Google has announced the rollout of Key Verifier for Android 10+ users, enhancing message security by using QR codes to confirm end-to-end encryption authenticity. This helps protect against impersonators and fraudsters in the Google Messages app.
How Key Verifier Works
Key Verifier is integrated into the Google Messages app for RCS users. To verify message security, open a conversation, tap the contact's name, and navigate to "Verify keys." Both users must follow this procedure—one by selecting "Scan contact's QR code" and the other by displaying "Your QR code." Successfully scanning will show a "Keys verified" message. If keys change, users will be notified with "Keys no longer verified."
Reasons for Key Changes
According to Google, keys may change due to a contact getting a new device or SIM, expiration of keys' validity, or upgrades to the encryption protocol. In malicious scenarios, key changes could result from man-in-the-middle attacks or SIM swapping. Google recommends keeping the Google Messages and Contacts apps updated to ensure these protections remain effective.
Additional Security Measures
Alongside Key Verifier, Google has implemented a spam link protection feature. The system now blocks potentially harmful websites linked in spam texts until the user flags the message as "not spam." This feature is available globally and is part of Google's ongoing effort to safeguard user communications against scams and fraud.
