I want to only allow images that are taken directly with the phone’s camera on my web site. Are there any APIs or tricks that could help me tell if an image is authentic and taken with an iPhone or Android camera a few moments ago and not taken from Google Images.
Hi drstuggels they are a few ways to go about this.
To prevent upload from any file, take picture directly on your web interface, via the user webcam. You would need to
This would prevent lambda users from uploading picture "not live". If this is a solution you are considering, look for WebRTC. Although there are many blog post showcasing demo for this exact use case.
Such as: https://developer.mozilla.org/en-US/docs/Web/API/WebRTC_API/Taking_still_photos
As mentioned by iѕєρєня, you could try to access the EXIF metadata of the uploaded picture and run a validation mechanism, for let say freshness but looking for date and time field (if you are looking for a newly taken photo) or the camera model field to make sure it was taken by a camera (phone, DSLR, etc..).
DISCLAIMER: Nothing will prevent a malicious user from tampering with the js code or file to upload fake picture.