Google's Security Blog explains how the Pixel 10 has achieved "Assurance Level 2" and you can trust their pictures.
https://security.googleblog.com/2025/09/pixel-android-trusted-images-c2pa-content-credentials.html

Unfortunately, comments on their blog are restricted to "team members". I guess Google doesn't want to hear any criticisms. Such as: they don't protect any of the metadata, so anyone can trivially change the EXIF date, time, make, model, GPS, and more without breaking the cryptographic signature. I have working examples on my blog:
https://hackerfactor.com/blog/index.php?/archives/1077-Google-Pixel-10-and-Massive-C2PA-Failures.html