1

In PWA, we can get device's current position with W3C geolocation API. It is easy.

  if (!navigator.geolocation) {
    status.textContent = 'Geolocation is not supported by your browser';
  } else {
    status.textContent = 'Locating…';
    navigator.geolocation.getCurrentPosition(success, error);
  }

But, in Android, W3C location API is affected by user's mock location setting. So user easily able to spoof there current position.

Are there any way to prevent mock location setting in PWA?

kochizufan
  • 2,120
  • 2
  • 30
  • 50
  • Hi, I have the same problem with you, have you found any solution? – wahyu Sep 21 '20 at 04:02
  • I have the basic idea to machine learn and determine the difference in behavior between legitimate and fake GPS acquisition data and would like to develop that in the future. However, this activity of mine is not my day job, but a leisure hobby, so I don't have a roadmap for when it will be addressed. – kochizufan Nov 02 '20 at 04:14

3 Answers3

1

check mock location using this condition:

 public static boolean isMockLocation(Location location) {
        return Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR2 && location != null && location.isFromMockProvider();
    }
0

If you are afraid users will spoof their location, Mock location is not their only option. They can use a gps-sdr-sim and HackRF SDR to generate fake GPS signals and transmit them over the air.

1qazxsw2
  • 2,589
  • 4
  • 20
  • 19
  • What I want to know is how to prevent mock location. – kochizufan Aug 17 '20 at 21:43
  • Not to know other similar sneak staffs. – kochizufan Aug 17 '20 at 21:43
  • If you only solve mock locations, you "force" the people who do want to trick you into looking for other ways to spoof. So I think a more general solution is required, which is not trivial, but there are some solutions out there. Search Dr. Google for GPS spoofing detection. – 1qazxsw2 Aug 18 '20 at 07:11
  • You should correctly understand what is being asked. I ’ ve been a pioneer of location games like Pokémon GO in Japan since 2006, and I already have a lot of location spoofing tools like double location, so I know there are lots of ways to spoof GPS. And I know that all location fraud methods are cost-effective, so avoiding low-cost methods is not perfect, but it reduces risk to some extent. Compared to other costly spoofing methods, Mock Location is a nearly no-cost spoofing method, so I just want to know if there's a way to protect it on PWA, a platform that's limited in what it can do. – kochizufan Aug 18 '20 at 07:51
  • If Google can figure out how to prevent GPS spoofing as you say, I'd love to hear about one of those that works in PWA. – kochizufan Aug 18 '20 at 07:51
  • I understand your argument. – 1qazxsw2 Aug 18 '20 at 11:54
-1

I don't have much knowledge of PWA but bellow is the java code which helps you check if is there mock location setting enabled or not.

/**
     * Method for check is location server enabled or not
     * @param context
     * @return
     */
    public static boolean isMockSettingsEnabled(Context context) {
        return !Settings.Secure.getString(context.getContentResolver(),
                Settings.Secure.ALLOW_MOCK_LOCATION).equals("0");
    }
Dhaval Solanki
  • 4,589
  • 1
  • 23
  • 39