Too many accounts hacked: Google takes inspiration from Apple and launches an application to protect our cats

Thursday 14th November 2024 01:52 PM

We probably never think about it, but when we send a message to someone, how can we be sure it’s who we think it is? The problem is that people’s accounts fall victim to attackers, who could impersonate them and commit scams or, even worse,. There is a way to unmask them: ask them something that only we and our real contacts know, and that’s what Apple does with Contact Key Verification starting with iOS 17.2 and later. This tool is designed to prevent cyberattacks (not phishing or message-based scams) and works by generating unique codes that you and your contacts can check in real time in the Messages app. When an unrecognized device has been added to a contact, a warning will appear: if you tap it, a number will be displayed to check with the contact itself. At this point you can indicate whether it matches or not. And on Android? Until now, there was no way to verify the identity of our interlocutors, but now BigG has launched a new application that will make our chats more secure. Last July, AssembleDebug discovered a new API called Contact Keys Manager in the first beta of Android 15, which allows messaging apps to work similarly to Apple’s Messages. Google announced last month that it was working on a contact verification feature in the Messages app, which would be compatible with Android 9 and later and would launch next year. However, Google just released a new system app, called Android System Key Verifier, that does just that. The news was announced by Google itself in the November 2024 Google Play Services release notes:

Google has not provided any further explanation, but the Play Store page does provide some guidance on how it works. It turns out that the app, which is not exclusive to Android 15 but works on any Android phone with Android 10 and later (not Android 9) and Google Play Services, is made up of two parts . The first is a step of creating and exchanging end-to-end encryption keys via a QR code, and the second is the confirmation of these keys. The new service allows messaging applications (e.g. Google Messages) to store end-to-end encryption keys on the device. When you create a contact, they will be able to share their QR code with you, in order to associate the key with their number, and you will do the same with them in order to verify both devices. It all happens through the new app’s interface, using a QR code on one phone and a QR code scanner on the other. Android Authority also decompiled the app and found that, in theory, you can check numbers without a QR code scanner. It also seems that in the future it will be possible to access the QR code from the Contacts application, in the Settings and Your information section. If you want to verify that this contact is who they say they are later, you can ask them for a key verification, and if this person is an attacker the keys will not match. It’s unclear how this check happens, but it’s likely that it works like it does in iOS. If they changed phones, you can scan the QR code again on the new device.