Location Spoofing Detection
| Plan | Platforms | MASVS |
|---|---|---|
| Team | Android, iOS | MASVS-RESILIENCE-1 |
Overview
Location Spoofing Detection identifies signs that a device location may be simulated, manipulated, or inconsistent with normal movement. It helps protect location-dependent features such as geofencing, fraud controls, regional access, delivery workflows, telehealth eligibility, and location-based games.
When location spoofing risk is detected, AppTego applies your configured response.
When To Use It
Use this control for:
- Payments, account recovery, login, or fraud workflows that rely on location context.
- Ride-sharing, delivery, insurance, workforce, or field-service apps.
- Region-restricted content, pricing, gaming, or compliance rules.
- Enterprise or healthcare apps that require location-bound access decisions.
How It Works
The protected app evaluates platform location-integrity and movement-consistency signals where the host app already has location access. AppTego does not request location permission on behalf of the app.
Public documentation does not expose exact platform flags, tool names, movement thresholds, sampling cadence, or behavioral scoring logic.
How to Enable the Control
Navigate to Detection & Response from the AppTego portal, and expand the Network And Location Detection section. Under this section you will find the Location Spoofing Detection control. Click Enable Configuration, choose the response action, and save the configuration for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"LocationSpoofingDetectionResponse": {
"protection": false,
"detection": true,
"action": "alert",
"title": "Location Spoofing Detected",
"message": "This app does not permit simulated or manipulated locations.",
"buttons": ["OK"],
"actions": ["close"],
"redirects": [""]
}
}| Field | Purpose |
|---|---|
detection | Enables or disables location spoofing detection. |
protection | Included for schema consistency with other controls. |
action | Selects the response style, such as alert, close, log, or warn. |
title / message | User-facing text shown when a response is displayed. |
buttons / actions / redirects | Defines the available response buttons and their outcomes. |
Compatibility Notes
- The host app remains responsible for requesting and explaining location permissions.
- GPS drift, indoor signal loss, high-speed travel, tunnels, and location provider outages can affect location quality.
- Disable or soften this control in development builds that use simulated locations.
- For high-risk decisions, pair client-side detection with server-side location and velocity validation.