[Q] Avoid GPS location spoofing - Android Q&A, Help & Troubleshooting

Hello!
In my application I want to get real coordinates from GPS module so I can post my location to the web. The problem is, I want those coordinates to be true (as much as GPS module alows it). I know there are application which fake GPS location. Is there any way to check if current location was provided from GPS module on my device or was it created by one of GPS spoofing devices?
I know that I could check location from cell towers IDs and check if it's similar to my GPS location, but the problem is I want to get GPS coordinates even in places whitout mobile network access. So is there any known solution to this problem?
Thank you for your help.

Related

Is there a GPS fix for SGS II

Hi all! Is anyone having problem with the GPS? Mine is taking ages (if at all) to lock in on my location. Only Google Maps was able to lock in on my location within a few seconds, but other apps are taking forever to find my GPS location. I tried GPS Status and the waiting circle keeps on circling forever! Is there a fix for this?
Only GPS fix for SGS2 i am aware of is fasterfix and that only changes the NTP time server to a more local one .
jje
Thanks, JJ, you're a great help on this board I figured that it was my firewall which was restricting network access of the apps so they were not able to find out my location. The apps use a combination of GPS & cell/wifi network to lock the location, so I just gave them access and they started working.
Installed Fasterfix too, it's a useful tool.
Cheers!

GPS Privacy

Hi Guys I just wanted to ask, Does the GPS sends data to unknown sources like your personal info or how many apps you have and which etc. Or it just communicates location between the Chipset and the satelites and nothing else?.
I'm pretty positive it just communicates with satellites...
btw. GPS stands for Global Positioning System.
I don't know enough about GPS system to answer your question fully. But before you download apps it states the permission the apps have. Location permission probably means it will know your WiFi, cell and GPS location. You can use LBE Privacy to prevent the permissions, or PDroid, but that required rom patching to work. The only app I allow to have location permission is Maps.
In addition, new phones also use the Russian GLONASS satellites in combination with GPS.

How to share fake GPS location of android phone to Computer?

There are so many apps available to use fake GPS location to android.If we activated it all the apps(Which need internet) use that fake gps location. I want to share that fake gps location to my computer. When i using usb tethering or hotspot my pc get real gps location even i activated fake gps on phone. Is there any method to do this task.(In android emulator- i think not share internet of the phone)

Best way for faking gps?

Hi,
I currently have the problem, that since a couple months now I apparently have a new neighbor that brought his router with him. Apparently this router was previously located in another country, because since that time the Google geolocation places me somewhere in Germany (instead of Austria, where I live) - and this slowly drives me mad because it makes every app relying on geolocation more or less unusable while I am at home. Google Maps support ignored several reports sent via the Google Maps app, Google Enterprise support not gives a **** because they don't care about Google Maps and want a json call which reproduces the issue (and I cannot find the according MAC causing the problem)
Appart from that the internet suggests to get a GPS signal as often and as good as possible to fix such an issue. Unfortunately that doesn't work for the areas in my apartment where I have this problem. Therefore I bought a bluetooth GPS receiver. The idea was to put it outside onto the terrace, while my phone connects to the receiver from inside of the apartment (near the wifi ap). This way - so I thought - I would be able to bombard Google with the f*ink data, that I don't live at this f*ing place in Germany. Turns out, that the bluetooth range was too small for that and that I have to use "mock location" in the dev options to do that, which also seems to make Google make ignore its data.
That is also my problem with the various 'Fake GPS' apps. They use the mock location option and therefore get ignored. So now my question: What is the best way to fake the location, which also cannot be detected by Google? So that I can use that on the inside of my apartment to provide Google with the data needed to finally correct this wrong data. Currently I am trying out this xposed module https://repo.xposed.info/module/com.fakemygps.android Does anyone know about a better way?
So no secret druid knowledge of faking gps present in this forum?

I haven't found the "one" best mock location fake gps app - but I found a few good ones (I use Lexa the most but others are better but they have ads)

