Business Requirements Document¶

Document outlining business requirements and features for ECall iOS.

Overview¶

ECall is an end-to-end encrypted (E2EE) video/audio calling application that allows users to make secure calls with full media data encryption.

Core Features¶

1. Secure Calls¶

Purpose: Enable users to make video/audio calls with E2EE encryption.

Requirements: - ✅ Video/audio calls with WebRTC - ✅ End-to-end encryption for media data - ✅ Group calls with multiple participants - ✅ Call history tracking - ✅ Rejoin active calls (reconnect to ongoing calls)

Technical Requirements: - RSA-2048 for key exchange - AES-256-GCM for media encryption - WebRTC for real-time communication - Janus Gateway for media server

2. Contact Management¶

Purpose: Manage contacts and friends.

Requirements: - ✅ Add contacts - ✅ Friend requests - ✅ Favorite contacts - ✅ QR code scanning to add friend

Technical Requirements: - REST API for contact CRUD - QR code generation/scanning

3. User Authentication¶

Purpose: Authenticate users and manage accounts.

Requirements: - ✅ Email/phone registration/sign-in - ✅ OTP verification - ✅ Google registration/sign-in - ✅ Sign in with Apple - ✅ RSA key pair generation/import - ✅ Device registration - ✅ Multi-device support (partial)

Technical Requirements: - OTP verification flow - Google Sign-in SDK integration - Sign in with Apple (ASAuthorizationAppleIDProvider) - RSA key generation/import - Keychain storage for user data/keys

4. Encryption Key Management¶

Purpose: Manage encryption keys for E2EE.

Requirements: - ✅ RSA key pair generation - ✅ Key import/export - ✅ Recovery key generation - ✅ Secure key storage in Keychain

Technical Requirements: - RSA-2048 key generation - PEM format for keys - Keychain storage with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly - Recovery key encryption with AES

5. Multi-language Support¶

Purpose: Support multiple languages to enhance user experience.

Requirements: - ✅ 15+ languages support - ✅ Dynamic language switching - ✅ Locale-aware formatting

Supported Languages: Vietnamese, English, German, Spanish, French, Hindi, Italian, Japanese, Khmer, Korean, Portuguese, Russian, Thai, Chinese

Technical Requirements: - Localizable.xcstrings for translations - LanguageManager for language switching - Bundle caching for performance

6. Permission Management¶

Purpose: Clearly request, track, and recover permissions required for calling.

Requirements: - ✅ Pre-permission explanations for camera, microphone, notifications, and local network - ✅ Granular runtime checks per permission type - ✅ In-app status surface with a path to open iOS Settings when denied - ✅ Graceful fallback (e.g., audio-only if camera is denied) - ✅ Retry flow when permissions were previously denied

Technical Requirements: - Centralized PermissionManager to query/request permissions - iOS APIs: AVCaptureDevice (camera), AVAudioSession (microphone), UNUserNotificationCenter (notifications), local network permissions as needed - Deep link to Settings for denied states - Background/VoIP considerations for ongoing calls

User Stories¶

US-1: User Registration¶

As a new user
I want to register an account with email/phone
So that I can use the app

Acceptance Criteria: - ✅ User can enter email/phone and display name - ✅ User receives OTP code - ✅ User verifies OTP code - ✅ User generates/imports RSA keys - ✅ User completes registration

As a registered user
I want to login with email/phone/Google/Apple
So that I can access my account

Acceptance Criteria: - ✅ User can login with email/phone - ✅ User can login with Google account - ✅ User can login with Apple ID (Sign in with Apple) - ✅ User can import RSA keys if not present - ✅ User is redirected to main app

US-3: Start Call¶

As a user
I want to start a video/audio call with contact
So that I can communicate securely

Acceptance Criteria: - ✅ User can select contact from address book or callback from past calls - ✅ User can choose video or audio call - ✅ Call is initiated with E2EE encryption - ✅ User sees call UI with video/audio controls

US-4: Receive Call¶

As a user
I want to receive incoming calls
So that I can answer and communicate

Acceptance Criteria: - ✅ User receives call notification (CallKit) - ✅ User can answer or reject call - ✅ Call is decrypted with E2EE - ✅ User sees call UI

US-7: Rejoin Call¶

As a user
I want to rejoin an active call I was previously part of
So that I can reconnect after disconnection or app restart

Acceptance Criteria: - ✅ User can see active calls in call history - ✅ User can request to rejoin an active call - ✅ System encrypts AES key for rejoining user - ✅ User receives encrypted AES key via STOMP signaling - ✅ User successfully rejoins call with E2EE encryption - ✅ User can see all participants and media streams

