What is EXIF data on iPhone photos?

EXIF (Exchangeable Image File Format) data is metadata embedded in every photo. On iPhone, it includes GPS coordinates, date and time, device model, lens info, camera settings, and sometimes altitude and direction. This data travels with the photo when you share it.

Can someone find my location from a photo I shared?

Yes, if you shared the original file with EXIF data intact. The GPS coordinates embedded in the photo pinpoint where it was taken, often within a few meters. iMessage, AirDrop (with All Photos Data enabled), and email all preserve this metadata by default.

How do I remove EXIF data from iPhone photos before sharing?

When sharing via the iOS share sheet, tap Options at the top and disable Location. This removes GPS data but not other EXIF fields. For complete metadata removal, use a dedicated app like Metapho or ViewExif, or use a vault app like Inner Gallery that strips metadata automatically on share.

Does Instagram remove EXIF data from uploaded photos?

Yes. Instagram, Twitter/X, and Facebook strip EXIF metadata from uploaded photos. However, the platforms retain the original metadata on their servers — they remove it from the public-facing file, not from their own databases.

What is the difference between EXIF data and photo metadata?

EXIF is one type of photo metadata, specifically the technical data written by the camera (GPS, settings, device info). Photos can also contain IPTC metadata (captions, copyright) and XMP metadata (editing history). On iPhone, EXIF is the primary metadata format.

← Back to blog

March 30, 2026·10 min read

What Is EXIF Data? What Your iPhone Photos Reveal About You

Every iPhone photo carries hidden metadata: GPS coordinates, device model, timestamps. Learn what EXIF data is, who can see it, and how to strip it.

Privacyblog.displayTags.privacyiPhone

TL;DR

Every photo you take with your iPhone embeds hidden data: GPS coordinates accurate to a few meters, the exact date and time, your device model, camera settings, and sometimes your altitude and compass direction. This metadata — called EXIF data — travels with the photo when you share it. Depending on how you share, the recipient can extract your home address, workplace, and daily routines from your photo library.

What EXIF data your iPhone records

EXIF stands for Exchangeable Image File Format, a standard defined by JEITA (Japan Electronics and Information Technology Industries Association). Every digital camera writes EXIF data into photo files at capture time.

Your iPhone records these fields in every photo:

Location data:

GPS latitude and longitude (accurate to ~3 meters with iPhone's GPS chip)
Altitude above sea level
Compass direction (the direction you were facing)
Speed (if you were moving)

Device information:

Device model (e.g., "iPhone 15 Pro Max")
iOS version
Lens used (wide, ultrawide, telephoto)
Unique software identifiers

Camera settings:

Shutter speed, aperture, ISO
Focal length
Whether the flash fired
White balance mode

Timestamps:

Date and time the photo was taken (to the second)
Time zone offset

You can see this data yourself: open any photo in the Photos app, swipe up, and look at the map and camera info. That's a subset of the full EXIF payload. Apps like Metapho or ViewExif show everything.

Why EXIF data is a privacy problem

The EFF documented the privacy risk of photo metadata back in 2012. The core issue hasn't changed: most people don't know this data exists, and most sharing methods don't remove it.

Proton's analysis breaks down the risk: "EXIF data can reveal your home address, daily routines, and frequently visited locations — all extractable from a handful of geotagged photos."

ISACA's 2025 report on EXIF as a cybersecurity risk notes that GPS coordinates from professional event photos can expose the locations of public figures, and employee social media posts can disclose office locations through embedded metadata.

Here's what a determined person can learn from 10-20 of your photos with EXIF intact:

Your home address — photos taken in the evening and morning cluster at one GPS coordinate
Your workplace — photos taken during business hours cluster at another
Your daily commute — timestamps and GPS traces between home and work
Your travel patterns — vacation photos reveal exact hotels, restaurants, routes
Your device — iPhone model tells them your approximate budget and when you last upgraded
When you sleep — the gap between your last photo and first photo of the next day

This isn't theoretical. John McAfee was located in Guatemala in 2012 because a Vice journalist published a photo with GPS metadata intact. Stalking cases have been built on EXIF data from photos shared on forums that didn't strip metadata.

Not all sharing methods treat metadata the same way. This matters because the same photo can be privacy-safe on one platform and a GPS beacon on another. (For a detailed breakdown of every sharing method, see What Happens to Your Photo Privacy When You Share on iPhone.)

Preserves full EXIF (including GPS):

iMessage — sends the original file with all metadata to other Apple devices
AirDrop (with "All Photos Data" enabled) — transfers the raw file
Email attachments — the original file with full EXIF goes to the recipient
Shared iCloud Albums — preserves metadata within the Apple ecosystem
Files app / USB transfer — raw file, no stripping

Strips GPS but may keep other EXIF:

AirDrop (default settings) — removes location but keeps device info and timestamps
iOS Share Sheet with Location disabled — removes GPS only

Strips most or all EXIF:

WhatsApp (sent as photo) — re-encodes the image, stripping most metadata
Instagram — strips EXIF from the public file (retains it on their servers)
Twitter/X — strips EXIF from the public file
Facebook — strips EXIF from the public file
Signal — strips metadata by default

Important caveat about social media: Instagram, Twitter, and Facebook remove EXIF from the files other users can download. But the platforms store the original metadata in their own databases. You're not keeping the data private — you're giving it to the platform exclusively instead of the public.

iMessage, email, and AirDrop all send your GPS coordinates by default. The recipient of a photo sent via iMessage can see exactly where and when you took it.

