Back to Blog
Tech

Progressive Voice Apps

Published on:

April 22, 2023

Instead of installing an executable, use the browser! Because browsers have their own sandbox model for each web page, this gives you far better security. In addition to controlling the file system access, browsers also control microphones and cameras; when in use, they make sure the user can see what is being accessed and when. The browser also comes with an additional “feature”: when you close the tab, you are naturally on “do-not-disturb.” This is especially important for people working from home.

Christian Stredicke

Running binary code directly on a client’s PC has long been a dangerous undertaking. The list of malware delivered in email attachments or via that free version of your favorite photo editing software that – magically! – doesn’t require a license key. A lot of people have seen the dead skull on their screen, demanding a bitcoin or two to decrypt the file system or not. Softphones are especially tricky.

What makes a VoIP client an attractive target for malware? VoIP apps typically have more permissions, which unfortunately makes them quite alluring to malware:

The VoIP client passes lots of data through the firewall – this makes it easy to download additional code and even upload data stolen from the client computer.

Because VoIP uses different ports, administrators tend to just completely whitelist the VoIP apps without further inspecting traffic.

The VoIP client typically has file system access, so files can be sent through chat. Often, users grant file system access permissions to the whole file system; this usually also includes access to network mounted files. This can be a nightmare for the IT security staff – think ransomware or just stolen data.

The VoIP client has to run continuously so incoming calls can be received – this makes it easy to initiate additional uploads after an attacker determines there is valuable content, and it makes it possible to upload files through the keep-alive traffic (undetected by the firewall).

And the software vendor isn’t necessarily the bad actor – software vendors can get hacked too, which means they can deliver malware unintentionally. All it takes is access to the build machine, which can be achieved via standard hacking, or just by having the developer who builds the software do it. This could be a simple bribe, but if you give it some thought, even government agencies can do it. If the software vendor is actively involved in writing the malware, it gets really hairy: standard scanners can’t just compare standard library signatures, they have to truly comprehend the code running in the application, which is quite a challenge; if you grant access to the file system, don’t be surprised if it does (get really hairy). It makes me wonder why there are free softphones available for download without any indication as to how they are paying their bills!

But there is a better way.

Instead of installing an executable, use the browser! Because browsers have their own sandbox model for each web page, this gives you far better security. In addition to controlling the file system access, browsers also control microphones and cameras; when in use, they make sure the user can see what is being accessed and when. The browser also comes with an additional “feature”: when you close the tab, you are naturally on “do-not-disturb.” This is especially important for people working from home.

Yes, you have to trust your browser, but you’ve trusted Edge, Safari or Firefox or Google for years already. There would certainly be a major meltdown if one of these popular browsers had a security problem that might expose the file system to a hacker group; in this case, VoIP would be the least of our concerns.

And did you know browsers give you another feature: you can actually turn a web page into an app! This is generally called Progressive Web Apps (PWA). In Edge, for example, you can create a Vodia app with a few clicks:

  • To the right of the browser there are three dots, the ellipsis button – click on these dots.
  • After a few clicks, the Apps menu item will appear and offer to install the current site as an app
  • Now, when you open the Microsoft Edge browser, click on the ellipsis button and open the installed app.

There are several options you can control with the app:

The PWA works with passkeys, so after the first login the user will automatically be logged in safely the next time the app starts.

There are only a few drawbacks with this, compared to a “native” app. Notifications are harder to deliver to the user, because of the sandbox model of the browser, and these apps won’t have menus like a native app. Controlling the taskbar isn’t easy with HTML5, but I won’t be surprised when one day (or maybe already) there will be an API for it. Access to the media subsystem today is similar to what you would expect from a native app, considering WebRTC is a first class citizen of today’s web API ecosystem.

Considering potential damage, turning a web-based soft phone into an app sounds like a possibility users should really consider; these small drawbacks are nothing compared to the damage a native app can do.

At Vodia we’re truly excited about the progress both we and the telecommunications industry continue to make. Give us a call at (617) 446-1399 or email our VP of Communications, David Porter, dp@vodia.com, and we’ll tell you all about how we are working to make peerless digital communications possible for businesses and organizations worldwide.

Latest Articles

View All
Editorial

The Vodia PBX and the OpenAI Realtime API for Healthcare

OpenAI’s Realtime API brings low-latency, multimodal voice capabilities to developers, and Vodia PBX is already harnessing its power. By enhancing IVR with backend JavaScript, Vodia enables real-time AI-driven call interactions, eliminating the need for patterns or webhooks. This integration has a significant impact on healthcare, enabling patients to book or cancel appointments, refill prescriptions, request records, and more, all without speaking to staff, and in multiple languages. This reduces wait times and frees up medical staff to focus on in-person care. With full Microsoft Teams support, the Vodia PBX and OpenAI Realtime API integration streamlines healthcare workflows, boosting efficiency and improving patient outcomes through intelligent, voice-powered automation.

April 24, 2025
Editorial

How the Hospitality Industry Can Exceed Guest Expectations

As hotels prepare for the upcoming travel season, many are rethinking their communication systems to better meet modern guest expectations. Vodia CEO Dr. Christian Stredicke explains how VoIP, AI, and app-based control are key to delivering smarter, more personalized service. Guests now expect mobile-first experiences—whether for check-in, room controls, or contacting hotel staff. Vodia’s customizable communication solutions help hotels automate tasks, streamline operations, and boost guest comfort while reducing costs. With robust security and seamless integration into existing hotel management systems, Vodia enables hotels to move beyond outdated hardware and deliver the connected, high-quality experience today’s travelers demand.

April 23, 2025
Announcement

Seatrade Cruise Global 2025: Communications Revolution Onboard - What Cruise Experts Need to Know

At Seatrade’s 40th anniversary, Vodia and Lufthansa Industry Solutions showcased the Vodia Maritime Communication Server and the new CruisR World App—purpose-built for next-generation cruise ships and cost-effective retrofits. Key themes at the event included AI-powered language translation, breakthrough satellite connectivity, UC platforms, and advanced emergency protocols. These innovations enable cruise lines to streamline operations, personalize guest experiences, and meet growing expectations for safety and connectivity. As the cruise industry evolves, Vodia’s solutions position communication teams to lead with smarter, more human-centric technology at sea.

April 23, 2025