- Google Messages will begin verifying the senders of SMS messages using a list of verified businesses.
- The messages will be accompanied by a “verified” badge, otherwise, the recipient will get a warning.
- Spam won’t stop, but at least people will get a warning when phishing actors try to scam them.
According to a report by Android Police, the Google Messages app is rolling out a new “SMS Verification” system which will be enabled by default. The idea here is to protect the user from phishing or spam messages. Sending SMS messages which contain links that lead to malicious websites is a reliable exploitation method for crooks. Moreover, we have also seen cases of “over the air” configuration messages (OMA CP) which can change the proxy address, message server, mail server, and browser homepage of the target devices. All of this can be prevented if the default Android messaging app verifies the sender, and that’s what Google has in plan.
Google will use authenticity codes to verify the SMS messages that arrive on your device. If something isn’t matching, the recipient will get an alert, notifying them about the chance of the message being a spoofing attempt. The verification codes are generated based on a unique hash that is based on the phone number, business, and message content. This hash is generated locally on the device and then sent to Google for comparison against a database of verified businesses. When the SMS comes from a legitimate and verified entity, the message will be accompanied by a “verified” logo.
For this to work as required, the recipient will have to have internet access. If they are offline, the messages won’t be verified, and so a message saying “waiting for connection to verify sender” will be displayed. Google is not recommending that you reply or click on any URL links contained in an unverified SMS message. For maximum security, you should wait to get back online before deciding to trust a sender and their intentions.
Right now, the verification feature is rolling out in the United States only, so Google is looking to hold a testing run before it pushes it globally. The beta testers who spotted the new setting confirm that it’s available on Messages beta v5.3.075, which you can grab from here if you want. Be warned though that using software that is still under active development is not a good idea if you want to stay away from functionality problems, bugs, and unstable performance. While we would love to have the ability to opt-out spam messages entirely, at least having some level of filtering and verification is certainly a step in the right direction.