禁用/检查模拟位置(防止 gps 欺骗) [英] Disable / Check for Mock Location (prevent gps spoofing)

问题描述

寻找在 Android 上防止/检测 GPS 欺骗的最佳方法.关于如何完成的任何建议，以及可以做些什么来阻止它?我猜用户必须打开模拟位置来欺骗 GPS，如果这样做了，那么他们可以欺骗 GPS?

Looking to find the best way to prevent / detect GPS spoofing on Android. Any suggestions on how this is accomplished, and what can be done to stop it? I am guessing the user has to turn on mock locations to spoof GPS, if this is done, then they can spoof GPS?

我想我只需要检测是否启用了模拟位置?还有其他建议吗?

I guess I would need to just detect if Mock Locations are enabled? Any other suggestions?

推荐答案

我做了一些调查并在这里分享我的结果，这可能对其他人有用.

I have done some investigation and sharing my results here,this may be useful for others.

首先，我们可以检查 MockSetting 选项是否打开

First, we can check whether MockSetting option is turned ON

public static boolean isMockSettingsON(Context context) {
    // returns true if mock location enabled, false if not enabled.
    if (Settings.Secure.getString(context.getContentResolver(),
                                Settings.Secure.ALLOW_MOCK_LOCATION).equals("0"))
        return false;
    else
        return true;
}

其次，我们可以检查设备中是否有其他应用在使用android.permission.ACCESS_MOCK_LOCATION(Location Spoofing Apps)

Second, we can check whether are there other apps in the device, which are using android.permission.ACCESS_MOCK_LOCATION (Location Spoofing Apps)

public static boolean areThereMockPermissionApps(Context context) {
    int count = 0;

    PackageManager pm = context.getPackageManager();
    List<ApplicationInfo> packages =
        pm.getInstalledApplications(PackageManager.GET_META_DATA);

    for (ApplicationInfo applicationInfo : packages) {
        try {
            PackageInfo packageInfo = pm.getPackageInfo(applicationInfo.packageName,
                                                        PackageManager.GET_PERMISSIONS);

            // Get Permissions
            String[] requestedPermissions = packageInfo.requestedPermissions;

            if (requestedPermissions != null) {
                for (int i = 0; i < requestedPermissions.length; i++) {
                    if (requestedPermissions[i]
                        .equals("android.permission.ACCESS_MOCK_LOCATION")
                        && !applicationInfo.packageName.equals(context.getPackageName())) {
                        count++;
                    }
                }
            }
        } catch (NameNotFoundException e) {
            Log.e("Got exception " , e.getMessage());
        }
    }

    if (count > 0)
        return true;
    return false;
}

如果上述两种方法，第一种和第二种方法都是正确的，那么位置很可能是欺骗或伪造的.

If both above methods, first and second are true, then there are good chances that location may be spoofed or fake.

现在，可以通过使用 Location Manager 的 API 来避免欺骗.

Now, spoofing can be avoided by using Location Manager's API.

我们可以在向两个提供商(网络和 GPS)请求位置更新之前删除测试提供商

We can remove the test provider before requesting the location updates from both the providers (Network and GPS)

LocationManager lm = (LocationManager) getSystemService(LOCATION_SERVICE);

try {
    Log.d(TAG ,"Removing Test providers")
    lm.removeTestProvider(LocationManager.GPS_PROVIDER);
} catch (IllegalArgumentException error) {
    Log.d(TAG,"Got exception in removing test  provider");
}

lm.requestLocationUpdates(LocationManager.GPS_PROVIDER, 1000, 0, locationListener);

我已经看到 removeTestProvider(~) 在 Jelly Bean 和更高版本上运行得非常好.这个 API 在 Ice Cream Sandwich 之前似乎是不可靠的.

I have seen that removeTestProvider(~) works very well over Jelly Bean and onwards version. This API appeared to be unreliable till Ice Cream Sandwich.

Flutter 更新:使用 Geolocator 并检查 Position 对象的 isMocked 属性.

Flutter Update: Use Geolocator and check Position object's isMocked property.

这篇关于禁用/检查模拟位置(防止 gps 欺骗)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！