Google is integrating C2PA Content Credentials into the Pixel 10 camera and Google Photos, to help users distinguish between authentic, unaltered images and those generated or edited with artificial intelligence technology.
The American company notes that the problem of labeling synthetic media has become bigger in recent years as traditional approaches are no longer suitable and leave room for leave room for interpretation and misrepresentation.
In the latest Pixel 10 phones, every JPEG photo captured will be automatically attached Content Credentials, which reveals how they were made.
“Content Credentials convey a rich set of information about how media such as images, videos, or audio files were made, protected by the same digital signature technology that has secured online transactions and mobile apps for decades,” Google explains.
“It empowers users to identify AI-generated (or altered) content, helping to foster transparency and trust in generative AI.”
If the user edits the original image using AI or non-AI tools, Google Photos attaches new Content Credentials information, ensuring the entire history of edits is recorded.
Source: Google
Google says the system works offline, is secure from external interference throughout the process, and does not threaten the user’s anonymity while retaining its verifiability.
The tech giant outlines several layers of security and integrity guarantees it infused into the Content Credentials system to make it tamper-resistant and trustworthy, including:
- Cryptographic signing that invalidates the digital signature when the metadata is modified.
- Tamper-resistant key storage, with all cryptographic keys generated and stored in Android StrongBox inside the Titan M2 security chip.
- Android Key Attestation, which enables Google’s C2PA Certification Authorities to verify the authenticity of both the hardware and the app requesting the credential.
- One-time-use keys per image, meaning each photo is signed with a unique cryptographic key that is never reused, preserving the user’s privacy and anonymity.
- On-device trusted timestamps, supported by a secure internal clock maintained by the Tensor chip, which allows Pixel devices to attach verifiable timestamps even when offline.
Although the Content Credentials system is currently only available on Pixel 10 devices, Google has hinted at plans to expand this to more Android devices in the future, but without sharing any specific timelines.
The firm urges industry stakeholders to move beyond simplistic AI labels and adopt Content Credentials, emphasizing that combating misinformation and deepfakes requires broad, ecosystem-wide adoption of verifiable provenance.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.