Blog
PrivacyJun 24, 2026·10 min read·By Lars

Which Social Media Platforms Strip Photo Metadata? (2026 Update)

EXIFmetadatasocial mediaprivacymessagingGPS

The question sounds like it should have a simple answer: when you post or send a photo, does the platform remove the hidden metadata, your GPS coordinates, camera model, timestamp, before someone else can get it?

The real answer, as of mid-2026, is that it depends on three things: which platform, which feature within that platform, and which sending mode you use. Some platforms strip metadata from public posts but keep it internally. Some don’t strip anything at all. And several popular apps have a specific mode that preserves 100% of your GPS data while most users assume they’re protected.

Here’s what each major platform and app actually does, based on current testing, and the one rule that makes all of it irrelevant.

TL;DR

Most public social feeds (Instagram, Facebook, X, TikTok, LinkedIn, Reddit, Snapchat, Pinterest) strip GPS and most EXIF from the copy other people can download, but they still ingest your full-metadata original at upload. The genuinely risky channels are the private ones: email, iMessage, WhatsApp’s document mode, Telegram, Slack, cloud-storage links, and AirDrop all send your photo with exact GPS and camera data intact. Signal is the only major app that strips everything and keeps nothing server-side. Because the rules vary by platform, by feature, and by sending mode, and change without notice, the reliable move is to strip the metadata yourself before sharing, so the file is clean everywhere.

The short version

Strips metadata from public/downloadable copies: Instagram, Facebook, X (Twitter), TikTok, LinkedIn, Reddit, Snapchat, Pinterest, all remove GPS and most EXIF from the version other users can see or download, in standard public-posting flows.

Preserves your full metadata (including exact GPS): email attachments (Gmail, Outlook, Apple Mail), iMessage, WhatsApp document mode, Telegram default and file mode, Slack, cloud-storage links (Google Drive, Dropbox, iCloud), AirDrop, most forums and self-hosted sites, and Flickr (which deliberately displays it).

The genuinely safe exception: Signal, strips all metadata and doesn’t retain it server-side.

The pattern: public social feeds are mostly protective. Private sharing, messaging, email, file links, mostly is not. Which is the opposite of what most people assume.

Try MetaStrip; it's free.

Strip metadata from any photo in seconds. No upload, no account.

Open MetaStrip →

Social platforms (public posts)

Instagram runs every uploaded photo through a compression pipeline that removes GPS, camera make/model, and timestamps from the downloadable file. This applies to feed posts, Stories, and Reels on both iOS and Android. If someone saves your post, the file carries no location data. The exception is Direct Messages: testing has found GPS surviving DM transmission when original-quality sharing was used, and camera info appearing more often in DM files than feed posts.

Facebook (also Meta) does the same: GPS, camera details, and original timestamps are removed from what other users can view or download. Copyright fields have survived in some tests, but location data is consistently stripped from the public file.

X (Twitter) strips most EXIF including GPS from photos posted through the official apps and web interface, via recompression on upload. But there’s a real loophole: API-based uploads, which is how scheduling tools like Buffer, Hootsuite, and Sprinklr post, don’t reliably trigger the same stripping. If you schedule posts through a third-party tool, your GPS may be reaching X intact. X’s Data Download export also provides files with original metadata. This is one of the most overlooked exposure risks for professional social media users.

TikTok re-encodes all uploaded content, which strips most container metadata including GPS as a side effect of transcoding. 2026 testing confirmed GPS removed from publicly accessible posts across iOS and Android, including photo-slideshow posts. TikTok’s re-encoding is aggressive enough to strip even things some platforms miss, like QuickTime container metadata in iOS videos. DMs were more variable: higher-quality modes sometimes retained GPS.

LinkedIn re-processes uploaded images and typically strips EXIF as part of its pipeline. Profile photos and post images go through different processing, so behaviour can vary slightly, but the public-facing files are generally cleaned.

Reddit re-encodes images hosted on i.redd.it, stripping EXIF as a side effect. Standard uploads lose GPS and camera data. One historical caveat: a documented vulnerability (HackerOne #1069039) had HEIC photos converted to PNG on upload while retaining GPS through the conversion, a reminder that “strips on upload” can have format-specific edge cases.

Snapchat and Pinterest both strip EXIF from photos shared through their standard flows.

The “saves to your gallery” caveat

One thing worth knowing about the social platforms: a setting on Instagram (and similar on others) saves a copy of the original photo to your device’s gallery before the app processes it for upload. That local copy is your full-metadata original. The platform stripping protects what others download; it doesn’t change what’s sitting in your camera roll, which still carries everything.

Messaging apps (where it gets dangerous)

This is the category that catches people out, because the assumption is that private = safe. It’s often the reverse.

iMessage sends the original photo file with all metadata intact. Every photo sent via iMessage carries the sender’s exact GPS coordinates, camera model, and timestamp. Most people have no idea.

WhatsApp has three send modes that behave completely differently. Photo mode (the default) strips most EXIF including GPS, about 89% fully removed in 2026 testing. Document mode (attach as file) preserves 100% of EXIF including exact GPS, identical to sending the raw file by email. The “best quality”/HD toggle is unreliable, with GPS surviving in roughly 23% of cases. The trap: people switch to document mode precisely for important photos: weddings, events, client sites, which are exactly the images most likely to carry sensitive location data.

Telegram, despite its privacy reputation, does not strip EXIF from photos by default. The recipient can extract GPS, camera model, everything. File/“send as file” mode preserves everything too. You’d have to manually use its editor or settings to strip, which most users never do.

