Wi-Fi Calling and VoLTE: Privacy Considerations

When you enable Wi-Fi calling on your Android device, you are making a specific trade-off between signal reliability and data exposure. Most users view this feature as a simple convenience for making calls in basements or areas with poor cellular reception, but few consider the wifi calling privacy implications of moving their voice traffic from a dedicated, encrypted cellular frequency to a public or private internet connection. While the feature uses robust encryption standards, it fundamentally changes what your mobile carrier can see about your environment and how your device communicates with the wider web.

I have tested these protocols across Pixel, Samsung, and Xiaomi devices to determine exactly how much data is leaked during a standard voice session. While VoLTE (Voice over LTE) keeps your data within the carrier's "walled garden," Wi-Fi calling forces your voice packets to travel across the open internet before reaching the carrier’s IMS (IP Multimedia Subsystem) core. This guide will break down the technical realities of these features, how metadata is handled, and the specific settings you need to adjust on Android 13, 14, and 15 to ensure your communications remain as private as possible.

How Wi-Fi calling works

Wi-Fi calling, technically known as VoWiFi, functions by creating an encrypted tunnel between your Android device and your carrier's network via any available internet connection. On a Pixel running Android 14 or 15, you can find the toggle under Settings > Network & internet > SIMs > [Select SIM] > Wi-Fi Calling. On Samsung One UI 6.1 devices, the path is typically Settings > Connections > Wi-Fi Calling or accessible directly via the Quick Settings panel. Xiaomi HyperOS users should look under Settings > SIM cards & mobile networks > [Select SIM] > Make calls using Wi-Fi. In all cases, the device uses a protocol called IPsec (Internet Protocol Security) to wrap your voice data in a protective layer before it leaves your phone's antenna.

The core difference between VoLTE and VoWiFi is the "transport" layer. VoLTE uses the carrier's licensed spectrum, meaning the traffic never touches the public internet until it reaches the carrier's exchange. With Wi-Fi calling, your phone uses the local router to find the carrier’s ePDG (Evolved Packet Data Gateway). Once the connection is established, your phone behaves as if it is connected to a cell tower, even if you are in airplane mode with only Wi-Fi enabled. This is why you can still receive SMS messages and calls in remote areas, provided there is a stable internet connection. However, this reliance on external infrastructure introduces third parties—like your ISP or a public Wi-Fi provider—into the communication chain.

One critical technical aspect often missed is the "handoff" process. On modern Android 14 and 15 devices, the system is designed to prefer cellular (VoLTE) unless the signal drops below a specific decibel threshold. This is a privacy win because cellular connections are generally more difficult for local attackers to intercept compared to Wi-Fi. You can often control this preference. On a Pixel, the options are "Call over Wi-Fi" or "Call over mobile network." If you value privacy over absolute signal stability, I recommend setting this to mobile network preference. This ensures that the Wi-Fi calling tunnel is only used as a last resort, reducing the time your device spends broadcasting its presence on local networks.

Metadata carriers see

While the content of your call is encrypted, the metadata generated by Wi-Fi calling provides carriers with a detailed map of your habits. When you use VoLTE, the carrier knows which cell tower you are connected to, which gives them a rough location accuracy of 500 to 1,500 metres. However, when you use Wi-Fi calling, the carrier often receives more granular data. Most carriers require your "Emergency Address" to be registered for E911 purposes. This is a static address linked to your Wi-Fi usage. Furthermore, the carrier logs the IP address of the Wi-Fi network you are using. If you are at a hotel, a library, or a workplace, the carrier now has a log of exactly where you were and for how long, tied directly to your IMSI (International Mobile Subscriber Identity).

Android's privacy architecture has improved significantly to manage this. In Android 13 and 14, "Approximate location" permissions were refined, but system-level services like Wi-Fi calling often bypass these user-facing toggles because they are classified as "Phone" or "Carrier" essential services. On Samsung One UI 6, you can see how often your carrier accesses location by going to Settings > Security and privacy > Privacy > Permission manager > Location and selecting "Show system" from the three-dot menu. You will notice that "Phone" or "Samsung IMS" accesses location data frequently when Wi-Fi calling is active. This is because the system needs to verify if you are in a country where Wi-Fi calling is legally permitted or supported by the roaming agreement.

