An open-source Android camera that embeds cryptographic proof of authenticity at the moment of capture. ECDSA P-256 signed. SHA-256 hashed. 14 physical sensors fingerprinted.
C2PA-inspired content provenance for the 3 billion Android devices that flagship-only solutions ignore.
Six steps. One shutter press. Zero servers.
Take a photo with TrueShot, or enable Auto Mode to seal photos from any camera app automatically.
Accelerometer, gyroscope, magnetometer, barometer, light, proximity, gravity, rotation vectors, step counter — all sampled at the exact instant of the shutter.
Cryptographic hash computed on JPEG bytes up to the end-of-image marker. Change one pixel, the hash breaks.
Sensor data, EXIF metadata, device identity, screen risk score, and correlation hash — all packed into a JSON manifest.
Private key in Android Keystore (StrongBox/TEE) signs the manifest. Key is hardware-bound and non-extractable.
Signed manifest appended after JPEG EOI marker. Standard image viewers display the photo normally. Anyone can verify.
Every photo captures a physical snapshot of the device's environment at the exact moment of the shutter. 14 simultaneous sensor readings create a fingerprint that's extremely difficult to forge coherently.
Every photo is checked against 9 independent criteria.
Photographing a screen showing a deepfake is an attack that no existing provenance system addresses. TrueShot introduces a sensor-based approach: cross-correlating physical sensor readings at capture time to detect anomalies consistent with screen photography.
Six signals — proximity, light/ISO mismatch, magnetometer anomaly, gyroscope stability, dark room without flash, step counter — scored from 0 to 100. Uses physics, not pixels.
Multiple photos from different devices can be verified as mutually consistent — without any communication between devices.
Drop two or more photos on the web verifier. JavaScript compares barometric pressure (within 2 hPa), timestamps (within 5 min), GPS (within ~100m), and a correlation hash.
Enable once, forget about it. TrueShot runs a background service that detects new photos from any camera app and creates a sealed copy with the full manifest. No workflow changes needed.
Drag and drop one or more TrueShot photos. ECDSA signature verification and SHA-256 hash recalculation run entirely in your browser via WebCrypto API. Your photos never leave your device.
Open VerifierSHA-256 — Any modification to the image bytes, even a single pixel, produces a completely different hash.
ECDSA P-256 — Without the device's private key, forging a valid signature is computationally infeasible.
Android Keystore — Private key stored in TEE or StrongBox hardware. Non-exportable by design.
signedPayload — Each manifest binds to its specific image hash. Copying a manifest to another photo fails verification.
TrueShot provides tamper-evident cryptographic proof of capture. It does not guarantee content truthfulness, detect deepfakes, or constitute legal evidence.
Every line of code is auditable. Every cryptographic operation is standard. Every privacy claim is verifiable.
View Source on GitHub