diff --git a/app/src/main/java/org/thoughtcrime/securesms/messages/MessageContentProcessor.java b/app/src/main/java/org/thoughtcrime/securesms/messages/MessageContentProcessor.java
index fca8297c7..52bbde7fc 100644
--- a/app/src/main/java/org/thoughtcrime/securesms/messages/MessageContentProcessor.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/messages/MessageContentProcessor.java
@@ -1338,6 +1338,11 @@ public final class MessageContentProcessor {
       return;
     }
 
+    if (!(senderRecipient.isProfileSharing() || senderRecipient.isSystemContact())) {
+      warn(content.getTimestamp(), "Dropping story from an untrusted user.");
+      return;
+    }
+
     Optional<InsertResult> insertResult;
 
     MessageDatabase database = SignalDatabase.mms();