Introducing ShizuCallRecorder, an Android 11-16 application that uses the shell app (ADB through Shizuku), to record phone calls on non-rooted devices. FOSS, privacy-friendly, and it does not always run in the background. Simple as that.

Before saying anything else, Android 11 support is limited.

Features:

• Records both sides of phone calls (incoming and outgoing)
  • Should work even when using Bluetooth or a remote headset
• Security toggles to manage Shizuku on/off state
  • An attempt to reduce the potential attack surface introduced by Shizuku
  • Helps with apps that detect / yells at you when USB Debugging or Shizuku is enabled
  • (You need thedjchi Shizuku fork, recommend in requirements in the README.md)
• Automatic call recording option with basic exclusion rules:
  • Ignore anonymous calls
  • Ignore specific contacts
  • Ignore all contacts
• Saves recordings with Opus or AAC codec.
• The app runs only on phone event changes, no persistent background process and notifications

This is a tool, use it responsibly, and follow the law. Read the app disclaimer, it's a one time thing, don't skip it.

Focus on phone carriers call, not third-party calling apps.

GitHub: https://github.com/kitsumed/ShizuCallRecorder

If you are an Android dev or if you know more about Android internal API / hiddenapi, take a look at the CONTRIBUTING file. I have a few issues I would like assistance with, any kind of feedback, online resources, or even PoCs are welcome.

This app is not an first time easy install and forget. You have some configuration to do, though it is relatively small. However, if you have never used Shizuku, it will take longer. Please follow the documentation carefully. There is reading to do. I highly recommend that you do read, both for the sake of it working and for the sake of keeping your device safe.

The project is licensed under GPLv3, with additional terms under Section 7. The goal of the additional terms is to prevent the app from being published to app stores under the name ShizuCallRecorder, and to stop anyone else from distributing it as the official app. In a nutshell, it cover trademark protection, giving credit to me and the project in forks, etc. But anyone is free to fork it.

I care a lot about security and transparency. I enabled immutable GitHub releases, assets of a release cannot be swapped once a release is published. Releases are built using GitHub Actions Runners, they clone the repository code directly, build the app, and the apk files are attested so that all users can detect if something else happened between the build process and the release publication (gray-area). This reduces the attack vector, but does not fully eliminate it (the code itself, the runner getting compromised, dependencies, etc.).

I'm looking for user feedback. If you try out the app, please tell me the following:

• Device model
• Android Version
• Did it work with the screen unlocked?
• Did it work when the screen was locked?

I want to see if there's any specific device, OEM or Android limitations. I didn't extensively test it across devices outside of the Android emulator and my Samsung Android 16 test phone, but it SHOULD work.

"It works on my machine"

More rambling below, not important :

For a couple of years now, I have been looking for a call recording app. I think there are multiple reasons why one would want to record phone calls, such as remembering things, or even using it as proof for any kind of scenario.

However, the Android project seems to think differently. Ever since the release of Android 4.4 KitKat (API 19), native 3rd-party phone call recording apps have been killed by restricting the CAPTURE_AUDIO_OUTPUT permission to signed and system apps for valid privacy reasons. However, to this day (API 37), no real, intended direct alternative has been added. Yet, multiple developers have asked about this on the Google Issue Tracker and other websites.

Meanwhile, "system" proprietary apps like the Google Dialer and OEMs apps sometimes use that restricted permission, and some do offer the recording feature. However, they often choose not to offer it to most users (even if legal in the user country), or they add their own proprietary rules on top of it. That is, of course, without mentioning that their apps are often privacy invasive.

On the other side, to work around theses new limitations, there are a couple of closed-source proprietary call recording apps on the play store and other online stores that use workaround ways like the speaker trick and accessibility services (see this short Bitdefender article on accessibility service security risks, I had found a really cool in depth article with all of the way it could be abused but can't find it anymore 😞 ).

I will not name any app nor say that they are 100% malicious as I did not dig deep, but I will say this: When I was looking at applications and checked them, some had unrelated invasive permissions related to the GPS and/or the phone sensors. Other apps would sometimes start pinging some remote config endpoint at recurrent intervals. All of these apps used accessibility services. Considering that these apps run permanently in the background and can see everything on your screen, this isn't really something I was personally comfortable with.

When I started this project, I noticed in the following weeks that a couple of existing closed-source call recording apps slowly added Shizuku support. Would I give ADB-level access to a closed-source app from an unknown developer? Personally, I would not feel comfortable doing so. I'm not looking to discredit their work and it's nice that they keep improving their apps, I'm just saying it's a risk I wouldn't take.

With that in mind, I recently discovered Shizuku and did a deep dive into how it works in my blog post, What is Shizuku, how does it work, and its security implications. This is when I had an idea: what if we could use the shell application permission, a signed system application, to use permissions you normally do not have access to? I searched online, found other issues online talking about it, and decided that if no one would make it (a FOSS app), I would give it a try myself. Now we are here, with a working app (I hope so). The more in-depth story is in the CONTRIBUTING file. I also want to point out that I had never done any real Android development prior to this app. Doing this as a first project was a little bit insane, but we'll see what happens.

