Google Pixel 10 Introduces C2PA Support

Google has unveiled its latest smartphone, the Google Pixel 10, which includes built-in support for the Coalition for Content Provenance and Authenticity (C2PA) standard. Announced on Tuesday, this feature aims to enhance the verification of digital content’s origin and history, thereby promoting transparency in digital media.

With the integration of C2PA’s Content Credentials into the Pixel Camera and Google Photos apps for Android, users can benefit from tamper-evident, cryptographically signed manifests that affirm the provenance of various media types, including images, videos, and audio files. Adobe describes this metadata as a “digital nutrition label,” detailing the creator’s identity, the creation process, and any involvement of artificial intelligence (AI).

Remarkably, the Pixel Camera app has achieved Assurance Level 2, the highest security rating defined by the C2PA Conformance Program, indicating the mobile app’s robust security measures. This assurance level is uniquely attainable on the Android platform, showcasing Google’s commitment to leveraging its ecosystem for enhanced security.

One of the notable features of the Pixel 10 is its support for on-device trusted timestamps. This ensures that even images taken while the device was offline remain trustworthy after the signing certificate’s expiration. This innovation hinges on the capabilities of the Google Tensor G5 processor, the Titan M2 security chip, and built-in security features in the Android OS.

In an effort to fortify security and usability, Google has designed the C2PA implementation to remain secure and functional offline. This means that the provenance data generated is not only reliable but also nonsensitive and does not require internet connectivity. Key innovations include:

• Android Key Attestation, allowing C2PA Certification Authorities (CAs) to verify communication with genuine devices.
• Hardware-backed Android Key Attestation certificates confirming the app requesting the C2PA signing key is trusted.
• Generation and storage of C2PA claim signing keys in the tamper-resistant Titan M2 security chip.
• Anonymized hardware-backed attestation to certify newly generated cryptographic keys without revealing the user’s identity.
• Unique certificates for every image, ensuring that the creator’s identity remains “cryptographically impossible” to reveal.
• On-device timestamping capabilities that generate cryptographically signed timestamps when images are taken.

While Google acknowledges that C2PA Content Credentials alone cannot fully address the issue of digital media provenance, the company views this feature as a significant step towards enhancing media transparency and fostering trust as technology evolves with AI.