In end-to-end encrypted apps, safety numbers or QR codes are usually meant to help users confirm a chat partner or device identity. The weak point is human behavior: people often scan once and move on without checking who provided the code, when it was generated, or whether it belongs to the current conversation.
For the technical background, start with the end-to-end encryption guide. This page focuses on day-to-day verification habits.
QR codes that deserve a second look
- Contact QR codes, group invite QR codes, or "re-verify" screenshots sent by strangers.
- QR codes from communities, cloud drives, short links, or forwarded screenshots.
- A contact suddenly says they changed devices, reinstalled the app, or saw a safety number change.
- Messages beside the code pressure you to scan immediately.
- Requests that also ask for verification codes, recovery codes, or device confirmation screenshots.
A more reliable way to verify
Cross-check through a channel where the identity is already established, such as in person, a known phone number, a company directory, or a long-used contact method. Do not trust identity based on a screenshot alone. If a safety number changes, confirm whether the person really changed devices or reinstalled before sharing sensitive files.
For group chats, admins should also check invite sources and member changes. See the SafeW group chat guide for broader group settings.
Safety note: Safety numbers and QR codes provide identity clues; they do not decide whether a person is trustworthy. Pause when a request involves money, codes, account recovery, or a downloaded "fix".