Google has altered its account creation process in a way that forces some new users to send a text message from their own phones rather than simply receive one. The change, which surfaced in early 2026, replaces a familiar verification step with one that requires outbound SMS traffic. Privacy advocates noticed it first. Others soon followed.
The shift appears tied to an earlier announcement. In February 2025, Forbes reported that Google planned to move away from inbound SMS codes during signup. A spokesperson told the publication the company aimed to reduce global SMS abuse. QR codes would replace the old flow. Users would scan them with their phone cameras.
But the execution proved more complicated. By March 2026, testers on the Privacy Guides forum discovered the QR code no longer triggered an incoming text. Instead, scanning it prompted the phone to send an SMS to a Google-controlled number. “I have tried it myself, the registration is no longer possible with the QR code,” wrote one user on March 8. “Supposedly, using the QR code on the smartphone triggers an SMS sent from your phone to Google in order to verify your phone number.”
The forum thread exploded with reactions. Participants immediately grasped the implications. Services that provide virtual numbers for receiving texts suddenly became useless for this step. SMS pool providers and similar tools could no longer automate the process easily. A real SIM card with outbound messaging capability was now mandatory in many cases.
Google has not issued a detailed public explanation for the exact mechanics. Yet the intent seems clear. Outbound SMS demands a live cellular connection that virtual numbers often lack. It raises the bar for bulk account creators who rely on cheap online SMS relays. Those operations must now absorb the cost of actual mobile plans or find new proxies.
And the cost burden moves. Carriers charge users for outgoing texts in some markets. Even where texting is unlimited, the requirement ties the account more tightly to a verifiable phone line. Google saves on its own outbound messaging expenses at scale. The company has long complained about SMS fraud rings that exploit verification codes.
Earlier coverage anticipated a cleaner transition. gHacks noted in February 2025 that Google sought to replace SMS entirely for both account creation and two-factor authentication. The QR code approach was positioned as a defense against phishing and automated abuse. Reality has proven messier.
Users report hitting the new prompt inconsistently. It triggers more often on desktop signups or when browser signals look suspicious. Repeated attempts from the same IP address or device fingerprint raise the odds. Privacy-focused individuals who rotate virtual machines or VPNs encounter it frequently.
One GrapheneOS discussion from March 18, 2026, captured fresh frustration. “Google now asks to send SMS to their number to verify yours while creating an account,” a poster wrote. The thread highlighted that even successful SMS senders sometimes faced later age verification hurdles. The change compounds existing barriers.
Google’s official help pages still frame phone verification as optional in many contexts. Support documents emphasize its role in confirming humanity during signup. But the practical experience in 2026 tells a different story. Multiple recent guides from browser fingerprinting companies confirm the risk-based nature of the prompt.
MultiLogin’s January 2026 analysis explained that phone requests spike when session signals mismatch. IP location versus browser timezone. Recent account creation history on the same hardware. Patterns that suggest automation. The company sells tools designed to mimic organic user behavior and avoid such flags.
Similar advice appears across anti-detect browser providers. OctoBrowser reported in November 2025 that while Google does not officially mandate a phone number, the system demands one more often than before. Waiting periods, clean environments, and mobile browser signups sometimes bypass the step. Success rates vary.
The Privacy Guides community weighed the privacy trade-offs. One contributor described buying a temporary Italian SIM while traveling. Register the account. Enable app-based two-factor authentication and a hardware key immediately. Save recovery codes. Then discard the SIM. The number eventually gets reassigned. Google retains records of past numbers but may not prompt again if the user never reuses it.
Yet risks remain. Countries that require ID for SIM purchases create paper trails. Google logs every number associated with an account. Secondhand accounts bought on underground markets carry unknown histories. Previous owners or malicious creators could retain access vectors.
Forum users expressed resignation. “This only stops your average user,” one wrote. Bulk account sellers have adapted before. They will likely adapt again. Someone may yet build a service that automates outbound SMS through real devices. The cat-and-mouse game continues.
Google’s broader strategy fits a pattern. The company has pushed passkeys and hardware-based authentication for years. SMS always sat on shaky ground as a verification method. SIM swapping attacks and interception vulnerabilities made it a weak link. Moving the cost and control to the user’s device addresses one vector.
But it does so at the expense of accessibility. Not everyone maintains an active mobile plan. Travelers. Students in restrictive environments. Those wary of linking real identity to Google services. The change erects another wall.
Recent X posts reflect scattered complaints. Users locked out of old accounts or stuck in recovery loops mention SMS hurdles. The new signup flow adds to that friction. One post from early May 2026 described the QR-and-send process explicitly. It noted the reversal from receiving to sending texts.
No major new articles appeared in the past week detailing fresh policy updates. The discussion has largely stayed within privacy communities and technical forums. Google itself remains quiet on implementation details.
Analysts expect the company to refine the system over time. Further restrictions could follow. Or workarounds might proliferate enough to blunt the impact. For now, the requirement stands as a quiet but effective filter.
Creating a Google account in 2026 demands more forethought than it once did. Clean browser profiles help. Mobile signups sometimes succeed where desktop fails. A physical SIM with texting capability removes the largest obstacle. Those seeking maximum separation face stiffer challenges.
The shift underscores a larger truth. Tech platforms continue to harden defenses against automated abuse. Each layer added protects legitimate users from spam and fraud. It also narrows the space for those who value anonymity. The balance remains uneasy. Google has chosen its side.
WebProNews is an iEntry Publication