Most photographs are taken on phones, so whether phone photos carry provenance decides whether provenance matters for photography at large. The answer in mid 2026 is lopsided: one phone line signs everything by default, one marks only its AI edits, and the most popular camera in the world ships nothing. Here is where each stands, verified against primary sources, and what to do if your phone is on the wrong side of the table. For dedicated cameras, our camera C2PA list tracks the same question body by body.
The state of play
| Phone | Signs real photos at capture | Notes |
|---|---|---|
| Google Pixel 10 | Yes, by default | Hardware-backed, every Pixel Camera photo |
| Google Pixel 8 / 9 | Partially | Video signing announced May 2026; photo backport unconfirmed |
| Samsung Galaxy S25 / S26 | No | Credentials only on AI-edited images |
| Apple iPhone | No | No native C2PA; third-party apps only |
| Sony Xperia | No | Sony's C2PA lives in its Alpha cameras only |
| Everything else | No | Chipset capability exists, unshipped |
Pixel 10: the reference implementation
The Pixel 10, launched in August 2025, is the first phone to sign photos at capture, and Google built it the thorough way. Every photo from the Pixel Camera app gets C2PA Content Credentials automatically, with no setting to find. The signing keys are generated and stored in the Titan M2 security chip, the Tensor G5 handles the cryptography inside the imaging pipeline, and the implementation was the first at the C2PA Conformance Program's Assurance Level 2, the highest tier currently defined. The phone even timestamps on-device while offline, addressing the certificate-expiry problem that Canon solves server-side for newsrooms.
Google Photos participates too: edits, AI or otherwise, get recorded in updated credentials rather than silently breaking the chain. At its I/O event in May 2026 Google announced extending signing to video capture and bringing that to the Pixel 8 and 9 by software update. Whether still-photo signing also reaches those older models is not yet confirmed, so if you own a Pixel 8 or 9, check your camera app's behavior rather than assuming.
The Pixel 10 shows what phone provenance looks like when a vendor commits: default-on, hardware-rooted, conformance-certified. It also shows the ceiling of adoption speed, because it took until late 2025 for the first such phone to exist.
Samsung: credentials for AI edits, not for photos
Samsung's Galaxy S25 became the first Android phone with Content Credentials in January 2025, but pointed backwards: credentials and a visible watermark are attached to images edited with Galaxy AI, while photos straight from the camera get nothing. As commentators noted at the time, that inverts what photographers need. It documents artificiality without ever documenting authenticity, so a real, unedited Galaxy photo remains as undocumented as any other image. The implementation is also software-level, without the hardware root of trust Google shipped, and Samsung's certificates initially were not on the C2PA trust list that third-party validators check.
For the S26 generation announced in early 2026, Samsung's own materials confirm the same shape, Content Credentials in the Gallery app and marking of AI edits. Claims circulating that the S26 signs real photos at capture are not supported by any Samsung primary source we could find, so treat them as unconfirmed. If you shoot on a Galaxy, assume your genuine photos carry no credentials.
iPhone: the biggest camera with no credentials
The iPhone, the most-used camera on earth, has no native C2PA support as of the iPhone 17 and iOS 26 era. Apple has made no public commitment to the standard, and nothing in its camera pipeline writes Content Credentials. Whatever Apple's eventual plans, photographers shooting iPhone today cannot get capture-time provenance from the built-in camera at all.
What exists instead is the app route: third-party camera apps that implement C2PA signing themselves. This is exactly why we built Lumethic Capture, an iOS camera app that gives iPhone photos a verifiable capture record, tied into the same verification platform that checks the result. The app route has an inherent limit worth stating honestly: an app cannot reach the hardware root of trust that Pixel's implementation uses, a constraint that applies to every iOS capture app equally until Apple opens the pipeline. Within that constraint, a signed capture from a dedicated app is still categorically more evidence than the nothing an unmodified iPhone provides.
What signing on a phone does and does not get you
The same expectations that apply to in-camera signing apply here, with one phone-specific sharpening on each side.
Sharper on the upside: phones are where disputes happen. The photo that needs its authenticity established is more often a phone shot of an event than a studio frame, and a capture-time record on exactly those images has outsized value.
Sharper on the downside: phones are where metadata goes to die. Phone photos live on social platforms, and platform pipelines strip credentials from nearly everything they serve. A Pixel 10's beautifully signed photo arrives on Instagram as an unsigned JPEG like everyone else's. The signature helps when you can present the original file, in a dispute, to an editor, in a verification workflow, and mostly does not help in the feed.
Which is to say: on phones, even more than on cameras, the signed original you keep is the asset, and the copy the world sees is unprovable on its own.
Closing the gap on any phone
If you have a Pixel 10, you are done at capture time; keep the originals and know how to export them with credentials intact.
On any other phone, two layers substitute for what your camera does not do. At capture, a signing app: on iPhone, Lumethic Capture records a verifiable capture, and our launch article explains how it works. After the fact, verification against your original: every phone keeps a highest-quality original of each photo, and a comparison between that original and any published copy establishes the same relationship a signature attests, that the published image faithfully derives from a real capture. Lumethic's verification runs that comparison on phone photos the same way it does on RAW files, and it is the only layer in this article that also works retroactively, for the photos already on your phone from years before any of these standards shipped.
Frequently Asked Questions
Does the iPhone support Content Credentials?
Not natively, as of iOS 26 and the iPhone 17 generation. Apple has announced no C2PA support, and photos from the built-in camera carry no credentials. Third-party capture apps such as Lumethic Capture add signed capture records on iOS.
Which phone signs photos by default?
The Google Pixel 10 is the only phone that signs every photo from its camera app by default, with keys held in its Titan M2 security chip. Google has announced extending signing to video and to the Pixel 8 and 9, with the scope of that backport still to be confirmed.
Do Samsung Galaxy photos have Content Credentials?
Only images edited with Galaxy AI get credentials and a watermark. Unedited photos from the camera carry nothing, on the S25 and, per Samsung's own materials, on the S26 as well. Claims of full capture-time signing on the S26 are unconfirmed.
Do phone Content Credentials survive on WhatsApp or Instagram?
Generally no. Platforms re-encode uploads and strip metadata, credentials included; WhatsApp preserves them only when an image is sent as a document. The signed original on your phone is the copy with evidentiary value, so keep it.
My photos are from an older phone with no signing. Can they still be verified?
Yes. Verification compares a published image against the original your phone stored and needs no signature to do it. That works for any phone, any age of photo, which is what makes it the universal layer while capture signing spreads one flagship at a time. The first checks are free.
Phone provenance in 2026 is one excellent implementation, one inverted one, and one absence, which means for most people the phone in their pocket settles nothing by itself. The good news is that the evidence a phone produces anyway, the original file, already supports verification today, and Lumethic Capture brings signed capture to the platform that lacks it. The table above will improve. Your archive does not have to wait for it.