25

I need a way to spoof the GPS on my phone without alerting the clock-in software that I'm using a third party app to do it. I have android

I suspect that the clock-in software is checking for developer options > mock gps > select app. I've tried a couple different gps spoofing apps with the same result "it appears you are using a third party GPS app. Please disable it before clocking out"

you are viewing a single comment's thread
view the rest of the comments
[-] mathemachristian@lemm.ee 7 points 1 year ago

I don't know how the encryption works on your phone, but I used mitmproxy to spoof GPS data sent by an app to a server. Need to be able to install and use your own CA though which is a hassle in android.

[-] Capt_ACAB@hexbear.net 6 points 1 year ago* (last edited 1 year ago)

CA in this context is certificate authority? Sorry my tech knowledge has diminished over the years

[-] mathemachristian@lemm.ee 4 points 1 year ago

Ah yes sorry should have clarified that. Need to be your own certificate authority to break encryption.

[-] Capt_ACAB@hexbear.net 1 points 1 year ago

Will this and this lead me in the right direction you think?

[-] mathemachristian@lemm.ee 1 points 1 year ago* (last edited 1 year ago)

Depends on how deep you want to go. Mitmproxy takes care of most of these steps for you. You simply have to install the CA yourself.

https://docs.mitmproxy.org/stable/concepts-certificates

[-] mathemachristian@lemm.ee 3 points 1 year ago* (last edited 1 year ago)

Sorry for the second reply just wanted to make sure you got notified of this:

It would probably prudent to mitm the app-server connection regardless just to see what kind of data it collects especially if you're using it on your personal phone. Be aware that having a company app installed on your personal phone might entitle your company to look at your phone depending on the legal set up that you agreed to. Precisely in order to check on people who might be working around their "accountability apps".

Also depending on the situation they might in theory be able to ascertain where you are, or at least where you are not depending on the IP used to connect to their server, I don't know how advanced you think their anti-fraud measures are but just to keep in mind that any data sent could be used against you.

If you want to go the mitmproxy route definitely disable the mobile internet connection because if your wifi drops and you dont connect to the server via the proxy it would send the unaltered GPS data.

[-] comrade_pibb@hexbear.net 4 points 1 year ago

mitmproxy makes it pretty simple, once you're connected it will intercept requests to http://mitm.it and provide a download option for the Android ca

this post was submitted on 14 Oct 2023
25 points (100.0% liked)

technology

23313 readers
142 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

founded 4 years ago
MODERATORS