Jānis Blaus
Jānis Blaus
14 November, 2018

WebRTC video call system development

Long gone the days when we needed to rely on bulky software's and cumbersome browser extensions to achieve anything close to a real-time conversation. Many of us, who used the internet for enterprise communications before 2010, is well aware of the redundancy and complications bundled with large plug-ins aimed at delivering live communications. The internet has since evolved and replaced those complex mechanisms with WebRTC to offer a much more pragmatic approach to RTC or Real Time Communications. In this article, we're going to discuss the fundamental concepts of WebRTC and outline proven methods for developing a modern, user-first video call system.

An Introduction to WebRTC

So, you might be asking yourself what's with all these fusses about WebRTC? Fundamentally, WebRTC, short for Web Real-Time Communication can be thought of as a framework for real-time communications. Through real-time communication, we mean a conversation between two clients without any delay. WebRTC based communications have very low latency and provide the mechanism for continuous communication without the need for any external resources. It has become the de-facto communications method used by all of our favorite audio/video communication apps including facebook messenger, Skype, Viber, and google hangouts. Most modern browsers like the google chrome, Mozilla Firefox, and safari come pre-occupied with WebRTC.

How Did We Deliver RTC before WebRTC?

As we've discussed already, WebRTC is a relatively new addition to the internet technology. So, how did we achieve real-time communications before its emergence? Many of you might be familiar with Flash. It's a proprietary ERP solution from the software giant Adobe. It was the de-facto solution for achieving real-time communications before WebRTC. Flash is a complex and very powerful plug-in that works with your browsers and provide somewhat real-time communication. It can be used to deliver audio/video communications, playing online games and integrated with enterprise software for added functionalities. The primary problem with Flash is its massively complicated code base, which poses a lot of complexities and redundancy in terms of providing natural real-time communication. The large size of Flash made it very unpopular with users who often found their system hanged due to an application utilizing flash. It was also quite impossible to run a flash application in mobile phones. Flash is also abused by ads, which hampers the user experience. It poses pop-up video ads that can't be closed; you need to either watch the ad or run it in backgrounds. Users found this experience very much obscured. Applications that use flash are very resource heavy, which contributes to the fast draining of battery life. Flash is one of the most preferred methods of cybercriminals to gain unauthorized access to systems. Due to its complex code base, it poses many vulnerabilities that malicious users can take advantage of.  Some of the most harmful zero-day vulnerabilities have targeted flash, including the infamous CVE-2018-4878, which was used by the Korean group 123 to compromise thousands of systems worldwide.

Replacement of Flash by WebRTC

Although it's not been long WebRTC came onto the scene, it is revolutionizing the real-time communication since. WebRTC has become the go-to solution for providing advanced RTC services, thanks to its dynamic operation and resource-friendly infrastructure. WebRTC is free from all those redundancies equipped with flash based applications. Developers can easily integrate this technology with existing enterprise solutions. As it is independent of servers, WebRTC needs far fewer resources than flash, which makes it employable to even the lightest platforms. Moreover, flash is coded in flex, an antiquated programming language which is not a familiar option to most web developers. The multimedia quality is considered inferior due to underlying feedback problems. The network is non-adjustable and often lags during continuous operation. On the other hand, WebRTC has been developed using JavaScript, the de-facto language for web programming. Thanks to the introduction of latest JS runtimes such as node.js, it has been enjoying massive popularity in every aspect of web programming, both frontend, and backend. More developers are embracing JS every day due to its ability to handle concurrent connections and blazing fast response.

How WebRTC works?

WebRTC allows multimedia communications like audio/video conversations by incorporating a peer-to-peer network. This eliminates the dependency on servers. Both web and mobile applications can stream audio/video components without downloading any additional plug-ins. In order to allow a peer-to-peer network, both peers need to establish their public-facing IP address. WebRTC then creates dynamic signaling data channels to detect peers and agree on the communication. A session is created which tracks the operations of both peers. Once connected to the unique channel, both peers are able to share data with each other. In case of a failed connection due to firewalls or NAT techs, a relay server is created to act as an intermediary. WebRTC is bundled with several API's to provide a convenient setup and smooth operation. Notable API's include RTCPeerConnection(), which sets up the P2P connection; RTCDataChannel(), to share P2P data; and getUserMedia(), which allows access to camera or microphones.

Potential Applications for WebRTC

As you might've guessed already, applications dealing with real-time communications bring the perfect use-case for the WebRTC framework. WebRTC has been established as the building block for almost every modern-day chat applications. P2P file sharing is another great use of this remarkable innovation. WebRTC is used heavily by tooling vendors, who target developers in need of a PBX or SIP server. It has established itself as an inseparable part of the video conferencing ecosystem. Telecommunication carriers are utilizing this framework for various not-so-obvious approaches. Customer supports and services is another area that holds WebRTC as a valued component. Amazon's new Mayday video support system utilizes this groundbreaking technology to ensure maximum support for their customers. Telehealth and online marketplaces are also using WebRTC to deliver varying services. The sky-high popularity enjoyed by the WebRTC framework is primarily due to the convenience they offer for building top-notch video call systems. –Tweet this

