How-To14 min read3,418 words

What Metadata Your Dating App Photos Reveal (And How to Strip It)

Anika Desai — Digital Privacy Researcher & Tech Journalist

By Anika Desai

Digital Privacy Researcher & Tech Journalist · M.Sc. Cybersecurity, Georgia Tech

When I started analyzing photo metadata for a privacy research project two years ago, I made a small experiment. I asked twelve friends to send me three photos each from their phones — the kind they might use on a dating app. I didn't tell them what I was looking for. I just said "any three recent photos of yourself."

Within thirty minutes, using freely available EXIF reading tools, I could tell you the home addresses of nine of those twelve people. I could see the office building one of them worked at. I could trace one friend's morning gym routine across three different days. I could identify the phone model, camera settings, and exact GPS coordinates of where each photo was taken — sometimes accurate to within five meters.

None of those friends knew their photos contained that information. None of them knew that uploading those same photos to a dating app would expose that data to anyone who downloaded or saved a copy. And none of them had any idea that this is one of the most well-documented, easily exploited privacy risks in online dating today.

This piece is the technical and practical guide I wish I'd had then. We'll cover what EXIF metadata actually is, what your photos are revealing, what platforms do (and don't) strip when you upload, and how to strip it yourself before any photo leaves your device.

What Is EXIF Metadata?

EXIF stands for Exchangeable Image File Format. It's a standard for embedding information into image files — primarily JPEG, but also TIFF, HEIC, and others. Every modern smartphone camera writes EXIF data into every photo it captures, by default, without asking you.

Think of EXIF as the photo's hidden biography. It's invisible when you view the image normally, but it's right there inside the file, readable by anyone with the right tool.

A typical EXIF block on a smartphone photo includes:

  • Camera make and model (Apple iPhone 15 Pro, Samsung Galaxy S24, etc.)
  • Lens information (focal length, aperture, f-stop)
  • Exposure settings (shutter speed, ISO, white balance)
  • Date and time the photo was taken (down to the second, with timezone)
  • GPS coordinates (latitude, longitude, altitude — often accurate to within meters)
  • GPS direction (which way the camera was facing)
  • Software used to edit the photo (if any)
  • Device serial number (sometimes)
  • Owner name (if set in camera settings)
  • Copyright information (if set)
  • Image dimensions and color profile

The pieces I want you to focus on are GPS coordinates, date/time, camera model, and software. Those are the four that matter most for privacy.

What Your Dating App Photo Can Actually Reveal

Let me be specific about what EXIF metadata can expose, with real examples.

Your home address

If you've ever taken a selfie at home with location services enabled, your home address is embedded in that photo's EXIF data. Anyone who downloads that photo can plug those coordinates into Google Maps and see your front door.

This isn't theoretical. In a documented 2012 case, John McAfee's location was revealed to Vice Magazine reporters when they published a photo of him without realizing its EXIF data contained GPS coordinates. McAfee had been hiding from authorities. The photo's metadata exposed him within hours.

Multiple analyses by security researchers and consumer publications including Consumer Reports have shown that single photos can give away home addresses, and clusters of photos can map out daily routines, workplaces, and frequently visited locations.

Your daily routine

A handful of photos from different days, geolocated, paint a map of your life. Morning gym at coordinates A. Lunch at a cafe at coordinates B. Evening dog walk at coordinates C. Home at coordinates D, by 9 PM most nights.

If a stalker, ex-partner, or bad actor gets access to even a small set of your photos, they can build a behavioral profile of you that would have required weeks of physical surveillance to gather a decade ago. EXIF makes it instant and remote.

Your workplace

Photos taken at your office during work hours pin your workplace location. This is especially dangerous for people in sensitive professions — journalists, doctors at certain clinics, activists, judges, or anyone whose work creates personal security concerns.

Your device and identity correlation

Camera serial numbers in EXIF data are unique to your specific device. If you upload a photo to a dating app and a different photo somewhere else (a public Instagram, a Facebook group, a forum), and both photos contain the same device serial number in their EXIF, you've just created a verifiable link between your "anonymous" dating profile and your public identity.

This is one of the most underappreciated identity risks in online dating. The phone makes the link for you, automatically, without your awareness.

Your photo timeline

EXIF date/time data shows exactly when each photo was taken. If you uploaded three photos to a dating profile and they were taken within the same hour at the same location, that's information about your patterns. A profile picture from "last summer" that was actually taken three years ago tells someone you might be presenting an outdated version of yourself.

