numbersprotocol
Capture App: Issue - Vulnerability to spoofing of GPS location (Android)
Issue:
The GPS location of a capture in the android version of the Capture App can be spoofed using free third party apps and developer options in android settings.
Steps to reproduce:
- Download a third party app for GPS spoofing and select a desired location on the map in this app.
- Go to Android settings > Developer options > Select Mock location app > select the respective third party app from the list.
- Open Captures App > Shoot a capture using phone's camera
Current app behaviour:
False location data is stored in blockchain as chosen in the 3rd party spoofing app.
Expected app behavior:
Location data is stored in blockchain according to the real GPS data instead of the false one.
Context:
This spoofing of GPS location could be abused by people who will use the Capture App for news sharing purposes. They can act as if they are in an area of incident without physically being there. And this has the potential to spread misinformation.
Tested device: Redmi Note 4 OS: Android 7.0 Capture App version: 0.43.1
┆Issue is synchronized with this Asana task by Unito
Consult the Ionic team for the best practice and had some conversations with them regarding this issue today. The feedback is, this should be a piece of cake, just a two-liner task :P. I will update once they provide the reference solution.
Thank you for sharing this issue with us. We have scheduled this item and will be working on this soon. Keep an eye our for updates and appreciate the patience.
