[rh-app-dev]

The security in the app does. The signatures use the captured content and other data as criteria. If any of it or the file is tampered with, it fails validation. And you can only apply the signature to content captured by the camera. Can't be added afterwards.

[uberman]

Does this app somehow interface directly with the hardware? Last I looked iOS saved photos to files that apps had to them open up?

[rh-app-dev]

Yes it does. It uses the camera but creates its own content files and stores in its own location. The content files can be exported via sharing in the app.

[apothegm]

Why couldn’t someone else make their own signing system, though, and apply it to arbitrary images?

[rh-app-dev]

Easier said than done, as I just went through it. And if they did, and it did all the checks to ensure the device is valid, the backend that tracks the devices and issues the certificates, accounting for the various methods of altering content to fake a valid one, then I'd applaud them.

This system works with both mobile device platforms and content created with it can be validated by the app on any other device. There will also be a web validation tool soon.

The security behind the solution is designed to withstand legal and audit challenges. Making your own signing system is not as simple as it sounds.

[pavel_lishin]

Is it possible to run in an emulator, with a fake camera input?

[rh-app-dev]

Haven't tried that, but the big hurdle is getting validation of those test cases from App Attest and Play Integrity. Those are required for running the app.