Google Messages Introduces QR Code-Based Key Verification for End-to-End Encryption

Google Messages is rolling out QR code-based key verification to confirm sender identity in RCS messages. The feature is available in the latest beta version and will be available on Android 9+ devices in 2025. Users can access the verification by tapping on the Details page in Google Messages and selecting "Verify keys for this contact."

Google Messages is rolling out a significant update to its RCS (Rich Communication Services) messaging platform, introducing QR code-based key verification to confirm sender identity. This feature is now available in the latest beta version and will be rolled out to Android 9+ devices by 2025. Users can access the verification by tapping on the Details page in Google Messages and selecting "Verify keys for this contact."

The new QR code-based key verification aims to enhance security by providing a more robust method of confirming the identity of senders. This is particularly important in an era where SMS-based MFA (Multi-Factor Authentication) is increasingly being recognized as vulnerable to interception and fraud [1].

According to Decypher Technologies, SMS-based MFA is no longer considered a reliable security measure. The FBI and CISA have explicitly advised against using SMS for MFA due to its vulnerability to interception and lack of phishing resistance. This recommendation has been echoed by major tech companies like Google and Microsoft, which are moving towards more secure authentication methods [1].

Google’s latest update to Google Messages aligns with this trend by introducing a more secure way to verify senders. Users can now tap on a QR code to confirm the identity of the sender, adding an extra layer of security to RCS messages. This feature is particularly beneficial for financial transactions, operations, and communications, where secure authentication is crucial.

While RCS offers several security advantages over traditional SMS, it is not yet fully end-to-end encrypted for business messaging (A2P). However, Google is actively working with telecom operators and the GSMA to extend end-to-end encryption to business messaging in future updates [2].

Infobip, a leading provider of RCS messaging solutions, ensures secure delivery and verified senders for businesses. Their platform adheres to global compliance standards and provides fallback channels like WhatsApp and secure SMS for non-RCS users, ensuring messages are protected [2].

The introduction of QR code-based key verification in Google Messages is a step forward in enhancing RCS security and is likely to be adopted by other messaging platforms in the future. This update underscores the importance of adopting more secure authentication methods as we move towards a more digital and interconnected world.

References:
[1] Why SMS MFA Isn’t Cutting It Anymore. (n.d.). Retrieved from https://www.linkedin.com/pulse/why-sms-mfa-longer-cuts-2025-decypher-technologies-inc--fdpac
[2] Explore How RCS Messaging Secures Business Communications. (n.d.). Retrieved from https://www.infobip.com/blog/rcs-encryption