I need a way to spoof the GPS on my phone without alerting the clock-in software that I'm using a third party app to do it. I have android
I suspect that the clock-in software is checking for developer options > mock gps > select app. I've tried a couple different gps spoofing apps with the same result "it appears you are using a third party GPS app. Please disable it before clocking out"
There's an Xposed module for this. Make sure you have the latest version of lsposed installed before trying it.
https://modules.lsposed.org/module/com.android1500.gpssetter
You would probably need to root the phone for that to work. If it is a company phone I would not recommend it though.
Not sure but aren't there magisk modules for that? Might be a way
I don't know how the encryption works on your phone, but I used mitmproxy to spoof GPS data sent by an app to a server. Need to be able to install and use your own CA though which is a hassle in android.
CA in this context is certificate authority? Sorry my tech knowledge has diminished over the years
Ah yes sorry should have clarified that. Need to be your own certificate authority to break encryption.
Depends on how deep you want to go. Mitmproxy takes care of most of these steps for you. You simply have to install the CA yourself.
https://docs.mitmproxy.org/stable/concepts-certificates
Sorry for the second reply just wanted to make sure you got notified of this:
It would probably prudent to mitm the app-server connection regardless just to see what kind of data it collects especially if you're using it on your personal phone. Be aware that having a company app installed on your personal phone might entitle your company to look at your phone depending on the legal set up that you agreed to. Precisely in order to check on people who might be working around their "accountability apps".
Also depending on the situation they might in theory be able to ascertain where you are, or at least where you are not depending on the IP used to connect to their server, I don't know how advanced you think their anti-fraud measures are but just to keep in mind that any data sent could be used against you.
If you want to go the mitmproxy route definitely disable the mobile internet connection because if your wifi drops and you dont connect to the server via the proxy it would send the unaltered GPS data.
mitmproxy makes it pretty simple, once you're connected it will intercept requests to http://mitm.it and provide a download option for the Android ca
What you want is either an alternate location services provider that can generate plausibly fake location streams or a middle layer that is deeply embedded in the OS. Privacy/security-focused Android projects use one of these techniques, but usually with real location data. For example, using LineageOS with privileged microG comes with alternative location providers like Mozilla's.
My personal knowledge of the actual fake data generators is pretty bad, though. I haven't personally spoofed location in a way that's intended to work in the way you need.
For the microG version, you'd be using https://github.com/microg/UnifiedNlp with a spoof plugin. I'm not aware of a spoof plugin but wouldn't be surprised if one existed. There is also this app but it looks pretty crude: https://github.com/wesaphzt/privatelocation
IMO to defeat spoofing detection you'd need something a little more sophisticated. Something that embeds a proper simulation of a person traveling, then being still, and having some biased noise / systematic accuracy reporting added depending on the location. Could be a good side project for a lefty to work on...
