Your Phone Already Has the Hardware to Prove a Photo Is Real. Nothing Uses It.

Source: Dev.to

Introduction

In 2025 the Adobe Content Authenticity Initiative reported that 97 % of organizations have encountered AI‑generated content being used against them—deepfakes, synthetic product photos, fabricated evidence.
Every smartphone today contains a tamper‑resistant cryptographic chip that sits idle: Secure Enclave on iOS, StrongBox or TEE on Android. These hardware modules are designed to sign data in a way that cannot be extracted or faked, yet they are rarely used for photo provenance.

C2PA – A Standard for Media Authenticity

C2PA (Content Authenticity Initiative) is an open standard backed by Adobe, Microsoft, Intel, and others. It works like HTTPS for media files: a cryptographic manifest is embedded directly into a JPEG and includes:

• The device that captured the image
• Timestamp and location
• A full edit history
• A signature that breaks if any pixel changes

Leica, Sony, and Nikon already ship C2PA‑enabled cameras, but mobile platforms—where > 90 % of photos are taken—have seen almost no adoption.

attestation‑photo‑mobile

attestation-photo-mobile is a React Native package that bridges this gap. It lets you capture a photo, hash it, sign it with a hardware‑backed key, and embed a complete C2PA manifest before the file ever touches disk.

Architecture

1. Native layer (Swift/Kotlin) – Accesses the hardware keystore, provisions an ECDSA P‑256 key inside Secure Enclave or StrongBox, and ensures the key never leaves the hardware.
2. Rust layer (c2pa‑rs) – Builds the JUMBF manifest, computes the asset hash, and constructs the C2PA claim. (Pure‑JS implementations are not recommended.)
3. React Native bridge – Exposes a single signPhoto(path) function and a useAttestedCapture hook that handles key provisioning, location pre‑fetch, and error wrapping.

import { useAttestedCapture, saveToGallery } from '@rolobits/attestation-photo-mobile';

function CaptureScreen() {
  const { signPhoto, isReady } = useAttestedCapture({
    includeLocation: true,
    appName: "My App",
    nonce: "server-challenge-token",
  });

  const onCapture = async (photoPath) => {
    // Sign and embed C2PA manifest
    const signed = await signPhoto(photoPath);

    // signed.trustLevel -> "secure_enclave" | "strongbox" | "tee"
    // signed.embeddedManifest -> true
    // signed.signature -> SHA‑256 hex of original asset

    await saveToGallery({ filePath: signed.path });
  };
}

Verifying the Output

The resulting JPEG can be verified with any C2PA tool, e.g.:

cargo install c2patool
c2patool verify output.jpg

Or upload it to verify.contentauthenticity.org.

Device Integrity Checks

Before signing, the SDK runs integrity checks:

• Jailbroken/rooted devices → E_COMPROMISED_DEVICE
• No Secure Enclave / StrongBox → E_NO_TRUSTED_HARDWARE

These behaviours can be controlled with the requireTrustedHardware option (true | false).

Real‑World Scenarios

1. Insurance claims – In‑app damage photos are hardware‑signed with device ID, location, and timestamp; adjusters can automatically verify authenticity.
2. Marketplace listings – Verified images for cars, real estate, or rentals give buyers confidence that photos are genuine and not AI‑generated.
3. Field inspections – Timestamped, signed photos of construction sites or equipment audits provide tamper‑evident compliance evidence.
4. KYC (Know Your Customer) – Selfie‑based identity verification can prove the image originated from a real device rather than a synthetic face.

Roadmap (v1 Limitations)

• Self‑signed certificates – Currently the signing key has no CA chain, so verifiers show a valid signature but “unknown signer.” Attribution is therefore missing. Integrating a trusted CA is the next priority.

Repository

👉 GitHub: RoloBits/attestation-photo-mobile