[Edited to add: on reflection, this is a bit negative; it is a really cool app, and I guess if you're worried about security, latency may not be your highest concern. ]<p>I've put off getting an android device because of the appalling audio latency[1][2]. Given that telephony is the most demanding application as regards latency, I suspect this sadly may not sound very good, depending on the android device. Unless someone has found a cunning workaround?<p>[1] <a href="http://www.musiquetactile.fr/android-is-far-behind-ios/" rel="nofollow">http://www.musiquetactile.fr/android-is-far-behind-ios/</a>
[2] <a href="http://code.google.com/p/android/issues/detail?id=3434" rel="nofollow">http://code.google.com/p/android/issues/detail?id=3434</a>
This wiki entry has more information on it: <a href="https://guardianproject.info/wiki/Ostel" rel="nofollow">https://guardianproject.info/wiki/Ostel</a>
From my last job working on SIP and encrypted SIP I found a flaw in the PJSIP library where they were generating keys using only ASCII characters and not the full range of the unsigned byte type. I found this in a client application phone using PJSIP, informed the developers of the application; I don't know if it ever got back to the PJSIP developers. This was about 3 months ago and I don't know if this has been resolved in PJSIP, but I would be worried about SRTP key strength in this application.