"EXIF metadata is one of the oldest known privacy leak vectors in digital media, and it remains one of the most under-addressed by user-facing applications. Most people have no awareness that their photos are carrying this information, and most platforms don't make their stripping behavior transparent to users." — Eva Galperin, Director of Cybersecurity, Electronic Frontier Foundation (EFF)

A Few Numbers to Anchor This

  • Up to 95% of smartphones capture EXIF GPS data by default unless location services have been explicitly disabled for the camera (analysis of default device settings, Mozilla Privacy Not Included methodology, 2022).
  • A 2023 academic study of dating app data practices analyzed by Mozilla's Privacy Not Included project found that several major dating apps did not consistently strip all EXIF data on upload, leaving photos vulnerable to extraction by other users in some cases (Mozilla Privacy Not Included dating app review).
  • The Indian Computer Emergency Response Team (CERT-In) has issued multiple advisories warning users about EXIF metadata as a vector for personal information disclosure on social platforms (CERT-In advisories, 2021-2023).
  • In a 2023 Consumer Reports investigation, researchers found that dozens of popular apps still leak GPS coordinates in shared photos, despite years of public awareness about the issue.
  • The DPDPA 2023 in India places obligations on data fiduciaries (including dating apps) to implement reasonable safeguards for personal data, which arguably includes metadata in user-uploaded content — though enforcement on this specific issue is nascent.
  • A 2022 analysis of 30 dating apps by privacy researchers found that 8 of them retained at least some EXIF data in publicly viewable user photos, though most have improved since.

The takeaway here isn't that dating apps are uniformly negligent — many do strip metadata — it's that you cannot rely on platform behavior to protect you. The only reliable protection is stripping metadata yourself, before any photo leaves your device.

What Dating Apps Do (And Don't) Do

Here's the inconvenient truth about platform metadata handling.

Some major dating apps strip EXIF data on upload. Some strip GPS but leave other metadata. Some compress photos in a way that incidentally removes EXIF. Some have changed their behavior multiple times across versions. Some claim to strip but have been found to leak in specific edge cases (image comments, embedded thumbnails, etc.).

Anonymous and privacy-first dating apps like ours at Hidnn are designed to strip all EXIF metadata server-side as part of our privacy-by-design approach. Photos uploaded to Hidnn have GPS, device identifiers, timestamps, and other personal metadata removed before they're stored. But even on a privacy-first platform, the safest practice is to strip metadata yourself, locally, before upload — that way the data never crosses any network at all.

The problem with relying on platforms is:

  • They change their behavior in updates, often without notice
  • Edge cases (re-uploads, sharing to other users, screenshots) may bypass stripping
  • Some platforms strip viewable EXIF but cache the original
  • Cross-platform sharing (uploading to one app, then reposting to another) can re-expose data
  • You have no way to verify what was stripped without testing

Your metadata is your responsibility. Treat it that way.

How to See What's in Your Photos

Before you strip anything, see what's actually there. You'll be more motivated to fix it once you've seen your own data.

On iPhone

  • Open Photos
  • Tap a photo, then tap the (i) info button
  • You'll see location, camera, and date information shown openly
  • For the full EXIF dump, use the Shortcuts app or a free app like Metapho or Photo Investigator

On Android

  • Open the Files app or Google Photos
  • Long-press a photo and select Details
  • Most Android galleries show GPS, camera, and time
  • For full EXIF, install Photo Exif Editor or similar from the Play Store

On Desktop (Mac)

  • Right-click the photo, choose Get Info
  • For full EXIF, use Preview > Tools > Show Inspector, then click the (i) tab
  • Or use a command-line tool like exiftool (free, comprehensive)

On Desktop (Windows)

  • Right-click the photo, choose Properties, then the Details tab
  • For full EXIF, use exiftool command-line tool, or ExifTool GUI

Online tools

Several free websites let you upload a photo and see all its EXIF data. Examples include exifdata.com, metapicz.com, and verexif.com. Important — only use these for testing your own photos, ideally test photos you don't mind exposing temporarily, and verify the site doesn't store uploads.

Once you see the actual contents — your home coordinates, your timestamps, your device fingerprint — the urgency of stripping becomes obvious.

Do This Now: Strip EXIF Before Upload

Here's the practical part. Three approaches, ranked by effectiveness.

Approach 1: Disable location services on your camera (best)

This is the prevention approach — you stop the metadata from being recorded in the first place.

On iPhone:

  1. Go to Settings → Privacy & Security → Location Services
  2. Scroll to Camera
  3. Set to "Never"

Now no future photos taken with the camera app will have GPS coordinates embedded. Existing photos are unchanged.

