Back to Lens

Guided Trust System

Lens balances strict cryptographic security with real-world usability. We use visual indicators to keep you informed about the integrity of your capture data.

Visual Status Indicators

Verified

Time matches trusted network servers. Photos signed with a trusted timestamp (RFC 3161 via TSA when available).

Offline / Unverified

We cannot reach trusted timestamp servers (Offline/Firewall). You must explicitly choose "Enable with Limited Trust"to sign photos. These captures are signed without a trusted timestamp; verification tools will show lower trust for the timestamp. Restore network connectivity to regain "Verified" status.

Tampered / Blocked

A significant discrepancy (>180s / 3 minutes) was detected between your device time and the trusted network time. C2PA signing is BLOCKEDto prevent "fake news" or spoofed evidence. You must set your device time to "Set Automatically" in iOS Settings. Lens will auto-detect the fix when you return to the app.

How It Works

1
Secure Enclave: Your signing key is generated in hardware and never leaves your device.
2
Network Time (NTP): We check system time against high-availability sources (Apple, Cloudflare, Google) with a 60-second drift limit.
3
Timestamp Authority (TSA): For verified captures, Lens retrieves an independent, RFC 3161-compliant timestamp from DigiCert (C2PA TSA Trust List) when available. This proves the capture time even if your device clock is later altered.

Related Documentation

Content Credentials

Learn about Content Credentials and how digital attestation works in Lens.

Learn more

UX Compliance

See how Lens implements guidance from the C2PA UX Recommendations 2.0 document.

View compliance

Security Compliance

Comprehensive security controls and threat mitigation.

View security