[kkielhofner]

VoLTE over IP implementations typically establish an IPSEC VPN back to the operator network, authenticated using the SIM with EAP:

https://en.wikipedia.org/wiki/Extensible_Authentication_Prot...

[machrider]

That makes sense. I'm also curious about data though. Unless they tunnel all your traffic through a VPN, you just have to hope your apps and web sites are using https correctly. (And if they did tunnel all traffic through Google servers, it would raise a different set of concerns...)