How It Works
Most verification happens after you receive a photo. We verify before it leaves the phone. By the time it reaches your dashboard, the work is done.
Every other approach asks the same question: “Can we tell if this photo was tampered with?”
We ask a different one: “Can we make tampering impossible in the first place?”
When someone captures a photo through Vashix, nine things happen automatically in the background — before the photo ever reaches you. The phone's own hardware chip signs it. The GPS is verified. The device is checked. Liveness is confirmed.
By the time you see the photo, it either passes everything or it doesn't arrive at all.
No action required from the person capturing. This all runs silently in the background.
Before anything else, we check the device itself. Rooted phones, emulators, and virtual camera apps are blocked before the capture even begins.
Why it matters: A fraudster cannot use a modified phone to fake a capture through Vashix.
A one-time cryptographic key is generated inside the phone's secure hardware — the same chip that protects your banking apps. This key expires in 30 minutes and is never reused.
Why it matters: Even if someone intercepts the photo, they cannot reuse or replay it.
For 2 seconds before capture, the phone's motion sensors and camera work together to confirm there is a real human hand holding a real phone in a real environment. Pointing a camera at a screen, a printed photo, or a pre-recorded video fails this check.
Why it matters: You cannot submit an existing photo by showing it to the Vashix camera.
The image is captured directly into memory — it is never saved to the phone's gallery or file system during this process.
Why it matters: Malware and file-level attacks cannot intercept the photo before it is signed.
GPS coordinates, device movement, and ambient audio patterns are captured at the exact moment of the photo. These are sealed with the image — not attached afterward.
Why it matters: The location cannot be added or changed after the fact.
Motion analysis confirms the camera was seeing a real three-dimensional scene — not a flat image on a screen.
Why it matters: Holding up a photo of damage on your phone and photographing that does not work.
All device checks from Phase 1 are repeated after the photo is taken. This closes a specific attack window where someone might switch tools between the initial check and the capture.
Why it matters: No gap in the verification chain.
A unique identifier — tied to this session, this device, and this exact moment — is mathematically embedded into the image pixels. Invisible to the eye. Survives compression. If the image is edited after capture, this fingerprint breaks.
Why it matters: Any post-capture editing is detectable, permanently.
The phone's secure chip — not the app, not the OS, the chip itself — signs the photo and all sensor data together. This signature is the proof. It then uploads to Vashix servers where the Trust Score is computed.
Why it matters: The signature cannot be forged. If it is valid, the photo is genuine. If it is not, we know.
Is this a genuine Android phone running unmodified software? We verify this against Google's own hardware certification. Emulators and rooted devices are rejected.
Is a human actually holding the phone right now? Motion and camera analysis together confirm this. Screen replays and printed photos fail.
Is the GPS coordinate genuine? We detect apps that fake GPS locations. A fraudster cannot claim to be at a construction site while sitting in their office.
Has anything changed since the photo was taken? The embedded fingerprint and hardware signature make post-capture editing permanently detectable.
Has this exact image — or something very similar — been submitted before? Duplicate and recycled photos are caught automatically, even if the file has been re-saved or slightly cropped.
The Trust Score is not an AI opinion. It is a direct count of how many verification signals passed — and how strong each one was.
Every point is traceable to a specific check. You can see exactly why a photo scored 84 or 23.
Hardware chip signed. All checks passed. Designed for court proceedings. Auto-approve eligible.
Hardware verified. GPS and liveness confirmed. Suitable for standard claims and field inspections.
Live capture confirmed — taken right now, not from a gallery. No hardware attestation. Flag for review on high-value cases.
A WhatsApp photo, a screenshot, or a file upload. No provenance. Treat as unverified.
You set the threshold. We tell you the score. The decision is yours.
We are specific about this because trust requires honesty.
A fraudster could take a genuine Vashix-verified photo of a car that was already damaged before the reported incident. That is a business judgment call — and it remains yours to make.
Vashix eliminates the evidence manipulation problem. Your team focuses on the claim itself.
Every Vashix capture comes with a one-click certificate meeting Section 63 of the Bharatiya Sakshya Adhiniyam 2023. Your evidence is designed for legal proceedings from the moment it is taken.
Consent is captured before every session. Erasure and audit capabilities are built in, not added later.
Every photo carries an embedded provenance manifest — the same standard used by Adobe, Microsoft, and Google. It travels with the image wherever it goes.
Secure cloud infrastructure.
We send a link. You capture a photo. You watch the Trust Score appear. No slides. No theory. Just the product working.