简体繁体 English

在 iOS sdk 中检测/停止位置欺骗？

[英]Detect/Stop Spoofing of Location possible in iOS sdk?

原文 2014-01-07 08:07:24 7 6 ios/ iphone/ geolocation/ location/ core-location

I am having an application in which users need to visit particular locations.我有一个应用程序，用户需要在其中访问特定位置。 When users are nearby to this location a form is being open to fill.当用户在此位置附近时，将打开一个表单以供填写。 I have doubt that some users are spoofing their current locations(using any other application) and filling form at their home.我怀疑某些用户是否在欺骗他们当前的位置（使用任何其他应用程序）并在家中填写表格。 Means fooling to my application.意味着愚弄我的应用程序。

I searched on Apple store and there is no application available for GPS spoofing or the application which can spoof location coordinates for other application in the iOS device.我在 Apple Store 上搜索过，没有可用于 GPS 欺骗的应用程序或可以为 iOS 设备中的其他应用程序欺骗位置坐标的应用程序。

I googled it and found that spoofing is possible on Jailbroken devices and some applications are available on Cydia store like "akLocationX", "Fake Location" etc. Below is the article on the same.我在谷歌上搜索，发现越狱设备上可能存在欺骗行为，Cydia 商店中提供了一些应用程序，例如“akLocationX”、“Fake Location”等。下面是相同的文章。

http://www.addictivetips.com/ios/easily-fake-iphone-current-location-aklocationx/ http://www.additivetips.com/ios/easily-fake-iphone-current-location-aklocationx/

Could anyone help me, how can I stop this location spoofing on Jailbroken devices?任何人都可以帮助我，如何在越狱设备上阻止此位置欺骗？

6 个解决方案

Based on another StackOverflow question ( Identify jailbroken device from iOS application ), you can detect if your app is running with some known jailbreak tools, and take an alternate code path, such as disabling that part of your app (but do not exit or crash your app, as that may cause your app to fail AppStore testing). 根据另一个StackOverflow问题（识别来自iOS应用程序的越狱设备），您可以检测您的应用程序是否与某些已知的越狱工具一起运行，并采用备用代码路径，例如禁用应用程序的该部分（但不要退出或崩溃）您的应用程序，因为这可能会导致您的应用程序无法通过AppStore测试）。

As for always getting the real location, you can't really - your app can only run in the environment it has - if the environment is a jailbroken iPhone, and a hack running in that environment causes the geolocation api to report its location is on Tattooine or Atlantis, then thats what your app will get. 至于总是得到真实的位置，你真的不能 - 你的应用只能在它拥有的环境中运行 - 如果环境是越狱的iPhone，并且在该环境中运行的黑客导致地理位置api报告其位置是纹身或亚特兰蒂斯，这就是你的应用程序将得到的。 Next best option is to try detecting jailbroken devices (as above) and change your app's behaviour. 下一个最佳选择是尝试检测越狱设备（如上所述）并更改应用程序的行为。

To spoof a location, it's not even needed to jailbreak the device. 为了欺骗一个位置，甚至不需要越狱设备。 It can be simply done in Xcode by running an app with a simulated location. 它可以通过运行具有模拟位置的应用程序在Xcode中完成。 I don't think it makes sense to detect this spoofing in the first place. 我认为首先检测这种欺骗是不合理的。

The other posters are correct, one great way to check is to verify if the device is jailbroken. 其他海报是正确的，一个很好的检查方法是验证设备是否越狱。

But, even if the device isn't jailbroken, it is still possible to fake the GPS location with a nearby GPS transmitter. 但是，即使设备没有越狱，仍然可以使用附近的GPS发射器伪造GPS位置。 So let's assume (although it is highly unlikely), that your user has this. 因此，我们假设（尽管不太可能），您的用户就是这样。

Technically, it is possible to detect if the GPS location is fake or not. 从技术上讲，可以检测GPS位置是否是假的。 However, your ability to do so is dependent on if the person faked other information as well such as nearby Wifi networks, or their external IP (such as using a VPN). 但是，您这样做的能力取决于此人是否伪造了其他信息，例如附近的Wifi网络或其外部IP（例如使用VPN）。

Reference: GPS Jamming Devices 参考： GPS干扰设备

Method A - Wifi 方法A - Wifi

You can detect the wireless networks nearby and then lookup their locations and compare that to the one reported by your GPS. 您可以检测附近的无线网络，然后查找其位置并将其与GPS报告的位置进行比较。 There are a couple of issues however. 但是有几个问题。