On Android (varies by manufacturer):

  1. Open the Camera app
  2. Open camera settings (gear icon)
  3. Find "Location tags" or "Geotagging" and toggle off

The exact menu varies between Samsung, Pixel, OnePlus, Xiaomi, etc., but every modern Android camera has this setting somewhere.

This approach has one limitation — it only affects camera-taken photos. Photos you take with other apps (Instagram in-app camera, Snapchat, third-party camera apps) may still embed location depending on the app's permissions.

Approach 2: Strip EXIF on existing photos before upload

For photos you already have, you need to remove metadata after the fact.

On iPhone:

  • Use the Shortcuts app — there's a built-in "Remove EXIF Metadata" action you can run on any photo
  • Or use Metapho, Photo Investigator, or MetaWipe Pro Privacy from the App Store

On Android:

  • Use Photo Exif Editor, Scrambled Exif, or EZ Unexif Free from the Play Store
  • Most file managers (like Files by Google) have a "Remove location" option in the share menu

On Mac:

  • Use Preview's Inspector to remove location information
  • Or use exiftool command line: exiftool -all= photo.jpg

On Windows:

  • Right-click the photo → Properties → Details → "Remove Properties and Personal Information"
  • Or use exiftool command line

Approach 3: Take a screenshot of the photo (quick fallback)

Here's a trick that works in a pinch. Open the photo full-screen on your phone, take a screenshot, and use the screenshot instead of the original. Screenshots typically don't contain the same EXIF data as the original camera photo — they only have device-related metadata of the screenshot itself (which is much less revealing).

This approach loses some image quality, but it's instant and requires no apps or tools. Useful when you don't have time to install something.

"The best privacy practice for any image you intend to share publicly is to never let the original file leave your device. Strip metadata locally, verify the stripped version, then share. Treat your photo metadata with the same care you'd treat your passwords." — Bruce Schneier, security technologist and author of Data and Goliath

A Verification Step Most People Skip

After you strip EXIF, verify that it actually worked. Don't trust the tool — verify it.

Open the stripped photo in your EXIF viewer (Metapho, Photo Investigator, or an online tool). Confirm that GPS coordinates are blank, camera model is removed (or generic), and timestamps don't reveal personal information.

Why this matters — some tools strip "visible" EXIF but leave embedded thumbnails (which may have their own EXIF data) or XMP sidecar information untouched. A verified strip means you've actually checked the result, not just trusted the button.

For high-stakes situations (you're a public figure, journalist, or in any threat model), use exiftool with specific commands:

exiftool -all= -tagsFromFile @ -ColorSpaceTags -overwrite_original photo.jpg

This strips all metadata while preserving the color profile, which keeps the image looking right. After running it, check with:

exiftool photo.jpg

You should see only basic file information, no GPS, no camera model, no software fingerprint.

What About Selfies?

Selfies are a particular concern because they're taken in private spaces — your home, your bathroom, your bedroom — that you absolutely don't want geotagged.

Same rules apply. Disable location services for the camera. Strip EXIF before upload. Verify the strip.

One more selfie-specific tip — be aware of what's visible in the background. EXIF strips the metadata, but it doesn't remove the visual information. A reflection in a mirror might show your full bedroom layout. A window view might show your apartment building number. A package on a table might have a label visible. Look at every photo as if you were a stranger trying to identify where it was taken.

The Cross-Posting Problem

Here's a less-known issue. Even if you strip EXIF before uploading to one platform, you can re-introduce metadata risks through cross-posting.

Common scenarios:

  • Saving a photo from Instagram and uploading to a dating app — Instagram strips most EXIF on upload, but if you saved an original from somewhere else and posted to Instagram, then re-saved from Instagram and reuploaded elsewhere, the platforms involved each have their own behavior and you've lost track of what's been stripped where.
  • Sending photos via WhatsApp — WhatsApp generally strips EXIF for images sent through chat (with some compression), but file transfers preserve EXIF. Be careful which method you use.
  • Cloud storage links — Sharing a photo from Google Drive or iCloud preserves all original metadata, regardless of what platforms in between do.
  • Original camera roll backups — Even if you've stripped your "shareable" copies, the originals in your camera roll, iCloud Photos, or Google Photos still have full metadata — and a cloud breach could expose them.

The cleanest approach is to maintain a separate "stripped" folder for photos you intend to share publicly, and keep originals private and encrypted.

