Of course, if the OS cannot be trusted, then the photo method won't work anyhow.

How can you be sure that when the bitcoin address was generated, the OS didn't supply a false "random" private key?  Perhaps the OS uses a hidden algorithm to provide private keys that appear to be random, but which are actually predictable?