iOS Question Detect fake location

[Semen Matusovskiy]

Guys --

How do you struggle with spoofers ?
I understand that there is no 100% protection, but there is a great wish to prevent at least simple download from App Store.

 

[Sandman]

How does spoofing a location relate to preventing a "simple download from App Store"?

 

[Semen Matusovskiy]

User can download mock apps from App Store.
Some apps are described here:

Best 10 Mock Location Apps 2023-Dr.Fone

Use a location spoofer app to enable features unavailable to you due to geographical restrictions. Learn how to mock location on Android and iPhone with this location spoofer apps guide.

drfone.wondershare.com

 

[Sandman]

Sorry, I still don't understand. I'm probably missing some obvious part.

 

[Semen Matusovskiy]

My app needs to be sure that a user was in concrete place.
Previously we thought that our users are not too advanced and did not worry about spoofing. Until we found FakeGPS app (Android) on some phones.

I added some control in Android app. Now I need to do the same in IOS release.

 

[Sandman]

So your question is actually "How do I detect if I got a mock or real location?"

(The part about the simple download from App Store made it difficult for me to parse. )

According to this thread:

iOS detect mock locations

Currently I'm working on an App which geolocation capabilities are its most important feature. Actually we're very concerned about getting GPS values mocked up. I've read a lot of comments regarding

stackoverflow.com

It seems that you simply can't detect with any rock-solid certainty. The user could, for instance, use an external GPS receiver, which obviously could be delivering completely faked positions. The thread even mentions an Android app (long gone from Play Store) that could pretend being a bluetooth GPS and send NMEA data to the iPhone.

On the other hand, they also talk about evaluating the gps data, in their case it seems the mock location have some static data that wouldn't reflect a real location. That's five years old, so things might have changed since then.

Just curious, why is it crucial for your app to know the correct location?

 

[Alex_197]

I have the same problem but users have found another trick that can't be detected at all.
Let say user registered his phone with the system. He went to location, let's say a client apartment. Sent his location to the system. And walked away. Solution - second phone. The first phone is still in client's apartment. To you it looks like everything is correct, you see that user pretends to be in correct location which indeed is is not true.

 

[Semen Matusovskiy]

@Alex_197
In my app users fill a questionnaire and make photoes. For each reply/photo an app stores current location. So I am afraid fake gps apps only.

@Sandman
I saw https://stackoverflow.com/questions/29232427/ios-detect-mock-locations , but to make any assumption from received locations ?!

For Android you can check location.isFromMockProvider and to detect rooted phones using su command. I hope there are methods for IOS also.

 

[Sandman]

assumption from received locations ?!

Check this answer: https://stackoverflow.com/a/39025520

 

[Alex_197]

@Alex_197
In my app users fill a questionnaire and make photoes. For each reply/photo an app stores current location. So I am afraid fake gps apps only.

@Sandman
I saw https://stackoverflow.com/questions/29232427/ios-detect-mock-locations , but to make any assumption from received locations ?!

For Android you can check location.isFromMockProvider and to detect rooted phones using su command. I hope there are methods for IOS also.

So do I but what stops the client from taking these photos and then get a kickback from the user? Nothing.