diff --git a/src/Storage/AxolotlStore/TSStorageManager+IdentityKeyStore.h b/src/Storage/AxolotlStore/TSStorageManager+IdentityKeyStore.h
index 841d7997a..e178b7f3a 100644
--- a/src/Storage/AxolotlStore/TSStorageManager+IdentityKeyStore.h
+++ b/src/Storage/AxolotlStore/TSStorageManager+IdentityKeyStore.h
@@ -40,6 +40,14 @@ extern NSString *const TSStorageManagerTrustedKeysCollection;
  */
 - (nullable OWSRecipientIdentity *)unconfirmedIdentityThatShouldBlockSendingForRecipientId:(NSString *)recipientId;
 
+/**
+ * @param   recipientId unique stable identifier for the recipient, e.g. e164 phone number
+ * @returns nil if the recipient's current id has been seen, or if it's the users first key
+ *          else returns the unseen identity
+ *
+ */
+- (nullable OWSRecipientIdentity *)unseenIdentityChangeForRecipientId:(NSString *)recipientId;
+
 - (void)generateNewIdentityKey;
 - (nullable NSData *)identityKeyForRecipientId:(NSString *)recipientId;
 - (void)removeIdentityKeyForRecipient:(NSString *)receipientId;
diff --git a/src/Storage/AxolotlStore/TSStorageManager+IdentityKeyStore.m b/src/Storage/AxolotlStore/TSStorageManager+IdentityKeyStore.m
index c6ee65256..2c78f6f48 100644
--- a/src/Storage/AxolotlStore/TSStorageManager+IdentityKeyStore.m
+++ b/src/Storage/AxolotlStore/TSStorageManager+IdentityKeyStore.m
@@ -199,6 +199,31 @@ const NSTimeInterval kIdentityKeyStoreNonBlockingSecondsThreshold = 5.0;
     }
 }
 
+- (nullable OWSRecipientIdentity *)unseenIdentityChangeForRecipientId:(NSString *)recipientId
+{
+    OWSAssert(recipientId != nil);
+
+    @synchronized([[self class] sharedIdentityKeyLock])
+    {
+        OWSRecipientIdentity *currentIdentity = [OWSRecipientIdentity fetchObjectWithUniqueID:recipientId];
+        if (currentIdentity == nil) {
+            // No preexisting key, Trust On First Use
+            return nil;
+        }
+
+        if (currentIdentity.isFirstKnownKey) {
+            return nil;
+        }
+
+        if (currentIdentity.wasSeen) {
+            return nil;
+        }
+
+        // identity not yet seen
+        return currentIdentity;
+    }
+}
+
 - (BOOL)isTrustedKey:(NSData *)identityKey forSendingToIdentity:(nullable OWSRecipientIdentity *)recipientIdentity
 {
     OWSAssert(identityKey != nil);