Back to Lens

Guided Trust System

Lens balances strict cryptographic security with real-world usability. We use visual indicators to keep you informed about the integrity of your capture data.

Visual Status Indicators

Verified

Time matches trusted network servers. Signed with "Network Verified" timestamp.

Offline / Unverified

We cannot reach trusted time servers (Offline/Firewall). You must explicitly choose to "Enable with Limited Trust" to sign photos. These captures will be marked as "Self-Asserted Time" to ensure transparency. Restore network connectivity to regain "Verified" status.

Tampered / Blocked

A significant discrepancy (>180s / 3 minutes) was detected between your device time and the trusted network time. C2PA signing is BLOCKED to prevent "fake news" or spoofed evidence. You must set your device time to "Set Automatically" in iOS Settings. Lens will auto-detect the fix when you return to the app.

How It Works

1
Secure Enclave: Your signing key is generated in hardware and never leaves your device.
2
Network Time (NTP): We check system time against high-availability sources (Apple, Cloudflare, Google) with a 60-second drift limit.
3
Timestamp Authority (TSA): For verified captures, Lens retrieves an independent, RFC 3161-compliant timestamp from DigiCert (C2PA TSA Trust List) when available. This proves the capture time even if your device clock is later altered.

Related Documentation

Content Credentials

Learn about Content Credentials and how digital attestation works in Lens.

Learn more

UX Compliance

See how Lens implements C2PA UX v2.2 recommendations.

View compliance

Security Compliance

Comprehensive security controls and threat mitigation.

View security