CallKit – the good, the bad and the ugly

CallKit integrates VoIP services with other call-related apps on the Apple device, using the same native interface, making it easier for users as they use the same dialer for all calls.  However, it’s not plain sailing and CallKit does have its limitations.  Here’s our take on it…

The Good

CallKit provides a more typical Apple interface, which is great for the user experience and provides anonymity when receiving secure calls, particularly when in a public place, because all calls look the same.  It provides integration features with other types of incoming call, which means that Armour users are able to prioritise their secure calls over a standard call, and so avoid interruptions.

The Bad

Calls made with CallKit appear in the regular iOS call log, which used to be synced to iCloud.  The sync to iCloud may be turned off, but can you rely on users to remember to do that? Importantly, this means that meta data for secure calls also appears on the standard phone log – which is far from ideal.  To identify the incoming caller, their information would need to be in the Apple push, which may mean that it requires access to the secure contacts database, which could result in call details being stored outside of the secure database, all of which would contravene a CPA certified solution.  And, all of which could give away valuable metadata to an attacker.

CallKit provides the user with an incoming call interface on the lock screen, however, if your secure comms app is held behind a secure login, it may not initiate for the incoming call.

The Ugly

The user interface is limited to Apple’s standard phone app, which means that additional functionality (i.e. buttons for messaging, video and conferencing controls) can’t easily be displayed.  CallKit also has limited ability to deal with video calls, for example, video needs to be enabled at both ends for the call to take place (whereas Armour Mobile will allow one-way video calls, since this better fits with the security and usability requirements of our customers).

Users may require the ability to disable CallKit.

Our overall take on CallKit is that while it can cause more problems than it solves, it does solve some specific issues in specialist use cases, and for this reason we will be including CallKit in an upcoming version of Armour Mobile, so that our clients have the choice.