Mobile Capture
Answers to top questions about the Lens camera and Controlled Capture
Named one of TIME’s Best Inventions, Truepic’s secure camera technology captures, signs, and seals critical details in every photo or video, including date, time, the exact pixels captured, and optional location. While our Lens mobile SDKs also provide signing and verification capabilities for any media, the camera remains our flagship feature. This photography process, known as Controlled Capture™, ensures that the media is authentic, original, and contains accurate metadata. Each piece of media is protected by a tamper-evident C2PA seal, providing clear evidence if any alteration or mutation occurs after capture.
Are captures automatically signed?
Yes, they are! Signing original images and videos couldn't be easier using the Lens SDK because it only entails setting up the camera. Media creation and signing is automatically handled and passed back to the application.
Does the user or device need to give permission to the app to capture images?
Yes, the first time the user opens the camera, one or more permissions are needed from the user in order to work.
- Camera - Required
- Microphone - Optional
- Location - Required by default, but can be made optional. You can adjust the location requirements using a function available in the SDK.
Can an app request microphone and camera access again if the user denies the permissions?
No, on both Android and iOS, if a user denies microphone and camera access permissions to an app, the app cannot directly request those permissions again. Once denied, the user must manually grant the permissions through the system settings. However, you can prompt users to grant permissions again by providing clear explanations on why the permissions are necessary and guiding them on how to enable the permissions through the system settings (Android) or the iOS Settings app (iOS).
Are other cameras supported?
Our mobile SDKs are designed for smartphones, but we have other tools in the C2PA Signing Toolkit that are suitable for digital cameras. Contact us to learn more.
Do the SDKs collect or use biometric data?
No, it does not.
Is internet connectivity required?
The mobile SDKs do not require internet connectivity to capture media, but users must have opened your app once with connectivity in order to capture offline.
Offline Capture
Lens native mobile SDKs offer out-of-the-box support for capturing and signing photos and videos without device connectivity. We call this process offline capture, for short. Here we'll uncover the differences between being online and offline, and implementation guidelines to take into consideration.
Lens maintains two types of certificates on board each device.
| Certificate Type | Validity | Connectivity | Timestamp |
|---|---|---|---|
| Short-validity certificates | 24 hours | Online: used for signing with connectivity | Images signed while online always contain a trusted timestamp. |
| Long-validity certificates | 6 months | Offline: used for signing without connectivity | Images signed while offline never contain a trusted timestamp, this field will be intentionally null. |
SDK Launch Activities
On Launch, Lens checks if it has online connectivity, and checks the validity times of the certificates. If the validity is about to end for any certificate, the SDK attempts to refresh the certificate. This is done without blocking the user interface.
Certificates can only be obtained while online. This means that for your users to successfully capture media offline, they must first launch your app at least once while connected to the internet, and your app must launch the Lens SDK (the camera does not need to be visible for this to happen) during that visit for a long validity certificate to be obtained.
If a long-validity certificate expires while a device is offline, Lens will be unable to sign images until the device recconnects and obtains a new certificate. We hope this will be a rare occurrence, since the certificate is valid for 6 months.
Workflow Comparison
Below are the basic steps of capturing and signing a Truepic, with differences noted for when the device is online or offline in steps 1, 5, and 6.
| Step | If online... | If offline... |
|---|---|---|
| Step 1 - When the camera view is launched, the SDK checks certificate validity. | the check completes. | the check fails. |
| Step 2 - The user captures a photo or video. | - | - |
| Step 3 - The SDK passes the thumbnail to the host app. | - | - |
| Step 4 - The SDK gather assertion/claim data and queues it for signing. | - | - |
| Step 5 - The SDK's signing process requests a trusted timestamp. | the timestamp is acquired. The photo is signed with the short-validity certificate. | the timestamp request fails. The photo is signed with the long-validity certificate without a timestamp. |
| Step 6 - The SDK passes the signed Truepic to the host app. | the host app can immediately upload the Truepic, usually to the app's own server, or the Lens API. | the host app must wait to start the upload process until the device regains connectivity, using the Truepics saved on disk. |
Checking Long-Validity Length
As mentioned, a valid long-validity certificate is required to sign captures taken offline. To ensure a positive user experience, you may want to display information about how long a user has to remain offline before their certificate expires, or to prompt a user to open your app to obtain a new certificate while online. Here is how you may get the time remaining on the current long-validity certificate.
Date getLongTermCertificateExpiration();
/// Determines the time (in seconds, from the Unix epoch) until a signing certificate expires.
/// - Parameter term: the term of the certificate, either `.long` or `.short`
/// - Returns: time interval in seconds since epoch or nil if a certificate wasn't found
public func expirationTimeForCertificateWithTerm(_ term: LensCertificateValidityTerm) -> TimeInterval? {
let keyID = term == .short ? LensSecurityConfiguration.claimSigningCertShort : LensSecurityConfiguration.claimSigningCertLong
if let cert = claimEnroller.getClaimSigningCert(keyID, false) {
let expirationTime = signatory.getCertificateExpirationTimeInterval(for: cert)
return expirationTime
}
return nil
}
Implementation Notes
- The capture, signing, and potential uploading processes require a small amount of time, usually asynchronously.
- Your app users should wait one or two seconds after a capture before hard closing the app.
- After a device regains connectivity, please allow a few seconds for Lens to reconnect to Truepic servers.
Updated 19 days ago