FAQs
Android Support
Does ZCAM work on Android?
Not at the moment, but we have a plan for Android implementation. Currently, only two Android phone companies support C2PA: Google with their latest Pixel 10 and Samsung.
Google's Pixel 10 has full C2PA support for photos captured on the camera. The design is quite similar to ZCAM's where they use a key generated in the secure enclave to sign the manifest at capture time.
Samsung's C2PA implementation is less useful. It only supports attaching C2PA manifests to photos that were generated using AI.
On the other hand, Android phones (specifically those that support the Google Play Store) are all equipped with the necessary primitives to support a ZCAM flow. Note that all Androids that support the Google Play Store are required to have some secure enclave support. On the iOS side, ZCAM leverages the Apple App Attest API which provides the following guarantees:
- A key was generated on the secure enclave and is scoped to the calling app
- The calling app itself is non-tampered and the binary is trustworthy
Android separates these functionalities into two independent APIs:
- Android Key Attestation: API to obtain an attestation that a given key used by an app is indeed hardware-backed
- Google Play Integrity API: API used to ensure a given request is from a valid install of an app
By integrating these two APIs in the Android implementation, we will get the same "coverage" that the Apple App Attest API guarantees. The rest of the ZCAM protocol flows as intended, using C2PA and SP1 as necessary.
Secure Enclave Guarantees
Is there a way to mimic the signature from the enclave? Is it 100% impossible or just unlikely? Does it vary by OS?
With proper use of the App Attest (iOS) and Play Integrity/Key Attestation (Android) APIs, it should be 100% impossible to mimic a signature. This relies on Apple and Google ensuring these APIs work as intended, however.
Jailbroken Devices
Have we considered more complicated attack vectors, such as jailbroken devices + running a "virtual app" to exploit the signatures?
Yes, the main attack vector is being able to feed in photos that weren't actually captured from the camera into our ZCAM signing protocol. We can protect our SDK as much as possible, including jailbreak detection, however this comes with certain drawbacks such as no support for jailbroken devices. The third party is also responsible to ensure their integrating app doesn't have any glaring security gaps.
See the jailbreak section on the Security page for more information.
Verification Post-edits
Does cropping or editing break the photo verification?
Yes, both bindings verification and ZK proof verification break when a photo is edited. This is because:
- The Apple App Attest signature (used in bindings verification) is over the hash of the original image
- The ZK proof (used in proof verification) also verifies the original photo hash
- When a photo is edited, the image bytes change, causing the hash to change
- The signature/proof verification fails because the hash no longer matches
Even though C2PA edit manifests can preserve the original capture manifest and add edit history, the actual signature verification will fail because the signature is over the hash of the original image bytes.
If you remove the metadata entirely or crop in a way that strips the C2PA manifest, the photo will also no longer be verifiable. We're looking into watermarking to insert data which could help with cropping, etc.
See the Editing C2PA Photos section for more details.
Cross Device Support
Does your solution detect fakes if a photo is taken with another device?
A photo taken by ZCAM can be verified on any device. However, one device with the ZCAM SDK installed cannot detect nor attest to a photo from another device. ZCAM is built on using a device's camera and secure enclave in tandem to guarantee authenticity.
Photo of Photo
Can it detect a photo of a photo?
No, this is not the intended usecase of ZCAM. What we can do is provide "contextual" metadata, for example metadata around subject depth, brightness, etc. that would indicate a potential photo of a photo.
See the Physical Replay Attacks section for more details.
Bindings vs Proof verification
What's the difference between bindings verification and ZK proof verification?
Bindings verification directly checks the Apple App Attest signature embedded in the C2PA manifest. It can be generated offline, however the attestation data is visible in the manifest.
ZK proof verification generates a zero-knowledge proof that verifies the attestation without revealing sensitive details. It provides enhanced privacy but requires network access for proof generation.
ZK proofs are completely optional. You can use ZCAM with bindings verification alone, which works entirely offline.
Choose ZK proof verification when:
- Privacy is paramount—you want to verify authenticity without revealing attestation details
- You can tolerate network latency for proof generation
Metadata Stripping
Which platforms preserve C2PA metadata when uploading images?
Short answer, most platforms where a user uploads image files to share strip metadata. Platforms where the service is more to "host files" may keep the metadata. LinkedIn has first class support for C2PA.
Platform Compatibility Table
This table documents how different platforms handle C2PA content credentials when images are uploaded and accessed through various methods:
| Platform | Upload Method | Read Method | Maintains Credential? | Notes |
|---|---|---|---|---|
| Notion | Upload using /file | Click on link, hosted on https://file.notion.so/... | ✅ | |
| Notion | Upload using /file | Download | ✅ | |
| Upload using upload file functionality | Download | ❌ | ||
| Link to image | Click on Link | ✅ | Doesn't render properly unless hosting has og tag | |
| New post (ensure original ratio/ not cropped etc.) | No way to download, can expect src to get uploaded image | ❌ | ||
| Upload in post | Natively embedded | ✅ | ||
| Upload in post | Download image | ❌ | ||
| Discord | Upload file | Open hosted link | ❌ | Strips metadata |
| Discord | Upload file | Download file from hosted link | ❌ | |
| Gmail | Attach file to email | Click preview | ❌ | |
| Gmail | Attach file to email | Download | ✅ | |
| Gmail | Embed file in email | Download | ✅ | |
| Gmail | Embed file in email | Click preview | ❌ |
Note: Cloudflare Images also supports C2PA.