How Fi keeps your calls secure with end-to-end encryption

End-to-end encryption ensures your phone calls are secure, so conversations stay private between you and the person you’re talking to. If you and the person you’re talking to are both using Android phones on Fi, your calls will stay private with end-to-end encryption.
How end-to-end encryption works

When you use an Android phone on Fi to and are on a call with another Android phone on Fi, the call stays private between the two of you with end-to-end encryption.

  • The audio is encoded, and can only be decoded with a shared secret key.
  • Each device has a private key and a public key, which aren't saved.

When you use end-to-end encryption, nobody, including Google, can hear your call’s audio since they don't have the secret key for each call.

If your call is protected with end-to-end encryption and you’re using the Google Phone app , you’ll see a lock symbol Lock on the screen before your call is connected and during the call. When you place any encrypted call, you’ll hear a unique ringing tone before being connected.

Voicemails are not end-to-end encrypted.

How we protect your data

End-to-end encryption is an industry standard security method that protects data in communication.

Encryption means your data is hidden using a secret code. A key is needed to decode and access the data. When your call is end-to-end encrypted, only the caller and call receiver have access to the key so no one else, including Google, can hear the contents of your call.

This means that when your call is end-to-end encrypted, the audio of the call is encrypted from your device to the device of the person you’re calling. The encrypted audio can then only be decoded, or accessed, with a shared key.

This key is a number that’s created on your device and the device you called. It only exists on those devices.

The key is kept private in a few ways:

  • The key isn’t shared with Google, anyone else, or other devices.
  • It is automatically deleted as soon as the call ends.

If a third party gains access to the data for the call, they won’t be able to understand the call because they don’t have the key so the call audio is indecipherable.

To calculate the shared key, each device needs:

  • A private key that is created for every call.
  • A public key which is created for every call and is not saved on the Fi servers.

How shared secret keys are created

The devices exchange their public keys through the Fi servers but don’t reveal their private keys. Each device uses its private key and the public key from the other device to calculate the shared secret key.

End-to-end encrypted calls will go through Google Fi servers, but because Google doesn’t have the shared secret key, Google can’t decode the call.

You’re in control

Turn on Wi-Fi calling to make sure your call on an Android phone with Fi to another Android phone with Fi has end-to-end encryption.

Wi-Fi calling must be turned on to be eligible for end-to-end encryption, but you can still make end-to-end encrypted calls even if your call isn’t using Wi-Fi.

Learn more about how to make calls over Wi-Fi.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Get to know Fi

Learn why Fi is a different kind of phone plan and how to get the most out of your Google Fi service. Get step-by-step guides and instructional videos on how to sign up, transfer your number, create a group plan, switch your price plan, etc.

Clear search
Close search
Google apps
Main menu
Search Help Center