Does Signal Remove EXIF Data? Not Always — Here's the Truth

The Privacy App That Had a Gap

Signal occupies a unique position in the privacy landscape. It's not just an app — it's a statement. Journalists protecting sources, activists communicating under surveillance, privacy advocates who've thought hard about operational security: these are Signal's core users. The app's reputation for security is so strong that recommending anything else for sensitive communications has felt almost professionally negligent for years.

So when GitHub issues started surfacing in 2017 documenting that Signal for iOS was not stripping EXIF data from photos before sending them — including precise GPS coordinates — it mattered more than the same bug would have mattered on any other platform. The people most likely to be sending sensitive photos on Signal are exactly the people for whom GPS metadata exposure carries the most serious consequences.

The bug was documented. It was discussed. It was fixed — and then a version of it appeared to resurface in later reports. Understanding that history is more useful than a simple yes/no answer.

What Signal Strips Today

In current versions of Signal (as of 2026), photos sent through the standard messaging flow have the following metadata removed before transmission:

• GPS coordinates — latitude, longitude, altitude, and direction fields are removed
• Camera make and model — the device that took the photo is not identifiable from the received file
• Capture timestamp — the EXIF date/time fields are stripped or zeroed
• Lens and settings data — aperture, ISO, focal length, and shutter speed are removed
• Software version — the camera app or OS version embedded in MakerNotes is stripped
• MakerNotes — manufacturer-specific data blocks, which can contain device identifiers, are removed

Signal confirmed this behavior publicly — their official account stated "EXIF data is automatically removed" in response to a direct question on X (formerly Twitter) in 2020. This aligns with what independent testing in 2025 and 2026 has confirmed for the standard photo-send flow across all platforms.

iOS vs Android vs Desktop: The Differences That Mattered

The EXIF handling story on Signal isn't the same across platforms, and historically the differences have been significant.

Signal on Android

Signal's Android implementation has generally been more consistent about metadata stripping. The Android GitHub repository (Signal-Android Issue #7862) confirmed EXIF removal as an intentional feature. Testing across multiple Android versions in 2025 and 2026 shows consistent GPS stripping through the photo-send path. Android users share photos from the gallery or in-app camera — both paths apply metadata stripping before transmission.

Signal on iOS

iOS is where the documented problems lived. The iOS-specific issues — filed in 2017 and again with related reports in 2022 — indicated that certain send paths on iOS did not consistently strip EXIF before transmission. The exact conditions were hard to reproduce reliably, which is part of why the issue was difficult to definitively close. iOS handles media access differently from Android at the OS level, and this architectural difference appears to have contributed to inconsistent stripping behavior in earlier versions.

Current iOS builds of Signal strip EXIF consistently in tested scenarios. But the pattern of this bug surfacing, being addressed, and then appearing again in later versions makes iOS the platform to watch most carefully — particularly for users who update Signal infrequently.

Signal Desktop

Signal Desktop (Windows, macOS, Linux) handles photo sharing through a different flow than mobile. When you drag an image into a Signal Desktop chat or use the attachment button to share a photo, the behavior depends on how Signal Desktop classifies the attachment. A GitHub issue (Signal-Desktop Issue #4445) requested an option to send images with metadata preserved — which implies the default behavior on Desktop is also to strip it. Testing in 2025 confirms that standard image sends through Signal Desktop strip EXIF metadata. The risk on Desktop comes from the same place it comes on mobile: the file attachment path.

The File Attachment Gap That Still Exists

Here's the edge case that still trips people up in 2026, and it's the same one that catches users on Telegram and WhatsApp.

Signal gives you two ways to share an image. The first is through the photo picker — tap the attachment icon, select from your gallery, and Signal sends it through its media pipeline. That pipeline strips metadata. The second is sending the image as a generic file attachment — the way you'd send a PDF or a document. When you use this path, Signal transmits the original file without modification.

Why does this matter? Because sending images as files is something people do deliberately, for a good reason: they want to preserve quality. Signal's photo mode compresses images for efficient transmission. A high-resolution photo shot on a recent iPhone or Android flagship will get resized. If you're a photographer sharing proof images, a journalist sending a document-quality photo, or just someone who doesn't want their photo compressed — you might reach for the file attachment option without realizing you've bypassed the metadata stripping pipeline.

That file arrives at the other end exactly as it left your device. GPS coordinates, camera model, timestamps, all of it. The end-to-end encryption that Signal is famous for protects the file from interception in transit — but the recipient decrypts a complete, unmodified copy of the original, including every EXIF field.

Signal vs Other Messengers: Where It Stands

Signal's approach to metadata is genuinely more privacy-conscious than most alternatives — but it's not quite the absolute guarantee the app's reputation might suggest.

In the standard photo-send flow, Signal is the strongest option. Unlike WhatsApp, whose compression-based stripping is inconsistent, Signal applies an explicit metadata removal step independent of compression. Unlike iMessage, which has its own iOS-specific quirks, Signal's Android and Desktop implementations have been largely reliable. The gap between Signal and everything else closes significantly on the file attachment path, where Signal behaves the same as Telegram and WhatsApp — the original file passes through unchanged.

For a full breakdown of how all major platforms compare, our 2026 social media metadata comparison covers each platform with consistent methodology.

