iOS 检测模拟位置 [英] iOS detect mock locations

问题描述

目前我正在开发一个应用程序，其中地理定位功能是其最重要的功能.实际上，我们非常担心模拟 GPS 值.我已经阅读了很多关于在 iOS 和 Android 上模拟位置的评论，其中大多数倾向于解释未越狱的 iOS 设备无法模拟位置，但事实是我已经创建了另一个项目，其中包含一个 GPX 文件来模拟在那个项目上的位置，当执行时，整个系统都认为我在另一个城市.我所有的 locationManager 回调都告诉我，我在具有正确时间戳的模拟位置上，伪造整个信息，就像它是真实的一样.这完全破坏了我们应用程序的目的，因为用户可以伪造去过的地方.

Currently I'm working on an App which geolocation capabilities are its most important feature. Actually we're very concerned about getting GPS values mocked up. I've read a lot of comments regarding mocking locations on both iOS and Android and most of them tend to explain an unjailbroken iOS device can't mock locations, but the truth is I've created another project, with a GPX file to mock up location on that project and when executed, the entire system believes I'm in another city. All my locationManager callbacks tell me I'm on the mocked location with the proper timestamp, faking the entire information like it was real. That breaks entirely the purpose of our App, as the user can fake where has been.

有什么方法可以检测并防止这种行为?我假设一个封闭的目标，攻击者必须是开发人员才能让这个漏洞利用工作，但是唉，它仍然存在

Is there any way to detect this behaviour and prevent it? I'm assuming a closed target, the attacker must be a developer in order to this exploit to work, but alas, it's still there

推荐答案

问题:有没有办法检测到这种行为并阻止它?

实际上有两个独立的问题:(1)如何检测，(2)如何预防?

Question: Is there any way to detect this behaviour and prevent it?

There actually are 2 separate questions: (1) how to detect, and (2) how to prevent it?

[模拟位置] 回调几乎在调用 startUpdatingLocation 后立即返回，然后每隔一秒重复调用一次.如果我们选择一个固定的位置，位置也是一样的.这是一个例子:

[simulated locations] callback returns almost immediately after calling startUpdatingLocation, and then repeatedly called every exactly one second. Also the locations are all the same if we choose a fixed location. Here is an example:

location: <+51.50998000,-0.13370000> +/- 5.00m (speed -1.00 mps / course -1.00) @ 30.03.15 14:12:48 Час: Індокитай
location: <+51.50998000,-0.13370000> +/- 5.00m (speed -1.00 mps / course -1.00) @ 30.03.15 14:12:49 Час: Індокитай
location: <+51.50998000,-0.13370000> +/- 5.00m (speed -1.00 mps / course -1.00) @ 30.03.15 14:12:50 Час: Індокитай
location: <+51.50998000,-0.13370000> +/- 5.00m (speed -1.00 mps / course -1.00) @ 30.03.15 14:12:51 Час: Індокитай
location: <+51.50998000,-0.13370000> +/- 5.00m (speed -1.00 mps / course -1.00) @ 30.03.15 14:12:52 Час: Індокитай
location: <+51.50998000,-0.13370000> +/- 5.00m (speed -1.00 mps / course -1.00) @ 30.03.15 14:12:53 Час: Індокитай
location: <+51.50998000,-0.13370000> +/- 5.00m (speed -1.00 mps / course -1.00) @ 30.03.15 14:12:54 Час: Індокитай

[真实位置] 需要几秒钟(如果第一次运行)回调然后随机重新调用.即使您根本不移动，您也可以看到这些位置之间的重大变化.这是一个例子:

[real locations] It takes a few seconds (if first run) to call back and then randomly re-call. Also you can see the when significant changes among those locations even if you don't move at all. Here is an example:

location: <+10.77219361,+106.70597441> +/- 67.39m (speed -1.00 mps / course -1.00) @ 30.03.15 14:16:26 Час: Індокитай
location: <+10.77213011,+106.70591088> +/- 65.00m (speed -1.00 mps / course -1.00) @ 30.03.15 14:16:31 Час: Індокитай
location: <+10.77219507,+106.70587790> +/- 65.00m (speed -1.00 mps / course -1.00) @ 30.03.15 14:16:38 Час: Індокитай
location: <+10.77214753,+106.70587741> +/- 65.00m (speed -1.00 mps / course -1.00) @ 30.03.15 14:16:49 Час: Індокитай

(2) 的答案:为了防止，我现在只是暂时解决，我们需要查找至少 3 个位置来确定它是模拟位置还是真实位置.

提醒，这只是检测模拟位置的临时解决方案.未来，Apple 可能会改变这种行为.

Answer for (2): To prevent, I just work around for now, we need to look up at least 3 locations to decide it's simulated or real location.

Remind, it's just temporary solution to detect simulated locations. In the future, Apple may change the behaviour.

顺便说一句，我还尝试在方案中禁止 xCode 上的模拟位置:不幸的是，它仍然允许模拟位置.

By the way, I've also tried to disallow simulate location on xCode at scheme: Unfortunately, it still allows simulated locations.

您可能知道的更多问题这里.希望对您有所帮助.

Some more issues you may know here. Hope it help.

这篇关于iOS 检测模拟位置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！