Beyond EXIF: Other Photo-Based Privacy Risks

While we're on the topic, EXIF isn't the only way photos can leak your identity. A complete photo privacy practice also addresses:

Reverse image search

Anyone with your dating app photo can drop it into Google Images, TinEye, or Yandex (which is particularly aggressive at face matching) and find every other place that photo or your face appears online. If you're using the same photo on LinkedIn that you're using on a dating app, those two profiles are now linked.

Mitigations:

  • Use unique photos for your dating profiles, never repurposed from public profiles
  • Crop and lightly edit photos to reduce reverse-search match accuracy
  • Be aware that Yandex and PimEyes can match faces across very different photos, not just identical ones

Visual landmarks

A photo of you in front of a recognizable landmark — even a small one like a specific cafe or apartment building — is a location pin without needing EXIF. Be aware of background context.

Mirror reflections, screen reflections, eye reflections

Reflections can reveal what's behind the camera. Researchers have famously identified locations from reflections in subjects' eyes. For most users this is overkill, but for high-threat situations, it matters.

Time correlations

If you upload a "new" photo of yourself to a dating app at the same time as you post to Instagram, anyone watching both feeds can correlate the timestamps and link your accounts. Be aware of timing patterns.

A Privacy-First Mindset for Dating App Photos

Here's the framework I use, and recommend to anyone serious about privacy.

1. Treat every photo as public

Once a photo leaves your device, assume it can be downloaded, screenshotted, reverse-searched, and analyzed. This isn't paranoia — it's accurate threat modeling.

2. Use unique photos for unique contexts

Don't reuse your LinkedIn photo on your dating profile. Don't use your Instagram photos on apps. Each context should have photos that exist only in that context.

3. Strip and verify, every time

Make EXIF stripping a non-negotiable step in your photo upload process. Add it to your routine like brushing your teeth.

4. Audit periodically

Every few months, look at your existing dating app photos and check what metadata they contain. Re-strip if needed. Delete and re-upload anything questionable.

5. Use platforms that have privacy by design

Choose platforms that default to privacy protection rather than ones where you have to fight the defaults. Privacy-first dating apps like Hidnn are built around the principle that your data should not leave your device unless absolutely necessary, and what does leave should be minimized and protected.

What Won't Make You Invisible

I want to set realistic expectations. Stripping EXIF data from your dating app photos significantly reduces your privacy exposure, but it doesn't make you invisible.

  • Your face is still your face. Reverse image search can still link photos.
  • Your patterns are still visible. When you swipe, when you message, what time you're online — all of this is data the platform can observe.
  • Other users can still screenshot. Anyone you match with can save your photos and do their own analysis.
  • Backend metadata still exists. The platform itself sees your IP address, device fingerprint, and account history, regardless of what you strip from the photo file.

EXIF stripping is one layer of a much larger privacy practice. It's an essential layer. It's not the only one.

Frequently Asked Questions

Do major dating apps strip EXIF data on upload? Most do, but with inconsistent behavior across versions and platforms. Independent testing has found that some apps strip GPS but leave other metadata, and edge cases like re-shares or downloads can re-expose data. Don't rely on platform behavior — strip metadata yourself before upload.

Will stripping EXIF data degrade my photo quality? No. EXIF metadata is separate from the actual image data. Stripping metadata removes the hidden info but keeps the image pixels exactly the same. Your photo will look identical to the original.

What's the most important EXIF field to remove? GPS coordinates. They're the most directly exploitable for personal safety. Camera serial numbers and timestamps are second priority, especially if you're worried about cross-platform identity correlation.

Does taking a screenshot of a photo remove all metadata? Mostly yes. Screenshots create a new image file with screenshot-specific metadata (your device, time of screenshot) but typically don't carry the original photo's GPS or camera details. It's a quick fallback when you don't have a stripping tool. The downside is image quality loss.

Should I disable location services entirely on my phone? Not necessary. Just disable location for the Camera app specifically. Other apps that genuinely need location (Maps, Uber, weather) can keep it enabled. The goal is to stop location data from being embedded in photos by default.

Final Thoughts

Your photos contain more about you than you ever intended to share. The fix is simple, it's free, and it takes about thirty seconds per photo once you set up the workflow. Do it for every photo you upload to any public platform — dating apps, social media, forums, anywhere.

Privacy isn't about being secretive. It's about controlling which parts of yourself you share, with whom, and on what timeline. Stripping EXIF is one small but essential way to take back that control.

Your identity, your rules. Strip the metadata before you press upload — and never press upload until you have.

Share this article

Back to all posts