Google's Messages app gains a new ability to protect against phishing
SMS apps appear to have become magnets for promotional missives from every business with your number, especially around holidays such as Thanksgiving or Christmas. Furthermore, the ability to reach and even chat with firms to solve issues and queries via text is becoming more and more a user reality these days. However, this does make such channels of communication potentially susceptible to many forms of abuse, spam and phishing included.
Google has announced a new initiative that may help manage these risks. It is known as Verified SMS, a program to which businesses may sign up in order to gain Verified status. This enables them to send messages to users with profiles that include a corresponding icon. This may confer increased authenticity on the corporate accounts in question, thus helping the user decide whether to engage with them or not.
Google also clears the actual messages sent by the same organisation. This involves their on-device (or "private") conversion into what the Mountain View company calls "unreadable authenticity codes" (or, in other words, message hashes or HMACs). They are then compared against "public" codes submitted in accordance with the Verified SMS program.
Should the two match, they are then displayed to the user as genuine and safe for response. Verified SMS will appear as a new setting in the Google Messages app version 5.3.075. It enacts several new features when activated, including notifications when messages have been verified or not.
Google asserts that the "coded" messages sent by users are not read by its staff, and that they can't be decrypted without access to keys held by both the business and the device in question.