Google’s New Tech Will Prove If a Photo Is Real or AI-Generated

by ddos · September 14, 2025

Google has unveiled a new system for authenticating digital images by embedding C2PA Content Credentials into the Pixel 10 camera and the Google Photos application. This mechanism is designed to help users distinguish original photographs from those created or altered using generative models — a challenge that has grown increasingly urgent amid the surge of fabricated content online. The company emphasizes that traditional watermarking methods are no longer sufficient, as they leave room for ambiguity and manipulation.

On the Pixel 10, every JPEG photo taken is automatically tagged with Content Credentials metadata, recording the circumstances of its creation. If the image is later edited — whether through AI tools or conventional photo editors — Google Photos logs the entire edit history and preserves it alongside the file. The system functions entirely on-device, requires no internet connection, and, according to Google, is resilient to tampering. At the same time, user privacy remains intact, while the authenticity of the data can still be verified.

To guard against forgery, Google has implemented multiple layers of protection. Each image is signed with a unique cryptographic key that is never reused, ensuring both anonymity and the impossibility of tracking. All keys are generated and stored within Android StrongBox, secured by the Titan M2 security chip. Should the image metadata be altered, the digital signature is immediately invalidated.

Adding another layer of assurance, the system leverages Android Key Attestation, which allows Google’s certificate authorities to verify the authenticity of both the hardware and the application generating the certificate. The Tensor processor’s integrated secure timer further strengthens the mechanism by providing precise timestamps, even when the device operates offline.

Google underscores that Content Credentials are safeguarded by the same cryptographic principles that secure financial transactions and mobile applications. This ensures that users can trust the integrity and provenance of their images.

Looking ahead, the company intends to extend Content Credentials support to additional Android devices, though it has not yet disclosed a timeline. Meanwhile, Google urges industry peers to move beyond simplistic “AI-generated” labels and adopt verifiable provenance mechanisms, arguing that only such approaches can effectively combat disinformation and the proliferation of deepfakes.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal