I guess this is a huge flaw in iOS .. like currently it's happening for PokemonGo currently the normal users are able to spoof device location to a desired one in non-jailbroken devices .. any idea or workaround to detect location simulation by Xcode ?
Asked
Active
Viewed 1,451 times
3 Answers
2
Using GPX location spoofing returns -1 for heading and speed - If your are looking for ways to detect spoofing, if the CLLocationManager is providing Lat,Lngs that are moving, but you're not receiving speed or heading, then the likelihood is the location is being spoofed.
William George
- 6,735
- 3
- 31
- 39
-
That's right . I've been implementing the detection process upon this particular characteristic. – mustafa96m Dec 02 '16 at 05:25
-
Glad you got to the same solution. – William George Dec 02 '16 at 15:30
-
Be careful with this assumption, as the accuracy changes, the position may as well, without your phone moving. While the course and speed remained -1 in my case (the phone was laying on the desk). Furthermore, `verticalAccuracy` seems to always returns -5, `horizontalAccuracy` returns 5, `altitude` returns 0. My guess is a combination of these factors would give you a reasonable probability the location should not be trusted. – Kevin R Jun 09 '17 at 09:51
1
How about using other sets of data to detect GPS spoofing? Google includes it since 2007. As an app developer, you could use the phone's internal inertia or orientation tracker data to check your GPS location's plausibility. The built-in compass may also prove useful. Using the phone's internal sensors only won't detect all cases, for example, if they are also spoofed consistently to the GPS signal, but it increases the effort one needs to invest to fool an app successfully. External sources, such as wifi-hotspot locations, would be even better but I think this is pretty much effort on the app developer's side, given that such data needs to be obtained and verified regularly by the application.
Kento Asashima
- 312
- 1
- 9
1
An extension on Kento's answer:
If, using accelerometer information, the phone appears to not be moving, request the user shake the device. You can keep a record of how it was shaken, and check if the previous shake was TOO similar. You would have to trial and error what the threshold would be, but I imagine it would be difficult to simulate several different shaking maneuvers.
Relequestual
- 11,631
- 6
- 47
- 83
-
That's a good example for random input. I remember, back in the early 90s, when online-banking applications asked the user to wiggle his mouse for some seconds to generate random data. Another source of random/authentication data may be background noise sampled from the microphone. – Kento Asashima Aug 17 '16 at 13:33
-
1I would bet that this is partly how the google check box "I'm a human" box works. – Relequestual Aug 17 '16 at 14:43