Reputation: 3644
Protecting your Android app against mock locations
I'm designing a location-based service where reliability plays a role. I wish my users to know that the provided location of other users is real.
I researched mock locations a bit, and noticed in this thread the app LocationSpoofer. I don't have a rooted phone currently, but it states that when rooted it can mock locations even without the setting.
Is there any known way to protect against that? I could use some simple heuristic to verify that the user didn't travel from France to Hawaii in 30 minutes, but I would rather have complete protection.
Thanks ahead!
Upvotes: 1
Views: 742
Answers (2)
Reputation: 61
From a security point of view you should assume that any data coming from a client-side validation process cannot be trusted. The data could be intentially, or unintentionally, modified and that is out of your direct control.
If you want to protect against location spoofing then I would recommend server side checks.
Upvotes: 0
Reputation: 5335
Instead of a long comment:
"reliability plays a role"
As long as your provide reliable output for "reliable" input i think you will be OK without having to handle 'spoofed' or fake input. In case you have data stored in persistent storage you could handle cases for 'suspicious' data.
That is define and apply scenarios on your data to identify cases like "the user traveled from France to Hawaii in 30 minutes", and handle such cases in an appropriate way. Or you could even reject data that are not realistic.
Upvotes: 1
Related Questions
- How to check for Mock Location in Android Marshmallow?
- Best way of setting mocklocaiton on Android
- How to check displaying mock location in android? [without using location]
- Android geofence with mock location provider
- How to implement mock location?
- mock location for testing geofence apps
- which is best application to set the Mock location in android
- Mock Location in Android 4.2
- Mock Location data in android
- mock location in android