Open vkrastanov opened 10 years ago
Actually one additional check can be made to secure the location even more - root check. I guess that even if mock location is disabled but the phone is 'rooted', spoofed locations can be send (haven't tested all this).
private static boolean isRooted() {
return findBinary("su");
}
public static boolean findBinary(String binaryName) {
boolean found = false;
if (!found) {
String[] places = {"/sbin/", "/system/bin/", "/system/xbin/", "/data/local/xbin/",
"/data/local/bin/", "/system/sd/xbin/", "/system/bin/failsafe/", "/data/local/"};
for (String where : places) {
if ( new File( where + binaryName ).exists() ) {
found = true;
break;
}
}
}
return found;
}
About mock locations, before thinking of blocking whatever (many cases to figure out, would need UI work), at least reporting if mock locations are enabled when sending locations -eg: POST ...&lat=1.23&lon=2.34&...&mock=[0|1]. Simple, and the blocking logic could be done somewhere else.
Any news on sending mock location status ? Thanks !
Nothing yet, as far as I know.
For my use case, just sending a "&mock=[0|1]" upstream would be enough. Your thoughts on this ? Thanks,
I think sending it as a boolean value would be better.
Whatever you think is the finest :) I'd be fine with booleans of course
I'm not interested (yet) in detecting whether devices are rooted or not, just detecting the basic spoofing case would be nice, my users are not supposed to root their company phones :)
It would be great if the client can detect whether "Allow mock location" is enabled and stop sending it's coordinates in order to prevent sending spoofed locations.
However some users want to use mock locations (for testing purposes for example), so it would be best if this check can be enabled/disabled and implemented with another feature: password protection for client settings.