With spam calls and messages still a big problem, especially in the U.S., carriers and OEMs, are doing their best to help out their users. Previously, some folks saw that Google’s Messages app was preparing for something called Verified SMS but how it actually worked was a mystery. It looks like we’re finally getting an idea as it has started rolling out to some users of the beta version of the app in the U.S. However, the verification process only seems to work with businesses that are registered with Google.
According to Android Police, when you receive an SMS from a verified business, Google uses some authenticity codes to verify that you won’t be receiving anything that has a malicious link or is attempting to phish some personal information from you. It creates a unique hash that is based on your mobile number, the business, and the content of the SMS. This hash is created on your device and then sent to Google who then compares it to the verified business.
If the hash matches, then the Messages app will display the logo of the business and with it comes a “verified” icon. If it doesn’t match, you’ll get a “Message could not be verified” warning. For this to work you need data connection but it’s possible to receive a “Verifying sender” notification if your connection is weak or “Waiting for connection to verify sender” if you don’t have any at all.
Even with Verified SMS, Google reminds you to not open links from unverified contacts and also to not reply with any personal information to businesses (or those pretending to be businesses). As for privacy concerns, Google assures users that they won’t see your messages and they also don’t keep track of which businesses are sending you SMS and which you’re replying to.
Verified SMS doesn’t seem to be available for the stable version of the Messages app just yet. It may be just a server-side test so you probably cannot force it to show up in your app even if you’re on the beta version.