Google has introduced two significant safety features for its Messages app, enhancing user security and privacy. Among these is the much-anticipated Android Key Verifier, now accessible to all users operating on Android 10 and above. This feature aims to safeguard against impersonators and fraudulent activities by employing QR codes to ensure that end-to-end encrypted messages are exchanged securely with the intended recipient.
How to Use the Android Key Verifier
To utilize this feature, users need to initiate a conversation via RCS (Rich Communication Services). By tapping on the contact’s name at the top of the chat, they can scroll down to find the “Verify keys” option. Both parties must follow a simple process:
- One user selects “Your QR code,” while the other taps “Scan contact’s QR code.”
- This functionality is also integrated within the Google Contacts app under “Connected apps.”
- Upon successful verification, a “Keys verified” confirmation will appear on the screen.
In instances where the contact’s key changes, users will be alerted with a “Keys no longer verified” message. Google has outlined several everyday scenarios that could lead to such changes:
- A new device or SIM card is acquired by the contact.
- The time-bound validity of the contact’s keys expires.
- An upgrade to the encryption protocol occurs.
However, it is essential to be aware of potential malicious reasons for key changes, which include:
- Man-in-the-middle attack: A scenario where a malicious entity intercepts the initial key exchange and substitutes the keys with their own.
- SIM swapping: This occurs when a malicious actor persuades a carrier to transfer a phone number to a SIM card they control, without the rightful owner’s consent.
To ensure optimal security, users should keep the Android System Key Verifier app updated, along with Google Messages and Contacts. Looking ahead, Google plans to introduce additional protective measures built on the Key Verifier framework to further shield users from scams and fraudulent activities.
In a related development, Google Messages has implemented a new feature designed to protect users from spam texts containing harmful links. This feature prevents users from accessing potentially dangerous websites unless they explicitly mark the message as “not spam.” This enhanced protection is now available worldwide.
