TL;DR: Every photo a modern phone takes carries a GPS Info IFD inside its EXIF block — a small structured directory holding GPSLatitude, GPSLongitude, GPSAltitude, GPSTimeStamp, and (on newer iPhones and Pixels) GPSHorizontalAccuracy and GPSImgDirection. The coordinates resolve to a 3–10 meter circle around where you stood when you tapped the shutter. To remove them, open metadatacleaner.app in your browser, drop the photo in, click Clean, and download. The file never leaves your device — the JavaScript in your tab parses the EXIF tree, deletes the GPS IFD, neutralises the embedded thumbnail's metadata copy, and writes a cleaned JPEG/HEIC/PNG/WebP back to your filesystem. Pixels are unchanged. Coordinates are gone.
Photos carry their own paper trail. Every modern phone camera writes a small directory of tags into the file that names, with surveyor-grade precision, where the shutter fired. Most people who post photos online don't know it's there. The ones who read it are interesting enough that we should talk about it.
This is the walkthrough — what the GPS block contains, why your phone writes it even when you think location is off, how three lines of code read it back out, and the clean way to remove it.
What GPS Data Lives Inside a Photo
The EXIF (Exchangeable Image File Format) specification, maintained by the Japan Electronics and Information Technology Industries Association as JEITA CP-3451, defines a structured directory inside every modern image file format. EXIF is what carries the camera make, the lens, the shutter speed, the ISO — and, importantly, the GPS Info Image File Directory.
The GPS IFD sits at EXIF offset 0x8825 and holds about thirty tags. The ones that matter for privacy:
GPSLatitude/GPSLatitudeRef— latitude in degrees-minutes-seconds plusNorSGPSLongitude/GPSLongitudeRef— longitude plusEorWGPSAltitude/GPSAltitudeRef— elevation in meters above or below sea levelGPSTimeStampandGPSDateStamp— UTC time and date of the GPS fix (separate from the photo's capture timestamp)GPSImgDirection— which direction the camera was pointedGPSSpeed— how fast the camera was moving (newer phones write this when motion is detected)GPSHorizontalPositioningError— the accuracy radius of the fix in meters; iPhones from iOS 14 onward write this routinelyGPSProcessingMethod—GPS,CELLID,WLAN, orMANUAL, naming the source of the coordinates
A photo taken on an iPhone 15 on a Brooklyn sidewalk carries every one of these. The fix is accurate to 3–5 meters horizontally and 10–15 meters vertically. The direction tag tells a reader where the camera was pointed; the accuracy tag tells them how much to trust the coordinates. Together they make the photo a fully-attributed observation about where you were and what you were looking at.
This is not a glitch. The original use case was geotagged travel photography in the early 2000s — Picasa, iPhoto, and Adobe Bridge wanted coordinates baked into the file so they could plot them on a map. Smartphones inherited the format and the assumption was never revisited.
Photo by cottonbro studio on Pexels.
How Easy Is It to Read These Coordinates Back Out?
Trivial. The EXIF block is plain structured data — not encrypted, not obfuscated, decodable by every photo viewer on every platform. The standard methods:
- macOS Preview — press ⌘I for Inspector, click the GPS tab. Coordinates appear on a map with a clickable link to Apple Maps.
- Windows File Explorer — right-click → Properties → Details. Scroll to GPS.
- iOS Photos — swipe up on any photo; the location is pinned on a small map.
- metadata2go.com — drag the file in, GPS section appears with a Google Maps link prefilled.
- ExifTool:
exiftool -G1 -GPS:* photo.jpgdumps every GPS tag, plus aGPSPositionline with decimal degrees ready to paste into any map. - Python in three lines:
from PIL import Image; img = Image.open('photo.jpg'); print(img._getexif()[34853]). The integer is the tag ID forGPSInfo; the return value is the subdirectory as a Python dict.
None of these require permissions or accounts. If you can read a photo, you can read its GPS block. The barrier to entry is one drag-and-drop. The asymmetry between how invisible the GPS block feels to the person posting and how trivial it is to read for anyone who receives the file is the entire problem this post exists to address.
Why Phones Save GPS Even When You Think You Turned It Off
Two location permissions live in different parts of your operating system, and people routinely confuse them.
The first is the global "Location Services" toggle in Settings → Privacy & Security. When this is off, no app can get coordinates.
The second is the per-app permission for the Camera app specifically. Grant it once (iOS and Android both prompt on first launch) and the camera attaches GPS to every photo. People who deny location to Instagram, Reddit, and TikTok often still have it granted to the Camera app, because that was a separate prompt months earlier.
A third complication: some camera modes route through a different code path that retains location even when the Camera app's permission appears off. Apple's Live Photos, Cinematic mode, and some Android computational-photography modes can write GPS through a system service. The safest assumption is that any photo your phone produced has GPS unless you actively stripped it. Third-party camera apps (Halide, Camera+, Open Camera) usually request their own location permission and write GPS the same way.
The privacy posture here, as the EFF has argued for over a decade, is that the design optimises for convenience rather than data minimisation. The fix is not to fight the operating system — it is to strip the metadata before any file leaves your control. (iPhone's photo metadata has more than just GPS.)
Photo by omari jalagania on Pexels.
Who Actually Reads the GPS Block, and When
The risk surface is wider than most people assume. Three groups of readers:
Social platforms. Instagram, Facebook, X, and Reddit all strip EXIF (including GPS) from photos on upload before re-serving them publicly — but they read the metadata first and retain it server-side. The public version is clean; the version the platform stores is not. Uses vary by company: ad targeting, recommendation graphs, abuse-investigation tools, training data. WhatsApp is different — the file you send through chat arrives with EXIF intact unless you use the "Document" attachment type, and even then the situation is more nuanced than most users realise. iMessage and SMS preserve EXIF entirely.
