I need a way to spoof the GPS on my phone without alerting the clock-in software that I'm using a third party app to do it. I have android
I suspect that the clock-in software is checking for developer options > mock gps > select app. I've tried a couple different gps spoofing apps with the same result "it appears you are using a third party GPS app. Please disable it before clocking out"
CA in this context is certificate authority? Sorry my tech knowledge has diminished over the years
Ah yes sorry should have clarified that. Need to be your own certificate authority to break encryption.
Will this and this lead me in the right direction you think?
Depends on how deep you want to go. Mitmproxy takes care of most of these steps for you. You simply have to install the CA yourself.
https://docs.mitmproxy.org/stable/concepts-certificates
Sorry for the second reply just wanted to make sure you got notified of this:
It would probably prudent to mitm the app-server connection regardless just to see what kind of data it collects especially if you're using it on your personal phone. Be aware that having a company app installed on your personal phone might entitle your company to look at your phone depending on the legal set up that you agreed to. Precisely in order to check on people who might be working around their "accountability apps".
Also depending on the situation they might in theory be able to ascertain where you are, or at least where you are not depending on the IP used to connect to their server, I don't know how advanced you think their anti-fraud measures are but just to keep in mind that any data sent could be used against you.
If you want to go the mitmproxy route definitely disable the mobile internet connection because if your wifi drops and you dont connect to the server via the proxy it would send the unaltered GPS data.