After appearing in a test earlier this year, Google is starting to roll out Verified SMS to its Messages app.
Enabled by default, the feature works as a tool for businesses registered with Google. It detects when a Google-verified company sends an SMS message to a user and can warn users about inauthentic messages. It could help reduce the effectiveness of spoofing attacks and save users from clicking on dangerous links or giving away sensitive information.
To authenticate messages, the feature uses a unique hash created based on your phone number, the business, and the content of a text. It’s created on-device, then sent to Google, which compares it against the hash generated by the verified company. If the hashes match, the message is verified authentic, and the Messages app will display information about the business, such as is logo and a ‘verified icon.’
If the codes don’t match, then Messages will tell users it can’t verify the message. It’s also worth noting if you have a poor data connection, Messages will say “Verifying sender…” until it completes the process. If you have no connection, it says, “Waiting for connection to verify sender.”
Google’s support page recommends users don’t respond to messages with private info or open any links until Messages completes the verification.
It’s also worth noting that Google can’t see the messages, and it says it doesn’t track which businesses are communicating with you.
For the moment, it appears Verified SMS is only rolling out in the U.S. It’s part of Messages beta update ‘5.3.075’ and may also be part of a server-side test, so you may not see it right away. It’s unclear if or when it’ll start rolling out in Canada.