- 1:1 and group video calling: The classic Duo end-to-end encrypted experience that involves ringing a number or group directly.
- Meetings: The ability to create or join a cloud-encrypted Google Meet meeting with a link when youâre ready. Meet meetings happen in the Duo app.
Available features and encryption methods are different between video calling and meetings.
- Only people in a call or meeting know whatâs said or shown.
- Google canât view, hear, or save audio or video from your call or meeting.
- For 1:1 and group video calling: End-to-end encryption is used to mask data with a code that only you and the other callers can access.
- For Meet meetings in the Duo app: Cloud encryption is used to encrypt your meeting data in transit and stored information in Google's data centers instead of end-to-end encryption.
- Is a standard security method that protects communications data
- Is on by default and canât be turned off
- Only lets people in a call know whatâs said or shown
- Doesnât allow Google to view, hear, or save the audio and video from your call
- Masks the call data with a code that requires a key to decode
Cloud encryption for meetings:
- By default, meeting data in the Duo app is encrypted in transit between the client and Google data centers for any video meetings taking place in Google Duo or Google Meet.
- By default, meeting recordings enabled by a meeting participant are stored in Google Drive and encrypted.
- Meeting encryption adheres to:
- Internet Engineering Task Force security standards for Datagram Transport Layer Security (DTLS)
- Secure Real-time Transport Protocol (SRTP)
Shared secret keys stay on the callersâ devices
Your device decrypts your callâs audio and video with a shared secret key. This key is created on your device and your contactâs device and is deleted after the call ends. Itâs not shared with any server.
Whatâs needed for a shared key
To calculate the shared key, each device needs:
- A private key, which is saved only on your device
- A public key, which is saved on Duoâs servers
The first time you set up Duo, your device creates several private/public key pairs. This way, youâre ready for several end-to-end encrypted calls.
How shared secret keys are created
- The devices exchange their public keys but donât reveal their private keys.
- Next, each device uses its private key and the public key from the other device to calculate the shared secret key. They use a mathematical process called cryptography.
Google servers canât decode your call
When you call someone else on Duo, your callâs audio and video typically go directly from your device to their device. This connection is called peer-to-peer. The call doesnât go through a Google server.
However, sometimes a peer-to-peer connection isn't available, like if a network setting blocks it. In this case, a Google relay server passes a callâs audio and video between your device and the device you called. The server canât decode your call because it doesnât have the shared secret key.
Group calls stay private on the server
Group calls are also end-to-end encrypted. To make sure group calls are high-quality, they go through a Google server.
That server routes everyoneâs call audio and video to others in the group. To route calls, the server uses info about your call, like which device the video is from. The server doesn't have access to the end-to-end keys and can't decrypt the media.
Group calls use multiple keys
To be part of a call that goes through a server, each group memberâs device automatically uses:
- A sender key to encrypt the callâs audio and video. When someone starts a group call, each device exchanges this key with the other devices.
- A client-to-server key to encrypt info about the call. Each device exchanges this key with the server.
What the keys do
The keys work to:
- Encrypt your callâs audio and video so that only other people in the group can hear and see it.
- Decode the audio, video, and info from other people in the group call.
Keys can change during group calls
Everyoneâs devices exchange new sender keys if either:
- Someone leaves a group
- A person who wasnât part of the group gets added to it during the call
If a person in the group doesnât immediately join the group call, their device can still use everyoneâs sender keys. This way, that person can join the call anytime while itâs live.
When the group call ends, the keys are deleted.