How to check and remove EXIF data on iPhone

Check what's in your photos

Photos app — open a photo, swipe up. Shows location on a map, camera info, and date. Limited view.
Metapho (App Store) — shows the full EXIF payload including GPS coordinates, device model, all camera settings.
Online tools — sites like exifremover.com let you upload a photo and view all metadata fields. Files are processed in the browser and never uploaded to a server.

When sharing a photo, tap Options at the top of the share sheet. Disable Location. This removes GPS coordinates from the shared copy. It does not remove other EXIF fields (device model, timestamps, camera settings).

This is the minimum step. It handles the most sensitive field (GPS) but leaves a trail of other identifying data.

Disable location recording entirely

Go to Settings → Privacy & Security → Location Services → Camera → Never. The Camera app stops recording GPS coordinates in new photos. Existing photos keep their metadata.

This is a permanent fix for future photos, but you lose the ability to sort photos by location in the Photos app and on the map view.

For complete removal, use an app that strips all EXIF fields:

Metapho — edit and remove specific EXIF fields or strip everything
ViewExif — view and delete metadata
Shortcuts app — create a shortcut that converts photos to PNG (which drops most EXIF) or uses the "Set Metadata" action

Automatic stripping in a vault app

Inner Gallery strips metadata automatically when you share photos from the app. The metadata stripping system uses an allowlist approach: only orientation, dimensions, and color profile survive. GPS coordinates, device info, timestamps, camera settings — all removed before the file leaves the app.

This is the most reliable approach because it requires zero manual steps. You share from the vault, the metadata is gone. No toggles to remember, no extra apps needed.

EXIF data and photo sorting: the other side

EXIF isn't only a privacy risk. The DateTimeOriginal field is what allows photo apps to sort your pictures chronologically by capture date instead of import date.

If you've ever imported old photos and found them sorted by the wrong date, that's because the importing app used the file's creation timestamp (import date) instead of the EXIF capture date.

Inner Gallery reads the EXIF DateTimeOriginal field at import time and uses it for gallery sorting. The metadata gets stripped from the encrypted file, but the capture date is preserved as a separate field in the encrypted index. You get correct chronological order without carrying GPS coordinates in your stored files.

What happens to EXIF when photos are encrypted

Standard encryption wraps the entire file — EXIF included. If you encrypt a photo with ChaCha20-Poly1305 and then decrypt it later, the EXIF data comes back intact. Encryption protects confidentiality (nobody can read the file without the key), but it doesn't clean the file's contents.

This means a vault app that encrypts photos but shares the decrypted originals is still leaking metadata. The question is what happens at the sharing boundary — when the photo leaves the vault.

Inner Gallery handles this in two stages:

At import: EXIF capture date is extracted and stored separately. The photo is encrypted with all metadata intact (so no data is lost).
At share: The photo is decrypted, metadata is stripped using an allowlist (only orientation, dimensions, color profile kept), and the clean file is handed to the share sheet.

The architecture means your stored photos retain full fidelity (correct dates, proper orientation), but shared copies carry no identifying metadata. See Why Inner Gallery Works Without a Server for more on the local-only design.

Real-world EXIF privacy incidents

John McAfee (2012): Antivirus founder on the run in Belize. A Vice journalist photographed him with an iPhone 4S. The published photo contained GPS coordinates that pinpointed McAfee's location in Guatemala.

Higinio Ochoa III (2012): An Anonymous hacker posted a taunting photo to Twitter. The EXIF data contained GPS coordinates that led the FBI to his girlfriend's house in Melbourne, Florida, where he was arrested.

Stalking via resale platforms: Photos of items listed on Craigslist, Facebook Marketplace, and similar platforms can contain GPS data showing the seller's home location. Multiple law enforcement agencies have issued warnings about this attack vector.

Domestic abuse: The National Network to End Domestic Violence documents cases where abusers tracked victims through photo metadata shared in messages or social media posts.

EXIF data has been used to locate fugitives, identify hackers, stalk victims, and expose home addresses through marketplace listings. The data is accurate, persistent, and often shared without the photographer's knowledge.

The EXIF privacy checklist

Disable camera location access (Settings → Privacy & Security → Location Services → Camera → Never) if you don't need geotagged photos
Check the Options toggle in the share sheet before sending photos via iMessage, AirDrop, or email — disable Location at minimum
Use a metadata-stripping app for sensitive photos before sharing on any platform
Don't trust "EXIF stripped" claims from social media — platforms remove EXIF from public files but store it in their own databases
Use a vault app with automatic metadata stripping for photos you share from private storage — manual steps get forgotten
Check your existing photo library — every photo you've taken with Location Services enabled for the Camera has GPS coordinates embedded right now
Review your photo privacy settings as part of a broader device lockdown

✅

Inner Gallery strips metadata automatically when sharing photos from the vault — GPS, device info, timestamps, camera settings are all removed. Combined with per-file encryption and zero network permissions, your photos stay private both in storage and when shared.

Related reading:

What Happens to Your Photo Privacy When You Share on iPhone — detailed breakdown of what each sharing method does to your metadata
Photo Encryption on iPhone: What It Actually Means — the difference between OS encryption and app-level encryption
Why Your Photos Are in the Wrong Order — how EXIF dates affect photo sorting and why import date breaks chronology
The iPhone Photo Privacy Checklist — 10 steps to lock down your photo privacy
Which Apps Can Secretly Access Your iPhone Photo Library? — how apps read your photos without you knowing
Why Inner Gallery Works Without a Server — local-only architecture and what it means for your data

Download Inner Gallery