Tenant Trace

Blog · · 6 min read

Are Phone Photos Enough as Rental Evidence? Metadata, EXIF, and What Actually Holds Up

Phone photos feel like proof until someone challenges them. A technical look at what makes a rental photograph admissible, why EXIF metadata is not enough, and what tamper-evident capture actually changes.

A tenant takes a photo of a stained carpet on move-in day. Twelve months later, the landlord claims the tenant caused the stain. The tenant pulls up the photo. The phone says “October 4, last year.” Case closed?

Not quite. This article is for tenants and landlords who want to understand the actual evidentiary weight of phone photos — and why “I have pictures” is a weaker argument than most people think.

What a photograph actually is

A phone photograph is a JPEG, HEIC, or similar image file. The file contains pixel data and a metadata block called EXIF (Exchangeable Image File Format). EXIF holds:

  • DateTimeOriginal — when the photo was captured.
  • GPS coordinates — if location services were enabled.
  • Make and model of the camera.
  • Exposure settings — aperture, shutter, ISO.
  • Software — the app that processed the file.

EXIF is what most tenants and landlords rely on when they say “the photo has a timestamp.” That timestamp came from the device clock at capture time.

What is wrong with EXIF as proof

EXIF metadata has three weaknesses that opposing counsel will exploit.

It is editable. EXIF can be modified with free tools. ExifTool, a command-line utility, will rewrite any EXIF field in seconds. This is not a hidden capability. It is a one-line command. Any photo presented in court can plausibly have been re-stamped after the fact.

It depends on the device clock. The EXIF timestamp is whatever the phone’s clock said at the moment of capture. If the clock was wrong — manually changed, in airplane mode, drifted from a network sync — the EXIF lies and there is no way to detect it from the file alone.

It is destroyed by sharing. Send a photo via iMessage, WhatsApp, Facebook, or most email clients, and the EXIF block is stripped or modified for privacy. Now the file the recipient has does not contain the original metadata. The “evidence” the landlord has from the tenant’s text message is no longer evidence.

A phone photograph with EXIF is not zero proof, but it is dramatically weaker than it feels. The landlord’s attorney does not need to prove the photo was edited. They only need to argue plausibly that it could have been, and the judge cannot rely on the timestamp.

Chain of custody

Court evidence law has a concept called chain of custody — the documented path of an exhibit from the moment of its creation to its presentation. Strong chain of custody answers: who held the file, who could have modified it, and what proves it was not modified.

A folder of phone photos has weak chain of custody. The tenant held them on a phone for twelve months. The phone was unlocked thousands of times. Many apps have access to photo libraries. There is no way to prove the file presented in court is the file as originally captured.

Strong chain of custody for digital evidence has three properties:

  1. A capture record — exactly when, where, and by whom the file was created.
  2. An integrity record — proof the file has not been modified since capture.
  3. A delivery record — how the file got from capture to presentation.

EXIF gives you a partial capture record and nothing else.

What strengthens a photograph

A few additions transform a phone photo from “weak evidence” to “evidence that survives a challenge.”

Capture-time timestamp anchored to a trusted clock. A timestamp generated by a server, not a phone, removes the device clock from the chain. Even better is a timestamp signed by a service whose logs can be subpoenaed.

GPS pin captured at the same moment. Not the GPS in EXIF — a separate GPS reading captured by the application at the time of capture, recorded alongside the photo.

A cryptographic hash. A SHA-256 hash of the file, computed at capture, that any later edit invalidates. The hash is short — 64 hex characters — and can be written into a separate record (a PDF, a server log, a public ledger) that the photo file cannot retroactively be made to match if it is changed.

A digital signature. A cryptographic signature over the photo and metadata, generated by software that holds a private key the user does not control. Without the private key, no one can produce a valid signature for a forged file.

A public verification mechanism. A URL anyone can paste into a browser to confirm the file matches the original capture record. The court does not have to trust the tenant or the landlord. The court trusts the math.

What a tamper-evident capture tool does

A tamper-evident capture tool combines all of the above into a single workflow. The tenant captures a photo through the tool. At the moment of capture:

  1. The image is hashed.
  2. The capture time is recorded from a trusted source.
  3. The GPS pin is captured.
  4. The metadata block is bound to the image with a signature.
  5. The bundle is sealed into a PDF or container that any later edit invalidates.

The tenant emails the resulting file to the landlord, or shares a verification URL. The landlord pastes the URL into a browser. The page returns one of two answers: this file was captured at this time, at this location, and has not been modified since — or it has been tampered with.

There is nothing left to argue.

Tenant Trace is built around exactly this. Every photo in a Tenant Trace report is bound to a sealed PDF with a public verification page. The verifier is open-source and runs in the browser. Anyone — judge, mediator, opposing counsel — can confirm the file’s integrity in seconds.

Apple’s role

iPhone photos in 2026 carry a few protections out of the box that did not exist five years ago:

  • Live Photos capture a 3-second video around the still, making post-hoc edits more difficult to fabricate.
  • iCloud Photo Library records server-side timestamps when files sync.
  • Photo origin metadata in some recent iOS versions tags the source app.

These help but do not solve the problem. Live Photos can still be edited. iCloud timestamps record sync time, not capture time. The source app tag can be misleading if the file was originally taken in a different app.

The fundamental issue remains: a JPEG on a phone has no inherent integrity. It needs a binding to an external trust anchor.

What this means for tenants and landlords

If you are documenting a rental for evidentiary purposes, treat the photo as the start of the work, not the end. (For the room-by-room shot list, see our move-in checklist; for the full evidence packet structure, see security deposit dispute evidence.)

For tenants:

  • Capture move-in photos through a tool that timestamps and seals them at capture.
  • Send the resulting file to the landlord by email within 48 hours of move-in.
  • Keep the verification URL with your lease records.
  • Repeat at move-out.

For landlords:

  • The same logic applies in reverse. The landlord’s case for damage deductions is stronger when backed by tamper-evident move-in and move-out records than by a folder of phone photos.
  • Insist on a sealed walkthrough record at move-in. Most tenants will be relieved you suggested it.

The long game

Tamper-evident documentation is becoming standard in adjacent industries — insurance claims, supply chain, journalism. Rental documentation is following the same trajectory. In five years, “I have phone photos” will be received the same way “I have a written receipt” was received in 1995. Useful, but not what serious evidence looks like.

If you are using phone photos today, that is fine — they are still better than nothing. But understand the gap. The photo is a starting point. The seal is what makes it proof.

See how Tenant Trace seals photos into verifiable evidence →

About Tenant Trace

Tenant Trace builds tamper-evident rental documentation for tenants and landlords. We study deposit dispute case law, digital evidence standards, and the practical workflow that turns a phone walkthrough into a record that survives mediation. Our reports use cryptographic seals, GPS, capture-time timestamps, and a public verification page anyone can use without trusting either side of a dispute.

See how the app works →

Related guides