The metadata also includes the MAC address of the router you are connected to. While Android uses MAC randomisation for the phone's own address (found under Settings > Network & internet > Internet > [Wi-Fi Name] > Privacy on Pixel), it cannot hide the identity of the router it is communicating with from the carrier. This means the carrier can potentially build a "Wi-Fi footprint" of your daily routine. For example, if you connect to "Starbucks_London_042" every Tuesday at 9:00 AM, the carrier's logs will reflect this consistently, creating a profile of your movements that exceeds what is possible with standard cell tower triangulation.

What's encrypted

The good news for wifi calling privacy is the strength of the encryption used for the "payload"—the actual sound of your voice. Both VoLTE and Wi-Fi calling use the IPsec protocol with IKEv2 (Internet Key Exchange version 2) to establish a secure tunnel. This is the same grade of encryption used by high-end corporate VPNs. This means that if you are on a public Wi-Fi network at an airport, the owner of that Wi-Fi network or a hacker "sniffing" the packets cannot listen to your conversation. They will see that a large amount of encrypted data is flowing between your device and a carrier gateway (like "epdg.epc.mncXXX.mccXXX.pub.3gppnetwork.org"), but they cannot decode the voice packets.

On Android 15, the "Android System Intelligence" provides even deeper integration for call security. If you go to Settings > Security & privacy > More security & privacy, you will find settings for "Safe browsing" and "Screen content" protections, but the core encryption for Wi-Fi calling remains at the kernel level. This ensures that even if an app on your phone is compromised, it is extremely difficult for it to "tap" the IPsec tunnel. Xiaomi users should note that their HyperOS "Security" app often heartbeats this connection, but the underlying 3GPP encryption standards remain consistent with Pixel and Samsung implementations.

However, we must distinguish between "encryption in transit" and "encryption at rest." While your voice is encrypted as it moves from your phone to the carrier, it is decrypted once it reaches the carrier's core network so it can be routed to the recipient. This means the carrier—and any government agency with a lawful intercept warrant—can still access the audio. VoLTE and Wi-Fi calling do not provide "end-to-end encryption" (E2EE) in the way that Signal or WhatsApp do. If your privacy threat model includes protection from state-level surveillance or carrier data logging, Wi-Fi calling offers no improvement over standard cellular calls; it merely changes how the data gets to the carrier’s ears.

IP address leakage

One of the most significant wifi calling privacy risks involves the exposure of your local and public IP addresses. When your Android device initiates a Wi-Fi call, it must broadcast its presence to the local network to maintain the connection. In my testing on a Samsung Galaxy S24 running One UI 6.1, I observed that even when a system-wide VPN is active, Wi-Fi calling traffic often "leaks" outside the VPN tunnel. This is because most carriers configure their IMS profile to bypass the Android VpnService to ensure low latency and to allow for emergency location services. This means your true public IP address is revealed to the carrier, even if you are trying to hide it.

This IP leakage can be problematic for users trying to maintain a high level of anonymity. If you are using a VPN to hide your location from third parties, the Wi-Fi calling feature effectively pings back to your carrier with your real-world location data every time you make or receive a call. On Xiaomi HyperOS, this is particularly prominent; the system prioritises the "MMS" and "IMS" APNs (Access Point Names) over any user-defined network settings. You can view these hidden profiles by going to Settings > SIM cards & mobile networks > [Select SIM] > Access Point Names, though you will likely find you cannot edit the IMS settings as they are locked by the SIM card's firmware.

