The following passive scan rule is included in this add-on:
Passively scans for GPS location and other privacy-related exposures in images during normal security assessments of websites. Image Location and Privacy Scanner (ILS) assists in situations where end users may post profile images and possibly give away their home location, e.g. a dating site or children’s chatroom.
More information on this topic, including a white paper based on a real-world site audit given as a presentation at the New Jersey chapter of the OWASP organization, can be found at https://www.veggiespam.com/ils/ .
This software finds the GPS information inside of Exif tags, IPTC codes, and proprietary camera codes. Then, the Image Location and Privacy Scanner flags the findings in the ZAP Alerts list as an information message. It would be up to the auditor to determine if location exposure is truly a security risk based on context.