Google announced that it is integrating C2PA Content Credentials technology into the Pixel 10 camera app and Google Photos, so users can distinguish authentic images from those created or edited using artificial intelligence.
Google noted that the problem of labeling synthetic content has become much more acute in recent years, as traditional approaches barely work and leave room for different interpretations and the distortion of information.
On the latest Pixel 10 smartphones, every JPEG photo will automatically receive Content Credentials that include information about how the photo was created.
“Content Credentials contain a comprehensive set of information about how media files (images, videos, or audio files) are created, protected by the same digital signature technology that has secured online transactions and mobile applications for decades,” explains Google. “This gives users the ability to identify content created (or modified) using AI, fostering greater transparency and trust in generative AI.”
Thus, if a user edits the original image with or without AI, Google Photos will add new information to Content Credentials, preserving the history of all edits.
The company says the system works offline, is fully protected against external interference, and does not compromise user anonymity, while still allowing verification.
Google describes several levels of security and integrity built into Content Credentials, designed to make the system more reliable and protected against unauthorized access:
- a cryptographic signature that becomes invalid if the metadata is modified;
- tamper-resistant key storage — all cryptographic keys are generated and stored in the Android StrongBox within Titan M2;
- Android Key Attestation, which allows Google’s C2PA certificate authorities to verify the authenticity of both the hardware and the app requesting the data;
- one-time keys for each image — every photo is signed with a unique cryptographic key that is never reused, which is intended to preserve user privacy and anonymity;
- trusted timestamps, backed by the device’s secure internal clock maintained by Tensor, allowing Pixel devices to create verifiable timestamps even when offline.
For now, the Content Credentials system will be available only on Pixel 10 devices, but Google representatives say they plan to roll it out to more Android devices in the future. However, the company has not provided any specific timelines or dates yet.
The company is calling on all interested industry stakeholders to move beyond simplistic AI-content labeling and adopt Content Credentials, emphasizing that combating misinformation and deepfakes requires industry-wide adoption of content authenticity verification technologies.