Google is experimenting with a new way for Android users to confirm the identity of people they message. The company has started testing QR code–based verification in its ‘Google Messages’ app, initially through the beta channel, reports 9to5Google. This feature builds on the end-to-end encryption framework already in place for Rich Communication Services (RCS), the standard Google is promoting as the modern replacement for SMS.
Currently, if users wanted to confirm that they were really talking to the right person, they had to compare a long security code that could stretch up to 80 digits. That process was accurate but far too inconvenient for most people, so it was rarely used. But now with the new feature, the app makes it much easier as users can open a conversation, go to the contact details, tap ‘Verify encryption’, and then either scan their contact’s QR code or show their own code to be scanned. If the scan is successful, both sides get confirmation that their keys match and the chat is secure.
According to the report, Google has not removed the old method, and the long numeric codes are still available for those who want them. However, the QR option is being positioned as the default. For now, the feature is only available to beta users. The Sundar Pichai-led company is testing it and collecting feedback before expanding it to all Android devices on version 9 or newer. While a full release date has not been announced, it is expected to roll out later this year.
This latest move becomes significant because encryption on its own protects the content of messages, but it does not automatically prove that the person on the other end is really who they claim to be. Without verification, there is always the possibility of an attacker intercepting or pretending to be someone else in what is known as a ‘man-in-the-middle’ attack.
Notably, over the past few years, the company has been phasing out SMS-based security codes for its accounts because those messages can be intercepted, redirected, or exploited through scams like SIM swapping. Instead, the firm has been moving toward safer approaches like in-app prompts, passkeys, and QR codes, which tie authentication directly to a device rather than a vulnerable phone number. Earlier this year, the company also introduced an AI-powered scam detection feature in Android 15. It works within the Google Messages app to scan SMS, MMS, and RCS messages in real time and flag suspicious ones.
