Pixel 10s Digital Watermark Is Easy To Defeat

In the fight against digital misinformation, major tech companies are rolling out new tools to verify the authenticity of images. Like Samsung's Galaxy S25, Google's new Pixel 10 series now embeds C2PA (Coalition for Content Provenance and Authenticity) metadata into every photo. This digital watermark is designed to trace a photo's origin and log any edits made, answering the critical question: is this image real, AI-generated, or a mix of both?

When I got my hands on the new Google Pixel 10 Pro, I was curious about the robustness of this new system. Can this data be removed, edited, or even faked? I installed a tool called exiftool and started experimenting. What I found was both concerning and reassuring.

Understanding the Pixel 10s C2PA Watermark

For the C2PA system to work, apps and websites need to support it. On the Pixel 10, the native Pixel Camera and Google Photos apps are fully integrated. They can both add and read the provenance data. Photos taken on older devices won't have this watermark initially, but if you edit them on a Pixel 10, a new log will be added to show they were altered.

Here’s how it looks in practice:

• A new, unedited photo taken with the Pixel 10 is tagged with "Media captured with a camera."
• If you use non-generative tools for edits like cropping, applying filters, or even creating a panorama, the tag changes to "Edited with non-AI tools."
• However, if you use generative AI features like Magic Editor to add or remove objects, or the AI-powered Pro Res Zoom, the image is clearly labeled with "Edited with AI tools."

This information is also visible on other C2PA-compliant platforms, like the official Contents Credentials verification page, ensuring the data is transparent across different services.

How to Easily Remove the AI Watermark

My first attempt to manipulate the data was a blunt-force approach. I ran a simple command to strip all metadata from a photo of my dog that I had edited with AI.

exiftool [filename]

This worked, but it removed everything—including the time, date, and camera settings. An image with zero metadata is immediately suspicious and suggests tampering.

After some digging, I found a much more precise method. The C2PA data is stored in a specific part of the JPEG file called the JUMBF segment. With exiftool, you can target and delete only this segment.

exiftool -jumbf:all= [filename]

This simple command completely erased the C2PA watermark, including the "Edited with AI tools" tag, while leaving all the original EXIF data intact. The photo now appears as a standard image file with no clear sign of AI manipulation. While this doesn't prove the photo is real, it removes the embedded proof that it was altered by AI, leaving its authenticity ambiguous.

For a knowledgeable observer, the absence of a C2PA tag on a photo from a Pixel 10 is a new red flag. It could mean someone faked the EXIF data or, more likely, scrubbed the watermark to hide AI edits.

Why Faking the Watermark Is Nearly Impossible

While removing the watermark proved simple, my next goal was to see if I could fake it. Could I take an AI-edited image and apply the C2PA data from an authentic, unedited photo to make it look real?

My attempts to swap the metadata between two images were complete failures. Both Google Photos and the Content Credentials verifier immediately flagged the modified image with warnings like "media information missing, modified, or unrecognized" and "tampered with."

This is where the C2PA standard shows its strength. The metadata isn't just a simple text file; it includes a cryptographic hash that acts as a digital fingerprint, securely linking the provenance information to the image's unique pixel data. If even a single pixel in the image is changed, the hash no longer matches the one stored in the metadata, and the entire credential is invalidated.

This robust security check makes it incredibly difficult for someone to fraudulently apply a "real" watermark to a fake image. So, while you can easily erase the evidence, forging it is another matter entirely. It's a significant relief to know that faking the credential isn't a simple task.

Ultimately, the ease of removing the AI signature is concerning. But remember, if you come across a photo from a Pixel 10 that looks suspicious but lacks any C2PA marker, it's highly likely it was deliberately scrubbed.