Why Pre-Stripping Still Makes Sense Even on Signal

Given that Signal does a genuinely good job stripping EXIF in the standard photo flow, is there still a reason to strip metadata before sending? There are a few.

First, the file attachment path. If you ever send images as files on Signal — to preserve quality, to share raw files, to forward something you received — those files carry their full metadata. Building a habit of stripping before sending means you don't have to track which send mode you're using each time.

Second, the iOS bug history. If you're a Signal user who doesn't update apps frequently, there's a non-zero chance you're running a version with known metadata handling issues. EXIF behavior is not something Signal announces in release notes — you'd only know there was a fix if you were watching the GitHub issues. Pre-stripping removes the dependency on whatever version you're running.

Third, what Signal retains server-side is not the same as what the recipient sees. Signal's architecture means the platform itself doesn't see your message contents. But the metadata stripping happens client-side before transmission — meaning the stripped version is what travels over Signal's servers. This is actually better than some platforms, which strip server-side and may retain originals internally. Still, for users with the highest privacy requirements, client-side pre-stripping is the belt-and-suspenders approach.

How to Verify Signal Stripped Your Photo

You don't have to take Signal's word for it. Verifying whether a received photo still contains EXIF data is straightforward.

On macOS: Open the received photo in Preview → Tools menu → Show Inspector → GPS tab. If there's no GPS tab or it's empty, coordinates were stripped.

On Windows: Right-click the file → Properties → Details tab. Look for GPS Latitude/Longitude entries under the Location section. Missing entries mean stripped data.

On mobile: Third-party apps like Metapho (iOS) or Photo EXIF Editor (Android) will display every EXIF field — or confirm none exist.

Cross-platform: MetaClean's EXIF viewer shows every tag in any image without uploading anything to a server. Drop the received file in, and you'll see exactly what's there — or what isn't.

For anyone who wants to test Signal's current behavior themselves: take a photo with Location Services enabled, note the GPS coordinates that should be embedded, send it to yourself via Signal on a second device (using both photo and file modes), then check the received files. The result will tell you definitively what version of the app is doing.

Who This Actually Matters For

The abstract privacy case for EXIF stripping is clear. But the concrete scenarios where Signal's behavior matters are worth naming.

Journalists and sources. A source sending a photo of a document to a journalist via Signal does so expecting Signal's privacy protections. If that photo was taken in the source's home, office, or any identifying location, GPS coordinates in an unstripped file reveal it. The documentation of Signal's iOS bug is particularly relevant here — exactly the scenario where metadata exposure carries the most serious consequences.

Activists and organizers. Photos shared in Signal group chats go through the same photo pipeline as individual chats — metadata is stripped. But if a group member sends an image as a file to preserve quality, it preserves everything else too.

General users sharing personal photos. Most people using Signal are not journalists or activists — they're people who chose Signal because they heard it's more private. Those users may not think about EXIF at all. A photo shared as a file to a Signal contact who then screenshots, saves, or forwards it carries the original location data through those subsequent shares, outside Signal's control entirely.

Frequently Asked Questions

Does Signal remove EXIF data from photos?

Yes — Signal removes EXIF data, including GPS coordinates, camera model, and timestamps, from photos sent through the standard photo-sharing flow on Android, iOS, and Desktop as of 2026. Signal applies an explicit metadata removal step before transmission, which is more reliable than the compression-based stripping used by apps like Telegram and WhatsApp.

Did Signal have a bug where EXIF data wasn't stripped?

Yes. Signal for iOS had a documented security issue — first reported in April 2017 (GitHub Issue #1984) — where photos sent through Signal included EXIF data with precise GPS coordinates. Related issues were reported again in 2022 (Issue #5429), suggesting the behavior either was not fully resolved or regressed in certain versions. Current Signal iOS builds strip EXIF reliably, but the history of recurrence is worth knowing for users who don't update frequently.

Does Signal strip EXIF when you send a photo as a file?

No. When you send an image as a generic file attachment on Signal — rather than through the photo picker — Signal transmits the original file without modification. All EXIF metadata, including GPS coordinates, device model, and timestamps, is preserved in the file the recipient receives. This is the one consistent gap in Signal's metadata handling across all platforms.

Is Signal better than WhatsApp for photo privacy?

Yes, generally. Signal applies an explicit EXIF stripping step independent of compression, while WhatsApp's stripping is a side-effect of image compression and is inconsistent — particularly with higher-quality send modes where GPS data survives transmission in a meaningful percentage of transfers. Both apps have the same file attachment gap: sending images as documents preserves all metadata on both platforms.

Does Signal keep your photos on its servers?

Signal's architecture is designed so that message content — including photos — is not accessible to Signal's servers due to end-to-end encryption. The stripped version of photos (with metadata already removed client-side) is what travels through Signal's infrastructure. This is a stronger privacy posture than platforms that strip metadata server-side and may retain originals internally, though Signal's specific data retention policies are governed by their privacy policy.

Should I strip EXIF before sending photos on Signal?

For most users, Signal's default stripping is sufficient for standard photo sends. Pre-stripping makes sense if you frequently send images as file attachments (to preserve quality), if you use an older version of Signal that may have unpatched behavior, or if you have high-stakes privacy requirements — like journalism or source protection — where the consequences of metadata exposure are severe. Stripping with a tool like MetaClean before sending takes seconds and removes dependency on Signal's version-specific behavior entirely.