Google Pixel 10: digital signature AI can be easily removed

As he had anticipated for some time, Google has implemented in his new smartphones Pixel 10 a digital authenticity system based on C2PA metadata, designed to trace the origin of the images and any changes made through artificial intelligence. However, some tests conducted by Android Authority they revealed that there digital signature can be removed with relative ease, although falsifying it is much more complex.

Follow Google Italia on Telegram, Receive news and offers first

The C2PA system on Pixel 10 devices

Pixel 10, following the example of the Samsung Galaxy S25adopted the C2PA (Coalition for Content Archore and Authenticity) standard for incorporate the metadata of authenticity in the images. And so, every time the device takes a photo or modification, a digital signature is integrated that documents the origin of the content and all subsequent changes made.

Technology has a clear purpose: wishes to fight the growing confusion regarding the origin and truthfulness of online images, providing clear answers to the most important question: is the image real or generated by the AI? Or is it authentic but has been enriched with artificial improvements?

How the cataloging of images works

On Pixel 10, both the camera app and Google Photo already support this new feature, in fact allowing attach and read the data on the origin and chronology of the changes of an image. The photos taken directly with the device show the wording “Media Capatured with per room“, While the panoramas specify that”Multiple images were combined“.

For images that undergo simple manipulations such as portraits or long exhibitions, the tag is added “Edited with non-Ai Tools“, In a category that also includes the photos taken with the function Add mesince they make up real elements directly from the camera. The same mark appears when using basic Google photos of photos such as cutlery, brightness adjustment or filters application. On the other hand, when Magic Editor is used for generative changes that create artificial content, Google immediately adds the wording “Edited with ai Tools“.

Remove the metadata is all too simple

So far, the information already known. But several technical tests have shown that completely remove the C2PA metadata is Very simple Using special tools such as Exiftol: with a basic command of this application it is in fact possible to delete all the Exif and C2PA information, thus leaving the image without any trace of its origin or the changes undergone.

The more sophisticated is the approach that allows you to selectively remove C2PA data by keeping traditional metadata exif intact. Since C2PA information is stored in a specific jumbf segment of the JPEG files, in fact, it is possible to delete them precisely, leaving the date, camera model and other technical information unchanged. However, the technique creates a somewhat ambiguous situation: the image maintains the basic metadata, suggesting authenticity, but loses each proof of possible manipulation AI, opening the door to misleading interpretations.

Falsifying is much more difficult

Despite the ease with which the metadata can be removed, falsifying the C2PA has proved to be much more complex. In fact, the system incorporates several cryptographic security checks that work as a digital imprint, binding the metadata to the specific pixels of the image through a safe hash.

And so, when an application compatible with C2PA opens a photo, generates a new hash and compares it with the one incorporated into the metadata. Any discrepancy immediately invalidates the C2PA record, allowing the app to report that metadata does not correspond to the image. Even minimal changes such as the enlargement of a detail are sufficient to compromise the validity of the digital signature.