Img needs to be encrypted in the img provider server. Only user and reciver have a key to unlocked. When img is unlocked it is store in device secure memory. From there...user can do whatever he like. The point is that img pixels in the server are encrypted... Not the link (string).