Google announced that Pixel 10 phones will be the first to have C2PA Content Credentials built into every photo taken with Pixel Camera, achieving Assurance Level 2 — the highest security rating in the C2PA Conformance Program. The implementation is powered by Tensor G5 and the Titan M2 security chip, using Android Key Attestation to verify device and app integrity without identifying the user. A privacy-first 'one-and-done' certificate strategy ensures no two photos share a public key, making it cryptographically impossible to link images to each other or to a user. Pixel 10 also introduces an on-device offline Time-Stamping Authority so photos taken without connectivity can still have verifiable, long-lived credentials. Google frames this as a shift from labeling content as 'AI vs. not AI' toward a model where content either has verifiable provenance or it doesn't, and invites other Android developers to adopt the same hardware-backed security primitives.
Table of contents
A New Approach to Content CredentialsSecure from Silicon to ApplicationsPrivacy Built on a Foundation of Trust: Verifiable, Not Personally IdentifiableReady to Use When You Are - Even OfflineBuilding a More Trustworthy Ecosystem, TogetherSort: