Google Messages is receiving a notable upgrade that strengthens how users verify the security of their conversations. As of late August 2025, the application’s beta version introduces QR code-based key verification, a more streamlined and secure method of confirming if a user is chatting with the right person over RCS (Rich Communication Services). This improvement moves away from the tedious system of long numerical codes and reflects Google’s broader focus on making everyday digital communications safer and easier.
Until now, verifying encryption in Google Messages meant manually checking a lengthy 80-digit code. The idea behind that method was solid, as it ensured that users and their selected contacts could read messages in an end-to-end encrypted chat. But in practice, it was intimidating for most users, prone to mistakes, and hardly user-friendly.
As reported by 9to5Googlethe new system takes a different approach. When users open the “Verify encryption” option from a conversation’s details page, a redesigned Security & Privacy screen appears. Instead of copying down numbers, any user can hold their phone up and check their contact’s QR code, and vice versa. Once the process is complete, the status of any verification can be checked by simply navigating to the “Connected apps” section in the Contact app.
The process is faster, less prone to error, and still retains the option of using the numeric code for those who prefer it. Most importantly, the app now explains in plain language why verification matters and guides you through the steps, reducing confusion for everyday users.
The shift to QR codes is about more than convenience; it is about addressing weaknesses in an older system. SMS has long been criticized as a fragile layer of security, vulnerable to SIM swapping attacks, number hijacking, and phishing attempts. When people relied on text-based codes, whether for two-factor authentication or message verification, it created an entry point for bad, malicious actors.
By introducing QR verification in Messages, Google reduces the reliance on vulnerable methods while making the act of verifying encryption more approachable. It also reflects a larger strategy that Google has been following. Earlier in 2025, the company began replacing SMS codes in Gmail Logins with QR-based two-factor authentication.
That move acknowledged the risks of SMS while positioning QR scanning as a more secure and user-friendly alternative. The addition of QR code verification in Messages shows that this philosophy is expanding beyond account logins and into personal communications.
At present, QR code key verification is only available in the beta version of Google Messages. Regular users on the stable release will need to wait until later in 2025 to access it. According to Google’s rollout plan, the feature will be compatible with devices running Android 9 and higher. This ensures a broader base of existing smartphones will be able to benefit without requiring cutting-edge hardware. For users who wish to enroll in the Beta program, they can do so from here.
Interestingly, the system is part of what Google describes as a “unified system for public key verification.” This means it is not limited to Google Messages alone. In the future, other applications may adopt the same mechanism, bringing consistency and ease of use across different messaging platforms. If that vision materializes, QR code verification could become a common security practice across the Android ecosystem.
To take advantage of this feature once it reaches stable release, users will need to ensure that their phones are updated with the latest version of Google Messages, Google Contacts, and the Android Systems Key Verifier app. RCS must be enabled in the chat, since end-to-end encryption is the foundation of this security measure. SMS and MMS conversations will probably not support QR verifications, as they lack the encryption necessary for such safeguards.
This update is not just a feature upgrade for Messages; it represents a step forward in digital authentication more broadly. QR-based verification avoids the weakness of SMS, making it harder for attackers to exploit carrier systems or trick users with fraudulent codes. It also shows Google’s ongoing effort to push passkeys and passwordless logins across its platforms, replacing outdated methods with systems that are harder to intercept and easier for everyday people to use.
