3

A bit of background info:

  • I am building a geolocation based game for Android
  • The server-side is coded in php
  • Certain in-game actions requires the client application to send the current latitude and longitude to the server

Is there any way to prevent the user from tampering with the location data being sent to the server?

Please let me know if you need more information

Thank you,

EDIT: I understand there will be workaround to any security measure I implement, but how can I make it harder for users to modify the data being communicated to the server

rid
  • 61,078
  • 31
  • 152
  • 193
Ares
  • 1,411
  • 1
  • 19
  • 35

2 Answers2

2

The short answer is no. They will always be able to fiddle their device or application to send you what they want, because they control it.

Jérôme Verstrynge
  • 57,710
  • 92
  • 283
  • 453
1

Well, to some extent. You could consider using public key cryptography to make sure the message sent from your app has not been modified in between. That will prevent people from using a simple proxy to capture the data you're sending. The easiest way to do this is by using SSL.

What JVerstry means is that you would always be able to modify the app or control whatever the device is telling your app about the location. And no, there is no way of getting around that.

Matthijs Bierman
  • 1,720
  • 9
  • 14