The app might be able to detect the pattern generated by the fake data generator and refuse to work in that instance. E.g. apple's approximate location feature often puts you into the city center at a very specific location. It's trivial to detect devices that are always at that precise location and only move around in discrete steps between those points.
This can lead to an arms race where the OS creates increasingly advanced/realistic fake data, and apps get increasingly sophisticated logic.
So I'm not a fan of solving this the technical way. A policy is way better, but you need to be able to enforce it.
Sure, it'll lead to arms race like you describe on one side, but let's say 99% of the apps won't even engage in that arms race if the fake data is generic enough to cause a high number of false positives (blocking someone who's not actually faking the data).
Then, we can focus on the remaining 1% of worst offenders to actually enforce the policy.
This can lead to an arms race where the OS creates increasingly advanced/realistic fake data, and apps get increasingly sophisticated logic.
So I'm not a fan of solving this the technical way. A policy is way better, but you need to be able to enforce it.