Anyone you share the file with directly. AirDrop, email attachments, Slack uploads, Google Drive links, Dropbox shares — all preserve the original bytes. The recipient can extract GPS with any of the methods above. This is how journalists triangulate the origin of leaked images, how stalkers identify the home of someone who posts a courtyard selfie, and how police pull location data from suspect-supplied photos.
Adversarial readers in narrower scenarios. Doxxers scraping public Reddit. Estranged partners pulling EXIF from a dating-profile photo. Stock-photo agencies enforcing geographic licensing. Insurance investigators verifying claimed locations in damage reports. Documented cases of each. The common thread is the GPS block being read by people the photographer didn't anticipate.
The right question is not "does any of this apply to me" but "do I want the option to control it." Stripping GPS before you ship the file is the option.
The Browser-Only Workflow
Here is how to do it cleanly, with the file never leaving your device:
- Open Metadata Cleaner in any browser — Safari on iPhone, Chrome on Android, anything on desktop. No login, no account.
- Drag the photo into the drop zone (or tap to pick from your camera roll on mobile). The file loads into the browser tab's memory.
- Click Clean. The JavaScript in the tab parses the EXIF tree, deletes the GPS IFD, removes the embedded thumbnail's EXIF copy (which would otherwise carry a GPS duplicate), normalises the remaining EXIF, and writes a fresh file.
- Click Download. The cleaned photo lands back on your camera roll or filesystem.
The bytes pass through your browser's memory and back to disk; they don't touch a server. We don't see the file; nobody logs the coordinates. (This is the same browser-only architecture as our video tool — the principle generalises across formats.) The clean takes about half a second for a typical 4 MB photo. Batch is the only thing behind the $4.99/month Pro tier; single-file cleans are free and unlimited.
Photo by SHVETS production on Pexels.
Verifying the GPS Tags Are Actually Gone
Trust but verify. The check is as easy as the read:
- Drop the cleaned file into metadata2go.com. The GPS section should be absent — not zeroed out, missing entirely.
- Or run
exiftool -G1 -GPS:* cleaned.jpg. The expected output is empty: noGPS Infodirectory, noGPSPositionline. - On macOS, open the cleaned file in Preview and press ⌘I. The GPS tab should be gone from the Inspector.
If anything still shows up, that is a bug and we want to know — email and the case gets prioritised. We test against JPEG from Camera, HEIC from iPhone, PNG screenshots, and WebP from Android share-sheet exports on every release.
Honest Limits — What Removing GPS Doesn't Fix
Three things stripping the GPS block does not do:
It doesn't undo what's already been shared. If you posted a photo last month with GPS intact and someone downloaded it, the original-with-coordinates is in their possession. Stripping the file on your phone today only affects future shares.
It doesn't remove location signals outside the file. A recognisable building, a unique tree, a specific intersection — these are visible signals any reverse-image search or human eye can extract. Removing EXIF GPS removes the machine-readable coordinates; it doesn't remove the image content that points to a location. Bellingcat-style OSINT investigations work mostly off image content, not metadata. If your goal is to share a photo of "somewhere" without revealing where, you have to think about what's in the frame as well as what's in the EXIF block.
It doesn't strip your phone's next photo. The Camera app keeps writing GPS to every new file as long as its location permission is granted. Stripping is per-file. To change the default, revoke the Camera app's location permission in Settings → Privacy & Security → Location Services → Camera. Stripping is cleanup; revoking is prevention.
FAQ
Does removing GPS data change how the photo looks?
No. The pixels are byte-identical before and after. The strip removes a structured directory next to the pixel data, not the pixels themselves. Image quality, dimensions, colour profile, and orientation are preserved.
Will the cleaned photo still upload to Instagram, Reddit, Twitter, and the rest?
Yes. Every major platform handles JPEG, HEIC, PNG, and WebP regardless of whether they carry EXIF. The cleaned photo behaves like any other at upload — just a few KB smaller.
What about HEIC photos from iPhone?
Same workflow. HEIC stores EXIF in a slightly different box structure than JPEG, but the GPS IFD lives in the same logical place. The tool walks the HEIF box tree, finds the EXIF item, deletes the GPS subdirectory, and rewrites box lengths so the file still parses.
Can I do this from my phone, or do I need a computer?
From your phone. The tool is browser-only and works on mobile Safari, Chrome on Android, and Firefox mobile. Drag-and-drop becomes tap-to-pick; the download lands in Files or Photos depending on browser.
Does Apple's "Remove Location" toggle in the share sheet do the same thing?
Partially. iOS has had a "Remove Location" option in the share sheet since iOS 13. It strips the top-level GPS block — but it doesn't always strip the embedded thumbnail's GPS copy, doesn't touch GPSDateStamp and GPSTimeStamp consistently across iOS versions, and doesn't remove the device serial. It's better than nothing. The browser-only strip is more thorough and works on Android too.
Does stripping GPS get me out of EXIF entirely?
No. EXIF has many other IFDs: the main 0th IFD (camera make, model, orientation), the Exif IFD (capture time, exposure, lens), the Interoperability IFD, the Thumbnail IFD. Stripping the GPS IFD removes location and leaves the rest. To remove everything — device fingerprinting, capture timestamp, edit history — use the full clean on the same tool.
Is removing GPS legal?
Yes. The IPTC, which maintains many of the photo-metadata standards, has public guidance framing metadata as something publishers control, not something baked permanently into the file. The right exists; the tool just lowers the friction to exercising it.
If you've posted photos before reading this, strip the local copies so future shares are clean. Try Metadata Cleaner free — drop a photo, hit Clean, done. The pixels are yours; the coordinates don't have to be.