1

Lets say I want to make an app that gives points to users depending on how many countries they visit (using the GPS).

1) Is it possible to actually cheat in this from the phone?

2) Obviously, you can also make someone log in from their phone in their country. Is it possible to bind the phone to the account? Do phones have some kind of unique ID? I want users to be able to change phone, but one phone should only be able to login with the account its bound to.

mathkid91
  • 659
  • 2
  • 10
  • 27

2 Answers2

2

Android

You can fake your location with a simple app.

You could try to use this methods Disable / Check for Mock Location (prevent gps spoofing) described by Doug below but I'm not sure they are full-proof...

iOS

It's a bitter "safer" but... you can check more info here.

Community
  • 1
  • 1
neteinstein
  • 17,529
  • 11
  • 93
  • 123
  • Awww maaaan.... So there are no clever way around, whatsoever?? ... I guess some kind of timer between positions... :/ – mathkid91 Feb 15 '16 at 19:17
  • But bear in mind that it's not the common user that knows that location can be "cheated". So.. – neteinstein Feb 15 '16 at 19:21
  • 1
    On ios this is not possible (at least not without using special GPS simulators costing around 20000$), the link you give shows only self-cheating, so within your own app, or when physically accessing a device and putting it in developper mode, using XCode. – AlexWien Feb 16 '16 at 18:32
  • @NeTeInStEiN, hi, i would like to get your attention to this question, http://stackoverflow.com/questions/35539960/how-to-get-release-build-apk-file-using-proguard, your help would be greatly appreciated – Pankaj Nimgade Feb 22 '16 at 04:07
  • @NeTeInStEiN, yes I did get the answer, Thank you for your time – Pankaj Nimgade Feb 23 '16 at 05:07
2

You can make it harder for people to cheat, but you cannot ultimately stop the possibility of cheating.

First of all, someone could simply reverse engineer your server's APIs and call them with whatever data you want, completely bypassing Android.

But if you assume that your server's APIs cannot be reverse engineered, on Android, you can check in your code if the GPS is being using other apps by checking this other question:

Disable / Check for Mock Location (prevent gps spoofing)

Community
  • 1
  • 1
Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441