Keep In Mind 记住

You must maintain network access to the internet. 您必须保持对Internet的网络访问。
You must use private APIs to do this which are not approved for usage by apps within the AppStore so you would never be able to publish it there. 您必须使用私有API来执行此操作，这些API未被AppStore中的应用程序批准使用，因此您永远无法在那里发布它。
Wifi must be enabled on the device and your app doesn't have any control to enable or disable it. 必须在设备上启用Wifi，您的应用程序无法启用或禁用它。
The GPS location of the Wifi hotspot may not be accurate, but is often more accurate than that obtained from a device's internet IP such as in method B. Wifi热点的GPS位置可能不准确，但通常比从设备的互联网IP获得的更准确，例如在方法B中。

References: 参考文献：

Method B - Your device IP 方法B - 您的设备IP

You can connect to an online service which returns your location information based on your IP. 您可以连接到在线服务，该服务根据您的IP返回您的位置信息。 You can then compare this to the GPS location which you were provided. 然后，您可以将其与您提供的GPS位置进行比较。

This will get through the app store review process, however... 这将通过应用商店审核流程，但是......

Keep In Mind 记住

You must maintain network access to the internet. 您必须保持对Internet的网络访问。
Your device IP maybe through a VPN which may report a location other than that which the device actually exist in. 您的设备IP可能通过VPN，可能会报告设备实际存在的位置以外的位置。
The GPS location information for the device's internet IP may not be accurate. 设备的互联网IP的GPS位置信息可能不准确。
You can't rely on your device's current network IP, you must query it from an internet source. 您不能依赖设备的当前网络IP，必须从Internet源查询。 This is because your device may exist behind a firewall, gateway, or other network barrier. 这是因为您的设备可能位于防火墙，网关或其他网络屏障后面。
Your device IP location will NOT be very accurate, you could confirm a city/state in most cases, but any finer detail isn't likely to be accurate. 您的设备IP位置不会非常准确，您可以在大多数情况下确认城市/州，但任何更精细的细节都不可能准确。

References: 参考文献：

IPLocation IPLocation
WhatIsMyIpAddress WhatIsMyIpAddress

This is a tricky issue. 这是一个棘手的问题。 It is unlikely to be able to prevent spoofing 100% because it is up to the client to inform the server their location. 它不太可能100％防止欺骗，因为客户端可以通知服务器他们的位置。

There is one way to reduce the spoofing (not eliminate it completely) by validating the IP address of users with geolocation database in the server. 通过验证服务器中具有地理位置数据库的用户的IP地址，有一种方法可以减少欺骗（不能完全消除欺骗）。 You can make sure the user is really based in a city. 您可以确保用户确实位于城市中。

Sounds scary for an app :) 一个应用听起来很可怕:)

Anyway, there is now a proper way of dealing with this: iBeacon (dev doc here ). 无论如何，现在有一个正确的方法来解决这个问题： iBeacon （dev doc here ）。

The basic principle is this: 基本原则是这样的：

Set up physical beacon devices at the location that the users need to be 在用户需要的位置设置物理信标设备
Use CLBeaconRegion to monitor the proximity to these beacons (the beacons use Bluetooth Low Energy to communicate with the iOS device) 使用CLBeaconRegion监控这些信标的距离（信标使用蓝牙低功耗与iOS设备通信）
This might be trickier to fake (as the user will at least need to reverse-engineer one of the beacons), but I don't think they are cryptographically secure so it is still possible to fake it 伪造这可能比较棘手（因为用户至少需要对其中一个信标进行反向工程），但我不认为它们在加密方面是安全的，因此它仍然可以伪造它
Even if you roll your own crypto-beacon, a user could always steal one of your beacons :) 即使你滚动自己的加密灯塔，用户也可以随时窃取你的一个信标:)

Starting from iOS 15 Apple provided a public API to address this challenge.从 iOS 15 开始，Apple 提供了一个公共 API 来应对这一挑战。

CLLocation exposes its source in a property called sourceInformation of type CLLocationSourceInformation CLLocation在类型为CLLocationSourceInformation名为sourceInformation的属性中公开其源

And, CLLocationSourceInformation has a property called isSimulatedBySoftware并且， CLLocationSourceInformation有一个名为isSimulatedBySoftware的属性