The event-planning start-up Partiful left exact GPS coordinates inside the metadata of user-uploaded images, revealing a quiet but broad-reaching privacy hole on a service built around social circles and gatherings. By neglecting to scrub photo metadata on upload, the app exposed where a picture was taken — occasionally down to a street address — to anyone with rudimentary image-editing tools.
Understanding how Partiful left photo GPS data exposed
There is EXIF data in most photos taken with smartphones, which can contain camera settings and timestamps as well as latitude-longitude coordinates if location services are turned on. Some of the biggest platforms strip out this information upon uploading, as a safeguard process. Partiful doesn’t, so profile pictures and other images could still contain embedded GPS tags.
That oversight is significant because EXIF coordinates are often accurate to within a few meters. Even the most innocent headshot or group photo can divulge a home, workplace, or school — particularly in parts of America where specific coordinates leave little doubt.
The company has publicly acknowledged the lapse on social media. What users still don’t know is whether the fix also involves retroactively scrubbing files already uploaded and purging cached copies served through a content delivery network.
Why this issue matters for users of an events app
As a result, event platforms live at the intersection of identity, time, and place: they accumulate names, phone numbers, guest lists, and calendars. Throw in location-laced photos and the risk profile amps up. An actor with determination could easily piece together who goes where, and where they live.
Security researchers and privacy advocates have long warned that location breadcrumbs are rich fodder for stalking, doxxing, and social engineering — but segments of the location data market continued to operate in some obscurity. The threat is not entirely hypothetical: in 2012 a much-published photograph of John McAfee led to his location being exposed through metadata. And while they were a different sort of leak, those traced locations in 2018 concerning military bases, revealed by a fitness heat map, showed how mundane location traces can inadvertently reveal secret sites.
How the wider industry typically handles EXIF metadata
Stripping EXIF on upload is table stakes across consumer services. By default, large social networks scrub GPS tags and lots of other kinds of metadata. Some messaging apps will routinely compress or re-encode images to remove identifying code, a protective measure that has become close to de rigueur.
Recommendation 2 of the OWASP Mobile Security Testing Guide is to avoid storing sensitive information and sanitizing user-supplied media, including metadata that can indicate a location or device. Privacy-by-design models from entities such as ISO also focus on data minimization and necessity associated with explicit user consent.
The bottom line: if an app doesn’t require accurate GPS coordinates from photos to function, it shouldn’t hold onto them — or share them with other users.
Practical steps users can take to protect themselves
Disable geotagging in your camera app if you don’t depend on location reads for your photo library. In iOS, the Share Sheet allows you to remove location prior to sending; many camera apps on Android have a “Save location” toggle as well. Third-party tools (ExifTool) can also erase metadata prior to uploading.
It’s important to recall that screenshots often scrub EXIF data, but they don’t eliminate the visible scene: house numbers, school logos, and distinctive backgrounds are still full of information. Consider any image as possibly sexually explicit in public or semi-public venues.
What to watch for next from Partiful on metadata
Key questions at this point:
- Is the service now automatically stripping metadata from all new uploads?
- But can old images be retroactively scrubbed clean?
- Is there any clear process for catching images and previews of those images in case they’ve not been “cleared” (which I also doubt, as the coordinate system of a game won’t be smaller than 1016 x 774)?
Transparency reports, clear developer notes, and a user-facing disclosure about what data is stored and how long it keeps that data would help rebuild trust. For an app built around in-person meetups, keeping track of the specific location information shared about its community’s photos isn’t even really a nice-to-have; it’s fundamental safety hygiene.