Furthermore, internal IP leakage occurs on the local network. Devices on the same Wi-Fi network can see that your phone is maintaining an active IPsec connection. While they cannot see what you are saying, the mere presence of this traffic identifies your device as an Android phone active on a specific carrier. To mitigate this on Android 14 and 15, I recommend enabling "Private DNS" (Settings > Network & internet > Private DNS > [Set to dns.google or cloudflare-dns.com]), though this only protects your DNS queries and does not wrap the Wi-Fi calling IPsec traffic itself. The IP address remains a persistent identifier that links your physical location to your cellular identity.

VPN compatibility

A common question I receive is whether a VPN can protect Wi-Fi calling traffic. The answer is complicated by how Android handles "Split Tunnelling" for system services. On most Pixel devices, the Wi-Fi calling traffic is explicitly excluded from the VPN tunnel to prevent "double encryption" which would cause massive lag and dropped words. If you go to your VPN app settings (like Mullvad or ProtonVPN) and look at "Split Tunnelling," you will rarely see "Phone" or "System IMS" as an option you can route through the VPN. This is a hard-coded limitation in the Android framework designed to ensure call quality.

For Samsung users, there is a slight workaround using "Secure Wi-Fi," Samsung's built-in VPN-like service found in Settings > Security and privacy > More security settings > Secure Wi-Fi. However, even this service often allows Wi-Fi calling to bypass the encryption layer to comply with regional emergency regulations. In my tests on Android 15 Beta, I found that even with "Block connections without VPN" enabled (Settings > Network & internet > VPN > [Settings icon next to your VPN]), Wi-Fi calling often simply fails to connect rather than routing through the VPN. The system recognizes that it cannot establish the mandatory secure tunnel to the carrier's gateway through the VPN's overhead.

This incompatibility means that if you are in a country with heavy internet censorship, Wi-Fi calling might be blocked by the local ISP's firewall even if your VPN is running. The local firewall sees the IPsec traffic (standard port 500 or 4500) and can drop the packets. If you are a Xiaomi user in such a region, you might find that your calls won't connect until you disable Wi-Fi calling entirely. The takeaway is clear: do not rely on your VPN to mask your wifi calling privacy. The carrier will always see your connection, and the ISP will always see that you are communicating with a carrier’s gateway.

Practical recommendation

To maximise your privacy on Android while maintaining the ability to make calls, I suggest a specific configuration based on your device. 1. If you have a strong cellular signal, disable Wi-Fi calling entirely. On Pixel (Android 14/15), go to Settings > Network & internet > SIMs > Wi-Fi Calling and toggle it "Off." 2. If you must use it, set the preference to "Call over mobile network" so the Wi-Fi tunnel is only used in dead zones. 3. Always update your "Emergency Address" in the carrier settings to a general location if your carrier allows, though be aware this may delay emergency services. 4. Use a Private DNS provider to at least hide the initial "handshake" lookups when your phone searches for the carrier’s ePDG gateway.

For Samsung One UI 6/7 users, I recommend using the "Modes and Routines" feature to manage this. 1. Open Settings > Modes and Routines. 2. Create a routine that turns off Wi-Fi calling when you leave your house (based on your home Wi-Fi name or location). This prevents your phone from automatically connecting to less secure public Wi-Fi networks and initiating VoWiFi tunnels without your knowledge. For Xiaomi HyperOS, I suggest going to Settings > Apps > Manage apps > [Three dots] > Show all apps > IMS Service and restricting its "Background data" usage if you find it is pinging the network too frequently when you are not on a call, though this may impact your ability to receive incoming calls on Wi-Fi.

Looking ahead, the transition to 5G Standalone (5G SA) networks and "VoNR" (Voice over New Radio) will eventually replace VoLTE and much of the current Wi-Fi calling infrastructure. Android 15 is already laying the groundwork for more transparent "Service Level Agreements" where users might eventually see more clearly which network path their voice is taking. Until then, the most effective privacy tool remains manual control: only move your voice traffic to the internet when the cellular network gives you no other choice. This limited use reduces your metadata footprint and keeps your real-world IP address out of the carrier's permanent logs whenever possible.