on your Android phone. If you want to turn off encryption, turn off microphone permissions.

Important: Voicemails aren't end-to-end encrypted.

Know when your call is encrypted

When you place an encrypted call, before your call connects, a unique ringing tone plays.

Before your call connects and during the call, encrypted calls that use the Google Phone app have a Lock Lock on the screen. When you meet all other criteria but don’t use the Google Phone app, your call remains encrypted even without the Lock Lock.

Learn more about how Fi keeps your calls secure.

Know when your call isn’t encrypted

Even if you fit the criteria, your call won’t be end-to-end encrypted if:

  • You call with the Messages by Google app.
  • You reach voicemail. Voicemails aren't end-to-end encrypted.
  • You are on a conference call.

Encrypted text messages

Currently, Fi doesn’t offer end-to-end encryption for texting. For more secure chat conversations, you can use the Messages by Google app. If both you and the person you’re texting turn on “Messages” and “Chat features” the Messages app automatically upgrades your conversations with another individual to end-to-end encryption. With encryption, the content of your messages is more secure in transmission from device-to-device.

Learn more about encryption in Messages.

How Google Fi secures your calls with end-to-end encryption

With end-to-end encryption, Google Fi keeps your phone calls private when both you and the person you talk to use Android phones.

How end-to-end encryption works

When you use an Android phone on Google Fi to and are on a call with another Android phone on Google Fi, the call stays private between the two of you with end-to-end encryption.

  • The audio is encoded, and can only be decoded with a shared secret key.
  • Each device has a private key and a public key, which aren't saved.

When your call is protected with end-to-end encryption and you’re using the Google Phone app :

  • You can find a lock symbol Lock on the screen before your call connects and during the call.
  • You hear a unique ring tone before any encrypted call connects.

Voicemails aren’t end-to-end encrypted.

How we protect your data

End-to-end encryption is an industry standard security method that protects data in communication.

With encryption, your data stays hidden when you use a secret code. A key is needed to decode and access the data. When your call is end-to-end encrypted, only the caller and call receiver have access to the key so no one else, that includes Google, can hear the contents of your call.

During an end-to-end encrypted call, your device encrypts the audio and sends it to the device of the person you’re calling. Only a shared key can decode or access it.

This key is a number that’s created on your device and the device you called. It only exists on those devices.

The key is kept private in a few ways:

  • The key isn’t shared with Google, anyone else, or other devices.
  • It’s automatically deleted as soon as the call ends.

If a third party gains access to the data for the call, they won’t understand the call because they don’t have the key, so the call audio is indecipherable.

To calculate the shared key, each device needs:

  • A private key that’s created for every call.
  • A public key which is created for every call and isn’t saved on the Google Fi servers.

How shared secret keys are created

The devices exchange their public keys through the Google Fi servers but don’t reveal their private keys. To calculate the shared secret key, each device uses its private key and the public key from the other device.

Even though end-to-end encrypted calls pass through Google Fi servers, Google can’t decode the call because we don’t have the shared secret key.

You’re in control

To make sure your Google Fi call on an Android phone to another Android phone has end-to-end encryption, turn on Wi-Fi calling.

To be eligible for end-to-end encryption, Wi-Fi calling must be on. However, you can still make end-to-end encrypted calls even if your call doesn’t use Wi-Fi.

Learn how to make calls over Wi-Fi.

Related resources

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Get to know Fi

Learn why Fi is a different kind of phone plan and how to get the most out of your Google Fi service. Get step-by-step guides and instructional videos on how to sign up, transfer your number, create a group plan, switch your price plan, etc.

Search
Clear search
Close search
Main menu
10184280395063386680
true
Search Help Center
true
true
true
true
true
98630
false
false
false
false