Google fights misinformation: C2PA arrives on Pixel and Photos for AI image recognition.

Google announced that it will integrate C2PA Content Credentials technology into the Pixel 10 camera app and Google Photos to help users distinguish authentic images from those created or modified by artificial intelligence.

Google noted that the problem of labeling synthetic content has become much more acute in recent years, as traditional approaches are virtually ineffective and leave room for different interpretations and distortions of information.

On the latest Pixel 10 smartphones, every JPEG photo will automatically receive Content Credentials, which contain information about how the photo was created. photos.

“Content credentials contain a rich set of information about how media files (images, videos, or audio files) were created, protected by the same digital signature technology that has kept online transactions and mobile apps secure for decades,” Google explains. “This gives users the ability to identify content created (or modified) by AI, promoting greater transparency and trust in generative AI.”

So, if a user edits the original image with or without AI, Google Photos will add the new information to the Content Credentials, keeping a history of all changes.

The company writes that the system works autonomously, is completely protected from external interference and does not threaten user anonymity, while maintaining the possibility of verification. Google describes several layers of security and integrity built into Content Credentials, designed to make the system more secure and protected from unauthorized access:

• A cryptographic signature that invalidates the digital signature when metadata is modified;
• Tamper-proof key storage: All cryptographic keys are generated and stored in the Android StrongBox within the Titan M2;
• Android Key Attestation, which allows Google’s C2PA CAs to verify the authenticity of both the hardware and the requesting app. data;
• One-time keys for each image: Each photo is signed with a unique cryptographic key that is never reused, which should preserve user privacy and anonymity;
• Trusted timestamps, backed by a secure internal device clock powered by Tensor, allowing Pixel devices to create verifiable timestamps even when offline.

For now, the Content Credentials system will only be available on Pixel 10 devices, but Google representatives write that they intend to extend it to other Android devices in the future. However, the company has not yet indicated specific dates or times.

The company calls on all industry stakeholders to go beyond simplifying AI-based content labeling and adopt content credentials, stressing that the fight against misinformation and deepfakes requires the widespread adoption of content verification technologies across the industry.

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

Redazione

The Red Hot Cyber Editorial Team provides daily updates on bugs, data breaches, and global threats. Every piece of content is validated by our community of experts, including Pietro Melillo, Massimiliano Brolli, Sandro Sana, Olivia Terragni, and Stefano Gazzella. Through synergy with our industry-leading partners—such as Accenture, CrowdStrike, Trend Micro, and Fortinet—we transform technical complexity into collective awareness. We ensure information accuracy by analyzing primary sources and maintaining a rigorous technical peer-review process.