Google is rolling out a new OS verification tool for Android 17 that pairs a self-check on the phone with a QR-based verification using a second, trusted device. In a QPR1 Beta 3 preview, the workflow isn’t fully functional yet, but the required steps and scre
For years. Android users who wanted to confirm the integrity of what was running on their phones had to do it the hard way. It was possible—just rarely worth it unless you were chasing security edge cases. debugging as a developer. or had unusually sharp worries. Now, Google is trying to make that moment simpler.
With Android 17. a new OS verification screen is expected to arrive. and a two-device workflow is already showing its shape in QPR1 Beta 3. The first part is familiar: the on-device screen looks for “on-device red flags.” But the real pivot is what appears at the bottom of that screen—an option to “verify with another device.”.
In the QPR1 Beta 3 preview, tapping the bottom “About” button surfaces an embedded URL that leads to a page displaying a QR code. From there, the steps become clear in Google’s own documentation and the strings embedded in the system workflow.
The process. as laid out in those strings. starts with requirements that are almost painfully human in their simplicity: you need two devices—“a computer. tablet. or phone you trust” and “another device with a browser.” The trusted device is then used to double-check whether the Android version on the phone you’re verifying is “authentic.”.
The workflow runs like this: on the verified device. you start the process and it generates a unique identifier based on the software running on it. That identifier is shared through a QR code to the trusted device. The trusted device then goes to the URL shown on the next screen. scans the QR code that appears on the other device. and checks that what’s shown on both screens matches.
Google’s documentation spells out the on-screen beats: “I’m ready. ” then a return to the second device for scanning (or entering the web address). followed by an instruction to “check that you’re on the right web address.” After that. the phone sends the verified device’s unique information—“identifiers for the other device to verify”—and the other device scans the second QR code.
The strings also warn the user not to panic if it takes a moment: “This may take a few moments. ” followed by “Sending your device information…” The trusted device then compares what it received with what appears on-screen on that other device: “Compare the device information below with those on your other device to make sure they match.” When the comparison finishes. the workflow ends either with “Verification complete” or a warning that if the information doesn’t match. “this device may be using an unsafe version of Android with security risks.”.
At the moment, the feature isn’t fully operable. In testing, attempts to scan the QR code appear to hang up because there’s no app assigned yet to handle the transparency:// protocol. Whether that QR-handling ends up as a standalone app or gets baked into something else remains unknown.
Even so. the direction is unmistakable: Google is moving verification away from a maze of manual checks and toward something closer to a guided. second-screen sanity check. The promise for users is straightforward—scan, compare, done—while the tension is just as clear. If the data doesn’t match across both devices, the system suggests the phone may be compromised.
For now, the missing piece is visibility. QPR1 Beta 3 offers the workflow details through embedded URLs. QR code screens. and Google’s own documented steps. but it’s not yet complete enough to watch it succeed end to end. Google says it should get clearer with a future Android Beta release. when the system is expected to work more smoothly and the verification flow can be seen in action.
Android 17 OS verification two-device verification QR code QPR1 Beta 3 trusted device Google security tools Android Verified Boot Pixel Binary Transparency
So basically you need another device now? Cool cool.
I don’t get it, but the QR thing sounds like malware bait. Like what if the “trusted device” is compromised too? Also why can’t the phone just check itself.
Wait you scan a QR code to verify the OS is authentic?? Isn’t that like… the same verification you’d get when you sign into your Google account anyway? Maybe this is for people who root their phones or whatever, but they always act like normal users are the problem.
Android already checks updates from Google, so why is this called “verification” like it’s new news lol. The article made it sound like it’s not even fully functional in Beta 3 yet. Also “two devices you trust” is such a weird requirement because most people don’t really trust anything except maybe their friends’ Wi-Fi. QR codes are just the new password reset, so… great?