Google seems to be working on an universal contact verification feature. Sadly, i couldn’t find any more information on it. Such a feature seems more than overdue in the age of impersonation…
To help you avoid sophisticated messaging threats where an attacker tries to impersonate one of your contacts, we’re working to add a contact verifying feature to Android. This new feature will allow you to verify your contacts’ public keys so you can confirm you’re communicating with the person you intend to message. We’re creating a unified system for public key verification across different apps, which you can verify through QR code scanning or number comparison. This feature will be launching next year for Android 9+ devices, with support for messaging apps including Google Messages.
This is just Google messages for now since it’s tied to RCS and google hasn’t made the standard easy to adopt . It’s simply a code verification similar to what’s implemented in messengers like Signal and Whatsapp. This makes the E2EE between Google message users more robust.
Maybe Apple messages supports it in the future. But that’s it. Once google makes RCS easy to adopt, maybe something other than Google Messages would come out.
RCS isn’t Google’s thing but they have their own encryption added to RCS. GSMA is planning on adding E2EE to their universal profile which would be very interesting, I wonder how Google would handle that.
Ah nice to see, thanks for sharing. Afaik Google was hoping that it’s version of RCS gets adopted, and successfully made Samsung (dropped their own client) and Apple (integrated it into their iMessage) adopt it too. Hopefully GSMA makes a fully open standard with no Google Dependency, because I think the current implementation requires google server for encryption keys management/exchange or something.
