Mishaal Rahman / Android Authority
TL;DR
- A new Android System Key Verifier app is rolling out on Android devices.
- This app is a system service that lets developers store their end-to-end encryption keys and lets users verify their apps are using the correct keys when communicating.
- These keys help you confirm that messages are likely coming from a device that was set up by your contact and not some malicious third party.
When you’re communicating with someone over a messaging app, how do you know the person you’re chatting with is who they say they are? All too often, people’s online accounts get hijacked and used to scam other people they know. One good way to verify a person is who they say they are is to ask them something that only the real person would know, and that’s basically what Google’s new Android System Key Verifier app is designed to do.
You’re reading an Authority Insights story. Discover Authority Insights for more exclusive reports, app teardowns, leaks, and in-depth tech coverage you won’t find anywhere else.
A couple of days ago, Google updated its “what’s new in Google System Updates” page to announce it was rolling out a new system service called Android System Key Verifier. The page only said that Android System Key Verifier “lets developers store end-to-end encryption keys,” but it didn’t offer any further details. Fortunately for us, some users have already received the new app, such as Jason Lim, who shared the APK file with us.
After inspecting the app, it seems that Android System Key Verifier implements the Contact Keys feature that Google announced as a feature of Android 15. However, the app itself works on Android 10 and later and only requires Google Play Services to function, so your device doesn’t actually need to be running Android 15 in order to run it. Although there aren’t any apps that actually take advantage of the Android System Key Verifier service yet, the app’s Play Store page gives us a sneak peek at what to expect from it.
From what we can tell, the Android System Key Verifier app has two components. The first component provides a service that lets messaging apps like Google Messages store end-to-end encryption keys on your device. The second component is a UI that lets you share your end-to-end encryption keys with other people in the form of a QR code. The UI also has an option to scan a QR code provided by other people.
Basically, when you create a contact, your contact can share their QR code with you which, when scanned, associates their device with the contact that you created. Your contact can and should scan your own QR code, of course, so both devices are verified. If you’re later suspicious that the person you’re chatting with in a supported messaging app isn’t the same person you originally added as a contact, you can have them try to verify the keys that were created when you scanned each other’s QR codes. If the person is using a different device, then the keys won’t match, meaning it’s possible the person you’re chatting with might not be your actual contact. If they are and just got a new device, for example, then they just need to scan your QR code again on their new device.
If you’re wondering exactly how you’ll verify keys after they’ve been added, we aren’t too sure about that part. It’s possible it’ll work somewhat similarly to Contact Key Verification in iOS 17.2, which displays a warning in the Apple Messages app when an unrecognized device has been added to a contact. You can tap this warning to see a number that you can verify with the person either offline or via voice.
Contact Key Verification on iOS 17.2
A teardown of the Android System Key Verifier app does have strings that say you can “also compare the app specific numbers” instead of scanning a QR code. The strings also say that QR codes can be accessed by opening the Google Contacts app, going to Contacts settings, and then accessing the Your info page, however, this feature isn’t actually live yet in the Google Contacts app.
Google said last month that it was working on a contact verifying feature in the Messages app. It said this feature will launch next year, so it’s likely the rollout of the Android System Key Verifier app is simply in preparation for that launch. Google’s announcement also said that the feature would work on devices running Android 9 or later, though, whereas the Android System Key Verifier app currently requires at least Android 10. It’s possible the minimum Android version that’s required has been increased or Google is facing some issues in getting the feature to work on Android 9, but we won’t know until the feature actually launches. When it does launch, we’ll definitely cover the news on Android Authority, so keep an eye out.