Introducing ShizuCallRecorder, an Android 11-16 application that uses the shell app (ADB through Shizuku), to record phone calls on non-rooted devices. FOSS, privacy-friendly, and it does not always run in the background. Simple as that.

Before saying anything else, Android 11 support is limited.

Features:

• Records both sides of phone calls (incoming and outgoing)
  • Should work even when using Bluetooth or a remote headset
• Security toggles to manage Shizuku on/off state
  • An attempt to reduce the potential attack surface introduced by Shizuku
  • Helps with apps that detect / yells at you when USB Debugging or Shizuku is enabled
  • (You need thedjchi Shizuku fork, recommend in requirements in the README.md)
• Automatic call recording option with basic exclusion rules:
  • Ignore anonymous calls
  • Ignore specific contacts
  • Ignore all contacts
• Saves recordings with Opus or AAC codec.
• The app runs only on phone event changes, no persistent background process and notifications

This is a tool, use it responsibly, and follow the law. Read the app disclaimer, it's a one time thing, don't skip it.

GitHub: https://github.com/kitsumed/ShizuCallRecorder

EDIT: If you like the project, please star the repo!

EDIT 2026-05-19: You can help translating the project in your language https://hosted.weblate.org/engage/shizucallrecorder/

If you are an Android dev or if you know more about Android internal API / hiddenapi, take a look at the CONTRIBUTING file. I have a few issues I would like assistance with, any kind of feedback, online resources, or even PoCs are welcome.

This app is not an first time easy install and forget. You have some configuration to do, though it is relatively small. However, if you have never used Shizuku, it will take longer. Please follow the documentation carefully. There is reading to do. I highly recommend that you do read, both for the sake of it working and for the sake of keeping your device safe.

The project is licensed under GPLv3, with additional terms under Section 7. The goal of the additional terms is to prevent the app from being published to app stores under the name ShizuCallRecorder, and to stop anyone else from distributing it as the official app. In a nutshell, it cover trademark protection, giving credit to me and the project in forks, etc. But anyone is free to fork it.

I care a lot about security and transparency. I enabled immutable GitHub releases, assets of a release cannot be swapped once a release is published. Releases are built using GitHub Actions Runners, they clone the repository code directly, build the app, and the apk files are attested so that all users can detect if something else happened between the build process and the release publication (gray-area). This reduces the attack vector, but does not fully eliminate it (the code itself, the runner getting compromised, dependencies, etc.).

I'm looking for user feedback. If you try out the app, please tell me the following:

• Device model
• Android Version
• Did it work with the screen unlocked?
• Did it work when the screen was locked?

I want to see if there's any specific device, OEM or Android limitations. I didn't extensively test it across devices outside of the Android emulator and my Samsung Android 16 test phone, but it SHOULD work.

"It works on my machine"

EDIT 2026-05-18: Hey, it seems to work on other users machine! 🎉

More rambling below, not important :

For a couple of years now, I have been looking for a call recording app. I think there are multiple reasons why one would want to record phone calls, such as remembering things, or even using it as proof for any kind of scenario.

However, the Android project seems to think differently. Ever since the release of Android 4.4 KitKat (API 19), native 3rd-party phone call recording apps have been killed by restricting the CAPTURE_AUDIO_OUTPUT permission to signed and system apps for valid privacy reasons. However, to this day (API 37), no real, intended direct alternative has been added. Yet, multiple developers have asked about this on the Google Issue Tracker and other websites.

Meanwhile, "system" proprietary apps like the Google Dialer and OEMs apps sometimes use that restricted permission, and some do offer the recording feature. However, they often choose not to offer it to most users (even if legal in the user country), or they add their own proprietary rules on top of it. That is, of course, without mentioning that their apps are often privacy invasive.

On the other side, to work around theses new limitations, there are a couple of closed-source proprietary call recording apps on the play store and other online stores that use workaround ways like the speaker trick and accessibility services (see this short Bitdefender article on accessibility service security risks, I had found a really cool in depth article with all of the way it could be abused but can't find it anymore 😞 ).

I will not name any app nor say that they are 100% malicious as I did not dig deep, but I will say this: When I was looking at applications and checked them, some had unrelated invasive permissions related to the GPS and/or the phone sensors. Other apps would sometimes start pinging some remote config endpoint at recurrent intervals. All of these apps used accessibility services. Considering that these apps run permanently in the background and can see everything on your screen, this isn't really something I was personally comfortable with.

When I started this project, I noticed in the following weeks that a couple of existing closed-source call recording apps slowly added Shizuku support. Would I give ADB-level access to a closed-source app from an unknown developer? Personally, I would not feel comfortable doing so. I'm not looking to discredit their work and it's nice that they keep improving their apps, I'm just saying it's a risk I wouldn't take.

With that in mind, I recently discovered Shizuku and did a deep dive into how it works in my blog post, What is Shizuku, how does it work, and its security implications. This is when I had an idea: what if we could use the shell application permission, a signed system application, to use permissions you normally do not have access to? I searched online, found other issues online talking about it, and decided that if no one would make it (a FOSS app), I would give it a try myself. Now we are here, with a working app (I hope so). The more in-depth story is in the CONTRIBUTING file. I also want to point out that I had never done any real Android development prior to this app. Doing this as a first project was a little bit insane, but we'll see what happens.