[vincnetas]

Good question. I still think that its up to user to decide what data he shares with app. If its crucial for app to know that gps position is not faked, app could do some heuristic. Check if user is not moving faster than some limit, does not stop moving for extended periods of time etc. Basically anticheat engine. Only area where this whould be relevant i think is online multiplayer games. Otherwise, if user is faking gps he is messing up his own experience.

[mavhc]

2 different permissions: Possible faked GPS data, and Not faked GPS data. An app would really need to explain why it can't accept possibly faked GPS data.

https://developer.android.com/guide/topics/sensors/gnss on android now apps can access the raw gps data, which is much harder to fake

[duxup]

I like that idea, although to me that is kinda the status quo and I'm not sure the folks who want to be able to fake anything at will would be ok with that.

[duxup]

>Only area where this whould be relevant i think is online multiplayer games.

That's the issue with augmented reality games like Pokemon Go.

[chii]

i argue it's not an issue. If the user decides to spoof to cheat in the game, there are other ways to detect it (such as speed limiting - which, as i understand, pokemon go already does).

If the app wants to force a user to not modify their phone just so they have a secure enclave for which they can implement DRM, then i can't agree to it. This includes things like spoofing, but also things like memory edits or hacking save files, or anything else client side. If the app needs secure storage that's unchangeable, they can save it on their servers.

[duxup]

Spoofing is an issue even if you limit yourself to a reasonable speed. You don't have to spoof yourself everywhere all at once.