Developing Video Call Systems with WebRTC

Numerous open source libraries and codebases are built on top of the original WebRTC framework, in order to make the development of such applications even more manageable. Today, you can find a basic video call system written in 20 lines of javascript code on the internet pretty easily. However, these are only minimal applications and can be thought of like the tip of an iceberg. Developing an enterprise-level video call system can get much more complicated than you can imagine. Different companies need different services integrated into their video chat service.  So, each system is unique and needs to be approached differently. Every video chat system built with WebRTC takes certain common approach. For example, each WebRTC application first needs to establish a P2P connection. In order to develop such a link, the software requires the metadata from each peer. An independent approach known as signaling is used to get this metadata. It's not built into the WebRTC API in order to avoid redundancy and maximizing compatibility with established ecosystems. This signaling method would utilize the SIP or Session Initiation Protocol over Websockets and allow the exchange of metadata required for connecting two individual clients. After the P2P connection has been utilized, the WebRTC would create a session and establish data channels between peers. These channels will allow the exchange of information or data between the peers. After the connection and the channels have been established, the system would be ready for delivering video calls. An API built into the WebRTC framework is used to get access to the camera and microphone. The stream can now be started. Although WebRTC doesn’t require servers theoretically, in the real world it’ll be highly likely that your system sits behind a NAT(Network Address Translation) system and have some sort of firewalls turned on. In this case, the WebRTC endpoints will not be able to connect directly with each other. So, here comes the ICE(Interactive Connectivity Establishment) framework, it helps the WebRTC endpoints to find the best pathways for a connection between peers. Initially, ICE will try to connect the peers using the host address procured from the host’s OS and network card. This would fail if the device sits behind a NAT system. In such scenarios, a STUN server will be used to obtain the external network address of the host. If this fails too, the traffic will be relayed by using a TURN server. A TURN server is basically a STUN server with the capability to relay traffic. We, at Netcore, specialize in building video call systems with different specifications, as required by our clients. We aim at enabling our clients an improved user experience, blended with the latest technologies. Ensuring a high rate of productivity, when building such systems is our topmost priority. Depending on the requirement of our clients, we usually recommend one of two ways to implement a high-performing video call system based on WebRTC. We can build video chat applications by either relying on a 3rd party Communications Platform-as-a-Service(CPaaS) or creating a custom infrastructure from scratch. Video conferencing systems built using a CPaaS would need far less time for production and will come at a relatively low development cost. Whereas, developing a custom video call system on top of a standalone infrastructure will cost much more. Utilizing a CPaaS can be useful if you need a fast production with a tight budget and want to reduce the burdens associated with maintenance. On the other hand, a tailor-made video call system would ensure a flexible system with full control over the operation. It'll also reduce costs associated with the process. You should consider the requirements of your company thoroughly before deciding on a specific type of video call system. WebRTC based video chats can be integrated with already existing systems. Consult our team to get an expert opinion regarding this matter.


As with any ERP software, security is an integral part of a video call system developed with WebRTC. Real-time applications can be compromised in several ways. We're highlighting some of the scenarios where your application is prone to security vulnerabilities-

  • If the data or media is not encrypted, malicious attackers can intercept these data en-route
  • Applications might record your sensitive information and distribute them for financial gains
  • Malware's can be installed alongside a legitimate application
WebRTC has several mechanisms bundled with it for removing these threats and ensuring a secure connection.
  • Secure protocols like DTLS and SRTP are used in WebRTC implementations
  • All WebRTC components use mandatory encryption to thwart off data theft
  • You do not need to install or update WebRTC separately. It comes pre-packaged with the browser and uses sandboxes to run the processes
  • All WebRTC instances require explicit permission before using camera or microphones. The instances allow users to be aware of their operations.

WebRTC gives specific attention to security details. So, you can use services based on this technology without excess tension. However, as any type of applications in the hands of customers can be exploited at some point, proper security measurements should be taken to ensure a safe and steady service.

Potential Threats

Despite being extra sensitive to security details, WebRTC too can become vulnerable to exploits related to malformed networks and browser defects. Expert cybercriminals can leverage advanced techniques to compromise your video conference system built using WebRTC. Some of the potential threats that may pose harm to an enterprise level WebRTC services are outlined below.

  1. JavaScript Injection
While classic XSS attacks are easily thwarted with input validation by the server, WebRTC applications are often employed to operate without a server. This leaves the chance of an attacker inputting malicious codes embedded within a message. It can also be used for transferring malware executable to a client’s system.
  1. Leveraging WebRTC to Obtain Personal Data

If a user visits a malicious website while WebRTC is enabled, that site could activate WebRTC abilities via JavaScript and gain unauthorized access to the user’s webcam and microphone. This may further open doors to identity theft.

Current Status of WebRTC

Currently, WebRTC is in its the early mainstream users face. It has an estimated total of 1bn users worldwide. Standardization has been taking place for some time.

Future of Video Call Systems Incorporating WebRTC

WebRTC is undoubtedly going to remain as the go-to solution for video calls or conference systems in the upcoming years. As of now, it has no considerable competitors that can take its place. Also, with the standardization process being almost complete, it can be assumed that both of its popularity and usage is going to rise. Promoted by internet giants such as Google and Mozilla, WebRTC is not going to lose its traction. According to our experts, in future, it'll be hard to notice any P2P application which does not utilize this technology.

Final Words

WebRTC is an amazing and powerful technology that has been revolutionizing the real-time applications since its inception seven years earlier. It is enjoying widespread popularity and implementation, thanks to its high-tech features with a low resource dependency. Video call systems are the most employed application using this technology. WebRTC is defining the way we'll use P2P applications like audio and video streaming in the near future. If you're looking for an ERP solution with video conference facilities, WebRTC is the go-to solution for your company.

Latest from the Netcore hub

Guides, research, opinions and sometimes just some crazy tech rumbling.
Explore, comment and join the dicussions.