Voice is used for person-to-person calling and personal voicemail (if available), but can also be part of an automated system. For example, Interactive Voice Response (IVR) systems might operate a hotline for reporting incidents of police corruption.
All voice communications can expose you, whether it is by simple eavesdropping by someone physically near to you or by tracking call recipients and times at the network level. Here are some risks to consider and ways to minimize these risks.
As with any conversation, you could be overheard or recorded by someone nearby.
Your conversation could be eavesdropped or recorded by an app installed on your phone without your knowledge.
Voice calls are encrypted between the handset and the cell tower. However, various sophisticated attacks are possible against mobile networks, particularly older standards (the GSM standard, still the predominant standard in the world, is more vulnerable than 3G). For example, hardware that impersonates a GSM base station is commercially available.
The details of your call (whom you called, at what time, for how long) are stored by the network even if the content is not. Unless you have taken specific precautions, you and the person you call are using phones that have been linked to you by both the IMEI number (the handset identifier) and the IMSI (the SIM card identifier).
Voicemail messages are stored by the mobile network operator and should not be considered secure, even when protected by a personal PIN.
Interactions with an Interactive Voice Response (IVR) system are only as secure as the system itself. Be sure that the organization or entity running the system is trustworthy, technically competent, and will not allow your calls to be monitored or recorded.
Any phone use reveals your location to the network operator. The stored record of your activity (calls, texts, data use) places you in a particular place at a particular time.
Use a basic phone, without apps, rather than a smartphone.
If you must use a smartphone, use an encrypted VOIP application instead of calling through the mobile network.
Buy your phone and SIM card without identifying yourself, if possible in your country, and change both regularly. Use a prepaid SIM card.
Consider making sensitive reports from public phones, or, if you feel you are recognizable, asking someone else to do it.
Delete call logs (understanding that they may be able to be retrieved even if deleted by someone with specialized knowledge and forensic tools).
Be careful how you store contacts in your address book - be aware that your phone or SIM may be stolen and call records associated with callers and receivers.
A virtual phone number such as Skype Online Numbers (“Skype In”) or Google Voice provides one level of protection by de-linking the caller and you and by allowing you not to expose your mobile number. However, using Skype In or Google Voice for calls places some trust in Skype, Google, or whichever service you choose. This might not be a good idea in some countries where these services might be compromised.