GPS Coordinates in Your Photos: How EXIF Leaks Your Location

Open a photo from your phone in a metadata viewer and you'll usually find your home address. Not as a string — as latitude and longitude, accurate to within a few metres, written into the file the moment you took the picture. EXIF GPS tags are extraordinarily useful for organising a photo library and extraordinarily revealing when a file leaves your phone. Here's exactly what gets stored and where it does and doesn't survive.

What Actually Gets Written

The EXIF spec (CIPA DC-008-2019) defines a dedicated GPS Information IFD — a sub-block of the file's metadata containing more than 30 location fields. Most phones populate a consistent subset:

• GPSLatitude and GPSLatitudeRef — degrees, minutes, seconds and a hemisphere (N/S).
• GPSLongitude and GPSLongitudeRef — same, for E/W.
• GPSAltitude and GPSAltitudeRef — metres above or below sea level.
• GPSTimeStamp and GPSDateStamp — UTC time of the fix, separate from the camera's clock.
• GPSImgDirection — which way the camera was pointing, in degrees from true or magnetic north.
• GPSSpeed, GPSTrack, GPSDOP — speed, heading, dilution of precision.

On a modern phone, fixes typically come from a fused source — GNSS satellites, WiFi geolocation, cell tower triangulation. Indoor photos often still carry a coordinate because the WiFi-positioning database knows where the network is.

How Precise Is It

Outdoor smartphone GPS, with clear sky, is accurate to roughly 3–5 metres. That's enough to identify a specific house, a specific room of an office building, or a specific table at a restaurant. The GPSDOPtag (dilution of precision) sometimes hints at the quality of the fix — values under 5 are good, over 10 are degraded. Most viewers don't surface it, so the user sees one set of coordinates with no confidence interval.

Indoor or urban-canyon shots can be off by 50–100 metres. That's still enough to pin a city block.

Which Platforms Strip It

Behaviour varies by service and has changed over the years. Current state, as of 2026:

• Twitter/X, Facebook, Instagram, TikTok: strip GPS on upload. The displayed photo carries no location metadata.
• WhatsApp, Signal, iMessage: strip GPS when sending compressed photos. Files sent "as document" or "original quality" often retain it.
• Discord, Slack, most messaging apps: usually retain EXIF on attachments, including GPS. Confirm before assuming.
• Email: always retains. Email clients don't modify attachments.
• Cloud sync (Google Photos, iCloud Photos): retain GPS. Shared albums and shared links retain GPS unless the source app strips it.
• Reddit, Imgur, generic image hosts: historically retained; many now strip. Don't rely on the platform.

The pattern: large public-facing social networks strip metadata to limit liability. Direct file-transfer paths — email, messaging apps in "document" mode, cloud storage — preserve it.

The XMP Duplicate

EXIF isn't the only place GPS data lives. Adobe's XMP standard (the metadata block that Lightroom, Capture One, and many phone editors write) duplicates location into exif:GPSLatitude / exif:GPSLongitude XML fields. A "remove EXIF" tool that doesn't also clean XMP leaves the coordinates intact in a parallel block. iOS reverse-geocodes the GPS into a human-readable place name and writes it to iptc:City, iptc:Country, and iptc:Sublocation — three more places to scrub.

Sidecar Files

Pro cameras and editing software often store metadata in a separate .xmpsidecar next to the image. Stripping the JPEG's embedded EXIF doesn't touch the sidecar. If you're sharing a folder, either delete the sidecar or run the metadata removal tool on it as a separate file.

Turning It Off at the Source

Both major mobile OSes let you disable location tagging:

• iOS: Settings → Privacy & Security → Location Services → Camera → Never.
• Android: Camera app → Settings → Save location (toggle off). Per-app location permission for the camera also disables it.

Both let you share a photo without location selectively — iOS via the "Options" sheet on the share menu, Android via "Remove location data" in some gallery apps. Worth getting in the habit of.

Decoding It Yourself

Any EXIF reader will display GPS tags. The format inside the file uses three rationals (degrees, minutes, seconds) plus a reference letter. To convert to decimal:

decimal = degrees + minutes/60 + seconds/3600
if ref is 'S' or 'W': decimal = -decimal

Plug the result into any maps app and the location appears on the map. There's nothing clever about it — just a small standard for storing a number that turns out to be more sensitive than most people realise.

If a photo is going somewhere you don't fully trust — a forum, a marketplace listing, a stranger over messaging in document mode — strip the metadata first. The convenience of having photo locations on your map app is real; so is the cost of accidentally publishing your home address.