EXIF data is written into the header of the JPG so it is obvious that anything that can access the file is going to be able to read the metadata. If I encountered a camera or slideshow app that *couldn't* parse that information I would probably report it as a bug. If the OS interdicts the file read operation to block metadata, how are you supposed to back anything up?
This "security flaw" is equivalent to complaining that an app which can view your photos might apply facial recognition and determine that the girl you've got your arm around isn't your wife (<cough>FarceBorg</cough>) or that the date stamp of you snorkelling in Bali corresponds with your recent "sick leave".
In other phone privacy related non-news: Truecaller may display the identity of your favourite intimate massage therapists even if you added them to your contacts list as "emergency plumbers".