search

mozilla / MozStumbler

Android Stumbler for Mozilla
http://location.services.mozilla.com
Mozilla Public License 2.0
618 stars 213 forks source link

Check for test/fake GPS data #510

Closed hannosch closed 10 years ago

hannosch commented 10 years ago

rdandu suggested this in email:

Can we do some basic checks in MozStumbler to make sure the following is not corrupting data on the device: a) Mock Location: Enable mock locations should not be turned on https://developer.android.com/training/location/location-testing.html b) Fake GPS: https://play.google.com/store/apps/details?id=com.lexa.fakegps

tamcap commented 10 years ago

I'm against very strong checks over those. I have both those features present - they have legitimate purposes. MozStumbler's GPS code makes FakeGPS very inconvenient to use anyway...

hannosch commented 10 years ago

If I understood rdandu correctly, he just wants to make sure we don't upload data to the service, which is based on false / fake GPS readings. That sounds like a reasonable idea to me.

illarionov commented 10 years ago

You should note that Mock location API (Locationmanager.addTestProvider()) is used by all applications that implements support of external GPS receivers. I.e. item a. is not compatible with the #381 . However, another possible verification is to watch for the number of visible satellites (to require at least 3). Android does not have API to mock this number and it is hard to fake it on non-rooted devices.

martinthomson commented 10 years ago

The ability to add new location providers is not something we want to mess with, but the idea would be to look at the specific location provider and blacklist the standard testing provider.

Djfe commented 10 years ago

Might help: http://stackoverflow.com/questions/6623945/check-if-geo-location-has-been-spoofed -> we can look at the data and see whether it is correct Good spoofers can go around it, but we could detect even root methods with it

crankycoder commented 9 years ago

@Monotronics no, this is to detect spoofed locations. We actually now use this API in our simulation mode anyway.

Djfe commented 9 years ago

@Monotronics this got merged but we encountered issues so it got unmerged again: some devices (like mine) don't have valid NMEA data so some people couldn't report data anymore.

before checking NMEA the idea was to prohibit mock locations and fake gps but all those ideas got scraped now anyway -> you should be able to use bluetooth gps devices

it all didn't work out the right way anyway and if somebody would want to upload "faked" then he could do that already by using the API, probably. (there are some ways to go around the api key restriction)

EDIT: btw. Minions ftw. :D