Google Pixel 10 Ships With Native C2PA - First Smartphone With Content Credentials

Google has announced that the Pixel 10 series supports C2PA Content Credentials natively in the Pixel Camera app - making it the first consumer smartphone to cryptographically sign every photo at the point of capture.

The implementation uses hardware-backed security throughout. C2PA claim signing keys are generated and stored in the Titan M2 security chip, using Android StrongBox for tamper resistance. The Tensor G5 processor handles the cryptographic operations in the image signal pipeline, meaning signing happens as part of the normal photo capture process with no perceptible delay.

Assurance Level 2: the highest bar

The Pixel Camera app achieved Assurance Level 2, the highest security rating currently defined by the C2PA Conformance Programme. This is notable because Assurance Level 2 requires hardware-backed key storage and attestation - capabilities that Google says are currently only possible on Android due to the platform's hardware security architecture. This gives the Pixel 10's implementation a trust foundation that no other smartphone platform currently matches.

What gets signed

Every JPEG captured with the Pixel Camera app includes Content Credentials. This applies to both unedited captures and AI-modified images - including photos processed with features like Magic Eraser, Best Take, and other computational photography tools. The Content Credentials record what processing was applied, providing transparency about AI involvement even in everyday photo editing.

Google Photos on Android also supports Content Credentials, displaying provenance information in the "About" panel. Edits made within Google Photos are recorded in the credential chain, maintaining the provenance history through the editing process.

Privacy by design

Google's implementation uses anonymous, hardware-backed attestation. The signing process certifies that the key was generated on a genuine physical device without identifying who is using it. One-time-use cryptographic keys prevent traceability across images. No personal information is included in the Content Credentials - the signer is identified as "Google LLC" and "Pixel Camera," not as an individual user.

The system also works offline, using an on-device trusted timestamping system. This means Content Credentials are applied even when the phone has no network connection, with the timestamp verified through hardware-secured local time.

What this means for C2PA

The Pixel 10 marks the moment C2PA moved from professional cameras and AI generators into consumer devices. With Google's scale - tens of millions of Pixel phones sold annually - the volume of C2PA-signed content in circulation is about to increase dramatically.

The competitive pressure is now on Samsung and Apple. Both companies are C2PA coalition members with the hardware capability to implement signing. Google has set the benchmark. The question is how quickly the others follow.

Andy Parsons, Senior Director of the Content Authenticity Initiative at Adobe, described the launch as a "significant milestone in bringing authenticity and transparency to digital imagery for millions of people worldwide."

For a deeper look at smartphone C2PA support including third-party apps for non-Pixel phones, see our full Smartphone Content Credentials Guide.