禁用/检查模拟位置（prevent GPS欺骗） [英] Disable / Check for Mock Location (prevent gps spoofing)

问题描述

展望找到prevent的最佳方式/检测GPS欺骗在Android上。如何对此有何建议得以完成，可以做些什么来阻止它？我猜测，用户必须打开模拟地点恶搞GPS，如果这样做，那么他们可以欺骗GPS？

Looking to find the best way to prevent / detect GPS spoofing on Android. Any suggestions on how this is accomplished, and what can be done to stop it? I am guessing the user has to turn on mock locations to spoof GPS, if this is done, then they can spoof GPS?

我想我会只是需要检测，如果启用了模拟地点？任何其他建议？

I guess I would need to just detect if Mock Locations are enabled? Any other suggestions?

推荐答案

我已经做了一些调查，并在这里分享我的结果，可能对他人有用的。

I have done some investigation and sharing my results here , may be useful for others.

首先，我们可以检查是否MockSetting选项是打开的。

First we can check whether MockSetting option is turned ON

 public static boolean isMockSettingsON(Context context) {
  // returns true if mock location enabled, false if not enabled.
  if (Settings.Secure.getString(context.getContentResolver(),
                                Settings.Secure.ALLOW_MOCK_LOCATION).equals("0"))
     return false;
  else
     return true;
 }

其次，我们可以检查是否有在设备中其他应用程序，它使用的是android.permission.ACCESS_MOCK_LOCATION。 （地点欺骗应用程序）

Second we can check whether are there other apps in the device , which are using android.permission.ACCESS_MOCK_LOCATION . ( Location Spoofing Apps)

 public static boolean areThereMockPermissionApps(Context context) {

  int count = 0;

  PackageManager pm = context.getPackageManager();
  List<ApplicationInfo> packages =
     pm.getInstalledApplications(PackageManager.GET_META_DATA);

  for (ApplicationInfo applicationInfo : packages) {
     try {
        PackageInfo packageInfo = pm.getPackageInfo(applicationInfo.packageName,
                                                    PackageManager.GET_PERMISSIONS);

        // Get Permissions
        String[] requestedPermissions = packageInfo.requestedPermissions;

        if (requestedPermissions != null) {
           for (int i = 0; i < requestedPermissions.length; i++) {
              if (requestedPermissions[i]
                  .equals("android.permission.ACCESS_MOCK_LOCATION")
                  && !applicationInfo.packageName.equals(context.getPackageName())) {
                 count++;
              }
           }
        }
     } catch (NameNotFoundException e) {
        Log.e("Got exception " + e.getMessage());
     }
  }

  if (count > 0)
     return true;
  return false;
  }

如果两个以上的功能第一和第二属实，那么有一些位置可能是伪造的或假的大多数机会。

If both above functions first and second are true , then there are most chances that location may be spoofed or fake.

现在，欺骗，可避免使用位置管理器的API -

Now ,spoofing can be avoided by using Location Manager's API -

我们可以从两个供应商请求位置更新（网络和GPS）

We can remove the test provider before requesting the location updates from both the providers (Network and GPS)

LocationManager lm = (LocationManager) getSystemService(LOCATION_SERVICE);

try {
          Log.d(TAG ,"Removing Test providers")
          lm.removeTestProvider(LocationManager.GPS_PROVIDER);
     } catch (IllegalArgumentException error) {
          Log.d(TAG,"Got exception in removing test  provider");
     }

 lm.requestLocationUpdates(LocationManager.GPS_PROVIDER, 1000, 0, locationListener);

我已经看到，removeTestProvider（〜）的作品非常好了软糖及以后的版本。直到ICS此API将似乎是不可靠的。

I have seen that removeTestProvider(~) works very well over jellybean and onwards version. Till ICS this api would appears to be unreliable.

这篇关于禁用/检查模拟位置（prevent GPS欺骗）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！