I haven't found the "one" best mock location fake gps app - but I found a few good ones that have ads.
But if I had to pick just one as the "best", I'd pick Lexa simply because it works without ads.
*Fake GPS Location* by Lexa​Free, no ads, requires gsf, rated 4.6, 456K reviews, 10M+ Downloads​<https://play.google.com/store/apps/details?id=com.lexa.fakegps>​​
Note that these mock location apps are set inside the operating system, such that EVERY app gets their information from them, and that these mock location apps can randomly move along roadways by a given distance per a given time period, and they can start at the last location, and they can randomize the amount of movement per second, and they can spoof the altitude, and some can set a specific exact location by the keyboard instead of only graphically, etc. They can even send the location to another phone or get the location from another phone if you want that.
Click to expand...
Click to collapse
But others (with ads) do a better job of random location following roadways with random movement time periods.
Others (with ads) can also shift the GPS location from one phone to another (either way) - but what use is that for you?
Also others (with ads) can spoof both the wi-fi provider & the GPS provider - but what use is that for you?
Which fake GPS mock location app do you feel is best and why?
GPS position falsification is currently not very effective when RIL is enabled on the phone. Apps can easily orient the phone in space based on the signal strength to the network operator's mast.
ze7zez said:
GPS position falsification is currently not very effective when RIL is enabled on the phone. Apps can easily orient the phone in space based on the signal strength to the network operator's mast.
Click to expand...
Click to collapse
For privacy reasons... I have every setting for location accuracy turned off, and I also have every unused radio on the phone turned off (e.g., NFC, bluetooth, gps, wi-fi, etc.) and my phone's wi-fi does NOT reconnect (auto-connect is turned off) as my home AP SSID is hidden (for privacy, not for security!) and it has a "_nomap" appended to keep out of the well-behaved databases such as Google/Mozilla, but not Wigle/Netstumbler/Kismet,etc, which aren't well behaved, and I randomize the phone's Wi-Fi MAC upon every connection - which is a new feature of Android 12 in Developer options, etc., ....
... But I had to look up what RIL stands for, so I thank you for bringing up that unknown-to-me Radio Interface Layer detail...
RIL references:
https://wladimir-tm4pda.github.io/porting/telephony.html
https://source.android.com/devices/tech/connect/ril
Specifically
Radio Interface Layer: It is the bridge between Android phone framework services and the hardware. In other words, it is the protocol stack for Telephone. The RIL consist of two primary components.​
RIL Daemon
Vendor RIL
RIL Daemon​​RILD will be initialized during the Android system start up. It will read the system property to find which library has to be used for Vendor RIL, provide the appropriate input for vendor RIL and finally calls RIL_Init function of Vendor RIL to map all the Vendor RIL functions to the upper layer. Each vendor RIL has RIL_Init function.​Vendor RIL​​It is a library specific to each modem. In other words, we can call it as a driver to function the modem. The RIL daemon will call the RIL_Init function with the device location (eg: /dev/ttyS0). It will initiate the modem and returns theRIL_RadioFunctions structure contains the handles of radio functions​
After skimming that RIL information, I'm not sure exactly what you're trying to tell me, but I guess you're saying that we can be geolocated when we make phone calls and even when we don't, in that the cell towers can be triangulated if the phone is in calling mode... which I understand full well.
But, in terms of privacy, how many apps that need to be fooled by their GPS location have access to that cell tower radio location information?
You understood correctly. A phone in call mode, as you wrote, can be easily located while moving.
The google map tricked out by "Fake GPS Location", does quite well while driving a car, as I recently verified in the field.
I don't analyze the app for route tracking.
ze7zez said:
You understood correctly. A phone in call mode, as you wrote, can be easily located while moving.
Click to expand...
Click to collapse
I agree with you that any phone, if it's going to be used for two (or three) things, will be easily tracked by those with the resources to do so
Make/receive phone calls
Send/receive sms/mms texts (mms requiring data)
Wi-Fi connections (aka "the Internet")
However, in all cases above, the geolocation isn't as accurate as with GPS (if you are judicious about your location settings), and, more to the point, the applications themselves don't have access to the cell tower information (although they do have access to your IP address, which can be roughly geolocated).
We have to assess our threat level where I'm not using fake location apps to hide from a well-funded TLA adversary; I'm using the fake location to simply hide from the likes of Google and other nefarious outfits that put the tracking APIs inside the code (which is why almost none of my apps require GSF).
ze7zez said:
The google map tricked out by "Fake GPS Location", does quite well while driving a car, as I recently verified in the field.
Click to expand...
Click to collapse
If what you're saying is that the mock location apps "fool" the likes of Google Maps, I fully agree with you. If... If... if...
If you don't allow Google Maps to run a more detailed analysis that is.
As an example, I recently ran a test inside of a local town where I had the fake location set to miles away, and Google Maps was telling me I was where the fake location said I was... but...
But... then Google Maps asked me to snap a photo so that it could better figure out where I was, and BINGO! It figured out where I was based on the video that I allowed (for test purposes) to show the storefronts.
When I tested it again without allowing the video to see anything of value (e.g., I panned to the mountains above), Google Maps could NOT geolocate me.
Likewise when you don't let Google Maps geolocate by WI-Fi address (although for all I know the camera mechanism sneakily allowed that as I'm well aware there are TWO APIs for turning on your GPS radio, one of which (from Google) is downright nefarious)...
ACTION: "android.lintent.action.MAIN"
PACKAGE: "com.google.android.gms"
