Open junaidshaikh787 opened 4 years ago
This issue has been already opened at #13
On rooted devices there are some manager application which also passes the safetynet tests and can be used to systemize almost any application. Even the root check of this application might get bypassed. what about the application which are systemized and used for location spoofing in which the mock location options are not required
What's the problem with rooted devices? It's not a banking app! Why would anyone spoof location on such an app?
So why exactly do you think users of rooted devices do not deserve protection?
I own several devices, which are rooted as I use them for development and stuff, and blocking rooted devices will simply make me not use the app. And I'm sure, many many other users will agree. So, I think it's not logical to block rooted devices on every single app, even when it's unnecessary.
you may not need root access always. Just enabling developer option is more than enough. there we can select location mock option with any location faking apps. Also most apps fail or carelessly exclude checking mac address or further screening related to mock location
While i agree with the opinions here.. 1.Root access can help in spoofing my location to a safer location and show my indicator to be green
Location data is by definition client side data and in this case there is no option but to trust it for the functionality of the app. Whatever client-side checks are implemented in the app for stopping mock location etc., a malicious actor could bypass them in their own build of the app and continue to remain malicious.
The application is vulnerable to location spoofers which let them allow to enable mocklocation and use any third party app and the major problem are the handset with root access which can manupulate the application location by systemizing the spoofing apps