Google seems to be working on an universal contact verification feature. Sadly, i couldn’t find any more information on it. Such a feature seems more than overdue in the age of impersonation…
To help you avoid sophisticated messaging threats where an attacker tries to impersonate one of your contacts, we’re working to add a contact verifying feature to Android. This new feature will allow you to verify your contacts’ public keys so you can confirm you’re communicating with the person you intend to message. We’re creating a unified system for public key verification across different apps, which you can verify through QR code scanning or number comparison. This feature will be launching next year for Android 9+ devices, with support for messaging apps including Google Messages.
This is just Google messages for now since it’s tied to RCS and google hasn’t made the standard easy to adopt . It’s simply a code verification similar to what’s implemented in messengers like Signal and Whatsapp. This makes the E2EE between Google message users more robust.
Maybe Apple messages supports it in the future. But that’s it. Once google makes RCS easy to adopt, maybe something other than Google Messages would come out.
RCS isn’t Google’s thing but they have their own encryption added to RCS. GSMA is planning on adding E2EE to their universal profile which would be very interesting, I wonder how Google would handle that.
Ah nice to see, thanks for sharing. Afaik Google was hoping that it’s version of RCS gets adopted, and successfully made Samsung (dropped their own client) and Apple (integrated it into their iMessage) adopt it too. Hopefully GSMA makes a fully open standard with no Google Dependency, because I think the current implementation requires google server for encryption keys management/exchange or something.
It did turn out to be the other way around. It’s a unified standalone android app that has nothing to do with google messages. The information from the Google blog was correct.
The Android System Key Verifier APK (com.google.android.contactkeys) is a service for contact verification on Android. It allows a user to verify a contact’s public keys to confirm they are communicating with the person they intend to message. The service is a unified system for public key verification across different apps, which uses verification through QR Code scanning or number comparison.
It doesn’t change this thread. Its the underlying service application for Google Messages. Think of it like a running daemon powering the GUI. Similar system apps are found across Google offerings like AI Core (only works on Google Android) which powers Gemini and on device AI. Its not a separate app, but an running daemon others who wish to integrate Google RCS/messages into their applications can harness. Simply installing the app would not enable you to do contact verification across apps from different developers.
It is a service distributed via a standalone app via the Google Play store. It is compatible with Android 10-15 and depends on Google Play services. It is neither providing RCS, nor is it tied to Google Messages (but will provide the contact verification feature for it in the future). Developers of other apps can also use this to verify contacts, thus it being universal.
Please read the sources accurately or provide sources for your unsubstantiated claims.
Is it just me who can’t really understand the benefit this app provides? It feels like too little, too late, given that even fully mainstream apps like WhatsApp already implement this functionality.
edit: To be clear, I’m not questioning the usefulness of contact verification as a concept but rather Google’s proprietary universal contact verification feature.
