How certain are you that the person you’re messaging is who they say they are? You might have saved the contact of a friend, family member, or co-worker on your phone. Their name pops up in a message, so you assume it’s them. Usually, you’d be correct. However, attacks like SIM swapping and impersonation means there’s always a chance it might not be them. Thankfully, if you’re using Google Messages, Google has rolled out support for its Key Verifier tool.
Google Messages gets Key Verifier
In a recent blog post, Google has confirmed that Google Messages is getting Key Verifier support. The company first unveiled the feature back in May, but it is now available to all Android devices running Android 10 or newer.
For those unfamiliar, Key Verifier is a new security feature designed to confirm you’re actually texting the person you think you are. How does it work? The tool verifies encryption keys used in end-to-end encrypted RCS conversations. The goal is to protect users against sophisticated attacks like SIM swapping and impersonation.
Encryption keys can be quite long and complicated, which is kind of the point. However, Key Verifier simplifies this through QR codes. This is versus forcing users to compare long strings of numbers. Each user scans the other’s QR code to confirm matching encryption keys. Once verified, Google Messages displays a visual confirmation, like a checkmark, showing the encryption keys are properly matched and the conversation remains private.
The feature becomes especially important when someone’s encryption key changes. An encryption key changes when you get a new device, swap SIM cards, or update your encryption protocol. Think of it like a house. When you move into a new home, obviously the lock and key change as well.
Google Messages notifies users when keys no longer match, flagging potential security issues. This protects against man-in-the-middle attacks and SIM swap fraud, where attackers hijack phone numbers to impersonate contacts.
Google’s security update
In addition to Key Verifier, Google also announced a bunch of other security updates you might want to check out. This includes the detection of malicious links in Google Messages. According to Google, if the app suspects a message is spam, it will warn you against clicking links in the text.
There is also a new way for users to recover their Google accounts with the Recovery Contacts feature. This allows users to designate trusted friends or family members as “Recovery Contacts,” letting them verify your identity if you find yourself locked out of your Google account.
