mock location check

[vkrastanov]

It would be great if the client can detect whether "Allow mock location" is enabled and stop sending it's coordinates in order to prevent sending spoofed locations.

// returns true if mock location enabled, false if not enabled.
if (Settings.Secure.getString(getContentResolver(),
       Settings.Secure.ALLOW_MOCK_LOCATION).equals("0")) 
       return false; 
       else return true;

However some users want to use mock locations (for testing purposes for example), so it would be best if this check can be enabled/disabled and implemented with another feature: password protection for client settings.

[vkrastanov]

Actually one additional check can be made to secure the location even more - root check. I guess that even if mock location is disabled but the phone is 'rooted', spoofed locations can be send (haven't tested all this).

private static boolean isRooted() {
    return findBinary("su");
}

public static boolean findBinary(String binaryName) {
    boolean found = false;
    if (!found) {
        String[] places = {"/sbin/", "/system/bin/", "/system/xbin/", "/data/local/xbin/",
                "/data/local/bin/", "/system/sd/xbin/", "/system/bin/failsafe/", "/data/local/"};
        for (String where : places) {
            if ( new File( where + binaryName ).exists() ) {
                found = true;
                break;
            }
        }
    }
    return found;
}

[oliv3]

About mock locations, before thinking of blocking whatever (many cases to figure out, would need UI work), at least reporting if mock locations are enabled when sending locations -eg: POST ...&lat=1.23&lon=2.34&...&mock=[0|1]. Simple, and the blocking logic could be done somewhere else.

[oliv3]

Any news on sending mock location status ? Thanks !

[tananaev]

Nothing yet, as far as I know.

[oliv3]

For my use case, just sending a "&mock=[0|1]" upstream would be enough. Your thoughts on this ? Thanks,

[tananaev]

I think sending it as a boolean value would be better.

[oliv3]

Whatever you think is the finest :) I'd be fine with booleans of course

[oliv3]

I'm not interested (yet) in detecting whether devices are rooted or not, just detecting the basic spoofing case would be nice, my users are not supposed to root their company phones :)