CLASS: "com.google.android.gms.location.settings.LocationAccuracyActivity"
Click to expand...
Click to collapse
vs
Notice it's similar but different from the Android setting for accuracy.
ACTION: "android.intent.action.MAIN"
PACKAGE: "com.android.settings"
CLASS: "com.android.settings.Settings$ScanningSettingsActivity"
Click to expand...
Click to collapse
Notice that, for this very reason, you NEVER want to turn on your GPS radio from ANY Google app prompt!
ze7zez said:
I don't analyze the app for route tracking.
Click to expand...
Click to collapse
If you need to navigate and if you don't want to be tracked by Google, I found a little trick that works kind of nicely with the simple interfaces of the offline mapping programs.
Set your position as your destination in the mock location app
Use any offline map to set your current position as a waypoint
Then use the offline map app to route to your destination
Another "trick" that keeps you out of Google maps' databases is that you can easily get traffic using a web shortcut of the area you are currently traveling in - where you don't need to know your exact location in order to check out the traffic in front of you.
Yet another trick for traffic is that PLENTY of web sites provide Google traffic updates without logging into Google web servers (afaik), such as sigalert apps, 511 apps, and many local DOT apps such as caltrans (for California).
Overall, in summary, the mock location apps work to prevent apps that use your GPS location from tracking you - but as @ze7zez warned, it will only work for GPS and not for cell tower tracking.
GalaxyA325G said:
(...) the applications themselves don't have access to the cell tower information (...)
Click to expand...
Click to collapse
This is not true.
Go into your phone's service mode and see for yourself what the phone knows about the mast connection.
Here's a cheesy Cell Diagnostic app that I wrote myself:
Note that the only permissions that it uses is android.permission.READ_PHONE_STATE and android.permission.ACCESS_COARSE_LOCATION
It refuses to give you this information if you have "Location" turned off.
ze7zez said:
This is not true.
Go into your phone's service mode and see for yourself what the phone knows about the mast connection.
Click to expand...
Click to collapse
As always, you're correct... but.... you're being too narrow I think... in that debugging apps which we use when we need to are different from the run-of-the-mill apps we use all day every day...
There are only "some" apps, which I'm well aware of, that have your telephony information, such as this one which requires you to provide that permission first...
Once you manually provide that permission, yes, of course, the app has you dead in its sights... but most apps (that don't need it) don't ask for THAT much permission... (nor would you let them if they did).
Renate said:
Here's a cheesy Cell Diagnostic app that I wrote myself:
Note that the only permissions that it uses is android.permission.READ_PHONE_STATE and android.permission.ACCESS_COARSE_LOCATION
It refuses to give you this information if you have "Location" turned off.
Click to expand...
Click to collapse
You bring up a good point that a few Android releases ago Google cheated like hell by forcing apps to request "Location" being turned on in order for the app to display unrelated things such as "Wi-Fi signal strength"...
Which is ANOTHER good reason for being able to set the mock location... because the Wi-Fi Signal Strength of all nearby access points has nothing (per se) to do with your current GPS location.
EDIT: BTW, as a related aside, I post a billion screenshots to the Internet, where some of them contain GPS location - which - if spoofed - means I don't need to redact it in those screenshots. For other information though, such as the cell tower information, I never know how much to redact (for privacy) where you didn't redact anything on your screenshot.
Can you let me know which are the cellular tower information pointers that we should redact for privacy when posting screenshots?
https://forum.xda-developers.com/attachments/cell1-png.5676683/
The CDMA system has a place for actual Lat/Long. But, these cells are set up by various people and the amount of information in them is variable.
I've rarely seen lat/long on a CDMA signal
The LTE stuff only references cell number. You need a database to reference it to location.
I have a few cell numbers hard-coded to named location.
I can't even find my current tower on https://www.opencellid.org/
Renate said:
The CDMA system has a place for actual Lat/Long. But, these cells are set up by various people and the amount of information in them is variable.
Click to expand...
Click to collapse
I'm aware there are open signal public OSM cell-tower-location databases (which essentially suck - but which are good enough to track your general location) and then there are the "real" databases (which the carriers and the FCC kind of sort of keep to themselves.
Renate said:
I've rarely seen lat/long on a CDMA signal
The LTE stuff only references cell number. You need a database to reference it to location.
Click to expand...
Click to collapse
The reason open signal public OSM databases only "essentially" suck is because they're averages from lots of people, so, for example, a tower might be on the wrong side of the railroad tracks or in the middle of a river on those open signal public OSM maps when it's not really the case - but they're still good enough to geolocate you to a general area were I to publish the unique number in the screenshots.
Renate said:
I have a few cell numbers hard-coded to named location.
I can't even find my current tower on https://www.opencellid.org/
Click to expand...
Click to collapse
My tower is almost always my own femtocell or my cellular repeater (both of which I have but usually the femtocell wins out), which is unique to me (which is why I'm worried about privacy).
Unless you're in my driveway, only I would be using that femtocell (I don't know how far out they go, but it's not more than a few hundred feet at the most, isn't it?).
Hi, I'm a new member of the forum and this is my first post.
I've read this thread and it's an interesting discussion about layers in global positioning. But I have a simpler question out of curiosity;
is there perhaps a way to work around this plugin (https://github.com/wongpiwat/trust-location) without root / only with developer option, since I haven't found any fake gps app that could fool/bypass this part.
Or do I have to use a custom ROM to accomplish it?

Categories

Resources