25

I need a way to spoof the GPS on my phone without alerting the clock-in software that I'm using a third party app to do it. I have android

I suspect that the clock-in software is checking for developer options > mock gps > select app. I've tried a couple different gps spoofing apps with the same result "it appears you are using a third party GPS app. Please disable it before clocking out"

top 13 comments
sorted by: hot top controversial new old
[-] LanyrdSkynrd@hexbear.net 10 points 1 year ago

There's an Xposed module for this. Make sure you have the latest version of lsposed installed before trying it.

https://modules.lsposed.org/module/com.android1500.gpssetter

[-] fatalError@lemmy.sdf.org 9 points 1 year ago

You would probably need to root the phone for that to work. If it is a company phone I would not recommend it though.

[-] Capt_ACAB@hexbear.net 11 points 1 year ago

It's not a company phone and it's already rooted

[-] LoveSausage@lemmygrad.ml 8 points 1 year ago* (last edited 1 year ago)

Not sure but aren't there magisk modules for that? Might be a way

[-] ElGosso@hexbear.net 8 points 1 year ago

Just tape the phone to the underside of a city bus

[-] mathemachristian@lemm.ee 7 points 1 year ago

I don't know how the encryption works on your phone, but I used mitmproxy to spoof GPS data sent by an app to a server. Need to be able to install and use your own CA though which is a hassle in android.

[-] Capt_ACAB@hexbear.net 6 points 1 year ago* (last edited 1 year ago)

CA in this context is certificate authority? Sorry my tech knowledge has diminished over the years

[-] mathemachristian@lemm.ee 4 points 1 year ago

Ah yes sorry should have clarified that. Need to be your own certificate authority to break encryption.

[-] Capt_ACAB@hexbear.net 1 points 1 year ago

Will this and this lead me in the right direction you think?

[-] mathemachristian@lemm.ee 1 points 1 year ago* (last edited 1 year ago)

Depends on how deep you want to go. Mitmproxy takes care of most of these steps for you. You simply have to install the CA yourself.

https://docs.mitmproxy.org/stable/concepts-certificates

[-] mathemachristian@lemm.ee 3 points 1 year ago* (last edited 1 year ago)

Sorry for the second reply just wanted to make sure you got notified of this:

It would probably prudent to mitm the app-server connection regardless just to see what kind of data it collects especially if you're using it on your personal phone. Be aware that having a company app installed on your personal phone might entitle your company to look at your phone depending on the legal set up that you agreed to. Precisely in order to check on people who might be working around their "accountability apps".

Also depending on the situation they might in theory be able to ascertain where you are, or at least where you are not depending on the IP used to connect to their server, I don't know how advanced you think their anti-fraud measures are but just to keep in mind that any data sent could be used against you.

If you want to go the mitmproxy route definitely disable the mobile internet connection because if your wifi drops and you dont connect to the server via the proxy it would send the unaltered GPS data.

[-] comrade_pibb@hexbear.net 4 points 1 year ago

mitmproxy makes it pretty simple, once you're connected it will intercept requests to http://mitm.it and provide a download option for the Android ca

[-] Maoo@hexbear.net 4 points 1 year ago

What you want is either an alternate location services provider that can generate plausibly fake location streams or a middle layer that is deeply embedded in the OS. Privacy/security-focused Android projects use one of these techniques, but usually with real location data. For example, using LineageOS with privileged microG comes with alternative location providers like Mozilla's.

My personal knowledge of the actual fake data generators is pretty bad, though. I haven't personally spoofed location in a way that's intended to work in the way you need.

For the microG version, you'd be using https://github.com/microg/UnifiedNlp with a spoof plugin. I'm not aware of a spoof plugin but wouldn't be surprised if one existed. There is also this app but it looks pretty crude: https://github.com/wesaphzt/privatelocation

IMO to defeat spoofing detection you'd need something a little more sophisticated. Something that embeds a proper simulation of a person traveling, then being still, and having some biased noise / systematic accuracy reporting added depending on the location. Could be a good side project for a lefty to work on...

this post was submitted on 14 Oct 2023
25 points (100.0% liked)

technology

23313 readers
139 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

founded 4 years ago
MODERATORS