US-8: Manage Permissions¶

As a user
I want to understand and manage app permissions for calling
So that I can enable what’s needed and stay in control

Acceptance Criteria: - ✅ App explains why camera/microphone/notification/local network are needed before prompting - ✅ Current permission status is visible in Settings - ✅ If denied, app provides a retry flow or deep link to iOS Settings - ✅ Call flow degrades gracefully (audio-only if camera denied, warnings for mic/notification)

US-5: Add Contact¶

As a user
I want to add contacts
So that I can call them

Acceptance Criteria: - ✅ User can search contacts by universal link - ✅ User can scan QR code to add friend - ✅ User can send friend request - ✅ User can accept/decline/cancel friend requests

US-6: View Call History¶

As a user
I want to view call history
So that I can see past calls

Acceptance Criteria: - ✅ User can view call list (missed, outgoing, incoming) - ✅ User can callback. With group (incoming) - ✅ User can delete call records - ✅ User can join active calls (incoming) - ✅ User can rejoin active calls they were previously part of

Non-Functional Requirements¶

Performance¶

Call Quality: High-quality audio/video with adaptive bitrate
Connection Time: < 5 seconds to establish call
App Startup: < 3 seconds to load main screen

Security¶

E2EE: End-to-end encryption for all media data
Key Storage: Private keys in Keychain
Token Management: Secure token storage and refresh
Certificate Pinning: Recommended for production

Reliability¶

Uptime: 99.9% availability
Call Drop Rate: < 1%
Reconnection: Auto-reconnect on network issues

Usability¶

UI/UX: Intuitive interface with native iOS patterns
Accessibility: Support VoiceOver and accessibility features
Multi-language: 15+ languages support

Compatibility¶

iOS Version: iOS 16.6+
Devices: iPhone and iPad
Network: WiFi and Cellular

Business Rules¶

BR-1: Call Encryption¶

All calls must be encrypted with E2EE
AES key is exchanged with RSA encryption
Server cannot decrypt media data

BR-2: Key Management¶

Each user has unique RSA key pair
Private key is never sent to server
Keys are stored in Keychain

BR-3: Multi-device Support¶

User can login account on multiple devices
Each device has unique device ID
Server returns encryptedAESKey per corresponding device to synchronize AES key decryption

BR-4: Call History¶

Call history is stored on server
User can view call history on all devices
Call history can be deleted

BR-5: Contact Management¶

Contacts are stored on server
User can add/remove contacts
Friend requests require acceptance

Future Enhancements¶

Priority: Medium
Description: Allow users to share screen during calls

Requirements: - Screen capture with ReplayKit - E2EE encryption for screen data - UI controls for screen sharing

FE-2: Call Recording¶

Priority: Low
Description: Allow users to record calls (with consent)

Requirements: - Consent mechanism - Encrypted storage - Playback functionality

FE-3: Call Transfer¶

Priority: Low
Description: Transfer calls between devices

Requirements: - Device selection UI - Call state transfer - Seamless handoff

FE-4: Advanced Call Features¶

Priority: Low
Description: Call waiting, hold, mute, etc.

Requirements: - Call waiting UI - Hold functionality - Mute/unmute controls

FE-5: Analytics¶

Priority: Medium
Description: Track user behavior and call quality

Requirements: - Privacy-compliant analytics - Call quality metrics - User engagement tracking

Constraints¶

Technical Constraints¶

iOS Version: Minimum iOS 16.6
WebRTC: Custom fork from techhubcloud
Dependencies: CocoaPods for WebRTC

Business Constraints¶

Privacy: E2EE encryption required
Compliance: GDPR, privacy regulations
Server Costs: TURN server costs

Security Constraints¶

Key Storage: Keys only in Keychain
No Server-side Keys: Server cannot decrypt media
Certificate Validation: SSL certificate validation

Success Metrics¶

User Engagement¶

Daily active users (DAU)
Call frequency per user
Average call duration
Call completion rate

Technical Metrics¶

Call connection success rate
Call drop rate
Network latency
Audio/video quality metrics

Business Metrics¶

User registration rate
User retention rate
Feature adoption rate
Support ticket volume

Glossary¶

Terms¶

E2EE: End-to-end encryption
RSA: Rivest-Shamir-Adleman encryption algorithm
AES: Advanced Encryption Standard
WebRTC: Web Real-Time Communication
Janus: Janus WebRTC Gateway
STOMP: Simple Text Oriented Messaging Protocol
TURN: Traversal Using Relays around NAT
STUN: Session Traversal Utilities for NAT

Acronyms¶

OTP: One-Time Password
API: Application Programming Interface
UI: User Interface
UX: User Experience
CRUD: Create, Read, Update, Delete