Google adds Verified SMS and anti-spam feature to Messages app
Google announced new security tweaks designed to make old-fashioned SMS communication more appealing to both companies and consumers alike. The first of these is Verified SMS for Messages, which as its name suggests works with the company’s Android messaging app. Available in the US, the UK, Canada, Mexico, India, Brazil, France, the Philippines, and Spain, this allows users to verify that text messages sent by companies are genuine and not fakes or scams.
From Google’s brief description, every text sent to the Messages app by a participating company embeds a hash-based message authentication code (HMAC) which is compared with an equivalent hash sent to Google. This is unique to each person’s device rather than the company itself, which should make it impossible to spoof. As well as being specific to the Messages app, companies must also be part of the Verified SMS system for it to work. So far, that only runs to 1-800-Flowers, Banco Bradesco, Kayak, Payback, and SoFi.
Verified SMS will only authenticate known good senders rather than stopping unknown bad ones. This might explain why Google has added a second feature to Messages, Spam protection for Messages. With this feature in use, any message arriving or leaving from a number not in the user’s contacts list is temporarily stored and checked against the numbers of any known spammers If it’s suspect, it blocks the message. It’s not crystal clear whether this is done automatically or if the user is asked before it is blocked. It’s also possible to manually report spam.