Select release
Introduction

Home

Installation

Configuration

Initialization

Common Usage Scenarios

Recommended Responses to Security Issues

Google Play Prominent Disclosure

SafetyNet Google Play Warning

Device Fingerprinting

Troubleshooting

Release Notes

Migration to Version 1.2.x

Migration to Version 1.0.x

Runtime Protection

RASP Features Overview

Debugger Detection

Emulator Detection

Root Detection

Repackaging Detection

Screen Sharing Detection

Blocking Screen Readers

Screenshot Blocking and Detection

Tapjacking Protection

HTTP Proxy Detection

VPN Detection

Screen Lock Usage

Google Play Protect Status

Changing Process Name

Detection of ADB Status

Detection of Developer Options Status

Detection of Biometry Enrollment Status

Detection of Active Call

App Presence Detection

Spoofed Location Detection

Activity protection

RASP Observer

Anti-Malware

Anti-Malware Use-Cases

Anti-Malware Feature Overview

Malware Threat Identification

Malware Threat Mitigation

Listening to App Changes

Installer identification

Smart Protection

Smart Protection UI Customization

Spoofed Location Detection

View product develop

Android devices provide a way to spoof (mock) location for development purposes. Unfortunately, mocked locations are often misused to mask fraudulent activities. For this reason, it’s vital for a financial app to detect whether the obtained location is genuine.

Android supports mock location functionality via configuring a “mock location application” in the developer settings.

Malwarelytics for Android is able to check whether an obtained location was mocked and to detect whether an application capable of mocking location is present on the device.

Configuration

There’s no configuration for the feature.

Usage

After initialization, the spoofed location detection feature can be accessed via RaspManager. This can be used to perform manual checks.

Triggering a Manual Check

Spoofed location detection consists of two separate manual checks:

  1. Checking if a Location object was mocked.
  2. Listing installed apps capable of mocking locations.

Checking If Location Was Mocked

A location object can be checked whether it was mocked by calling the isLocationMocked(Location): Boolean method.

val isMocked = raspManager.isLocationMocked(location)

Listing Installed Apps Capable of Mocking Locations

If the application uses android.permission.QUERY_ALL_PACKAGES permission. The SDK can list all applications that are capable of mocking the location.

In case the application doesn’t use the QUERY_ALL_PACKAGES permission, the feature becomes ineffective and always returns an empty list of apps.

More information about QUERY_ALL_PACKAGES permission can be found in troubleshooting section.

The list of apps capable of mocking location can be triggered manually in RaspManager by calling the getSpoofedLocationDetection() method. A data class containing the list of apps identified by their package names is returned.

val spoofedLocationDetection: SpoofedLocationDetection = raspManager.getSpoofedLocationDetection()
val mockLocationApps: List<String> = spoofedLocationDetection.mockLocationApps

More information on general RASP feature configuration and usage can be found in this overview.

Last updated on Jul 22, 2024 (21:34) View product
On this page:
Search

develop

Malwarelytics for Android