Signal is the one that does it correctly: it strips all metadata before sending and doesn’t retain the original server-side. The data is gone, permanently. If photo privacy is the priority, Signal is the standout. (One caveat from testing: a photo attached in some flows can behave differently from one sent through the normal camera/share path; the normal path is the clean one.)

Slack uploads and serves files as-is, full EXIF retained for anyone in the channel who downloads. Discord is nuanced: pasting/uploading an image inline strips EXIF, but downloading and re-sharing an original preserves it.

Email, cloud, and the open web

Email attachments, Gmail, Outlook, Apple Mail, essentially all of them, send the original file untouched. Every byte of metadata arrives with the recipient. This is the single most common way people accidentally share their home GPS.

Cloud-storage links, Google Drive, Dropbox, iCloud shared links, serve the original file. Share a photo by Drive link and the recipient gets full EXIF including GPS, camera serial numbers, and timestamps.

AirDrop transfers the original with full metadata intact.

Forums and self-hosted sites: most forum software and CMS platforms (WordPress without a stripping plugin) store uploads as-is. Unless the admin configured stripping, your EXIF is downloadable by anyone.

Flickr deliberately preserves and displays EXIF, by design, for photographers, so it’s expected there.

At a glance

Platform / methodStrips GPS from what others get?Notes
Instagram / Facebook (public)YesKept internally; DMs leakier
X / Twitter (app)YesAPI/scheduling-tool uploads may not
TikTokYesAggressive re-encode; DMs variable
LinkedInYesPipeline varies slightly by image type
RedditYesHistoric HEIC-conversion edge case
Snapchat / PinterestYesStandard flows
SignalYes, and not retained server-sideThe gold standard
iMessageNoFull GPS sent
WhatsApp photo modeMostly (~89%)Not guaranteed
WhatsApp document modeNo (100% preserved)The big trap
Telegram (default & file)NoDespite its reputation
SlackNoServed as-is
Email / cloud links / AirDropNoOriginal file, everything intact
Forums / self-hostedUsually noDepends on admin config

Two things even the strippers don’t protect

First: every platform that strips metadata from the public copy still ingests your original at upload. As a frequently-quoted Reddit comment put it, stripping it from the public frontend doesn’t mean they didn’t process and store it first. Instagram, Facebook, and the rest read your full GPS, camera, and timestamp data into their systems, feeding ad targeting and location features, before stripping the downloadable copy. “Instagram strips EXIF” really means “Instagram strips EXIF from the copy other users can download.”

Second: stripping metadata doesn’t make a photo anonymous. Visual content, the post context, your profile, and platform-added tracking identifiers can still tie an image to you, and AI visual-geolocation can increasingly infer where a photo was taken from the pixels alone, with no metadata involved. Metadata removal closes one specific, easily-exploited door; it isn’t a cloak of invisibility.

The one rule that makes all of this moot

You can’t keep track of which platform strips what in which mode, the rules change without notice, and the dangerous cases (email, iMessage, WhatsApp document mode, cloud links) are exactly the ones people use for their most important photos. So the reliable approach is the simple one: strip the metadata yourself, before you share, regardless of where it’s going. A clean file is clean on every platform, in every mode, forever, no need to remember whether this particular app, in this particular sending mode, happens to protect you today.

That’s what MetaStrip does: it removes GPS, camera data, and the rest of the EXIF/metadata footprint entirely in your browser, with the file never leaving your device. Which matters here especially: uploading a photo to a server to remove the location you’re trying to keep private would defeat the point. You can verify zero network activity in your browser’s developer tools, and the source is open on GitHub.

Drop a photo in and check what it’s carrying right now; most people are surprised the first time they see their own home coordinates sitting inside a photo of dinner. Then it’s a clean file you can send anywhere, through any app, in any mode, without having to wonder.

FAQ

Does Instagram remove EXIF and GPS data from photos? Yes, from the copy other users can view or download: Instagram’s upload pipeline strips GPS, camera make/model, and timestamps from feed posts, Stories, and Reels. Two caveats: Direct Messages have leaked GPS in original-quality sharing, and Instagram still reads your full metadata into its own systems at upload before stripping the public copy.

Does WhatsApp remove metadata from photos? It depends on the send mode. Photo mode (the default) strips most EXIF including GPS in about 89% of cases, but document mode, attaching the photo as a file, preserves 100% of the metadata, including exact GPS. Sending an important photo as a document is the most common way people accidentally leak their location on WhatsApp.

Does iMessage strip photo metadata? No. iMessage sends the original file with all metadata intact, so every photo carries the sender’s exact GPS coordinates, camera model, and timestamp. Most people assume private messaging is safe; for metadata, it usually isn’t.

Which messaging app is safest for photo privacy? Signal. It strips all metadata before sending and doesn’t retain the original server-side, so the data is permanently gone. It’s the standout if photo privacy is the priority.

Does emailing a photo remove its metadata? No. Gmail, Outlook, and Apple Mail send the original file untouched, so every field, including home GPS coordinates, arrives with the recipient. This is one of the most common ways people accidentally share their location.

If social platforms strip metadata, do I still need to remove it myself? Yes, for two reasons. The platforms only strip the downloadable copy, not the original they ingest and store, and the riskiest channels, email, iMessage, WhatsApp document mode, cloud links, AirDrop, don’t strip at all. Removing it yourself before sharing means the file is clean on every platform and in every mode.

Try it now

Strip metadata from your files.

Free, no account, no upload, no tracking.

Open MetaStrip →
Lars Holmstrom
Written by
Lars Holmstrom

Lars is a cybersecurity and privacy specialist and the developer of MetaStrip, an open-source, client-side metadata-removal tool.

More from Lars