Food Delivery App: How to Detect Location Spoofing Fraud for Android

Wondering why is it important to detect location spoofing? Let us explain. The popularity of mock location apps has increased following the release of popular games like Pokemon GO. More and more people are using fake location apps not only to play games but also to cause fraud by setting fake locations. Hence while developing Food Delivery Apps or any Delivery Apps for Grocery, Parcel, Courier, Medicine etc will always face fraudulent activities. In this blog we are majorly focusing on enhancing the online food ordering experience by detecting fake gps location set by 3rd party apps on the device. As every Food Deliver App comes with some amazing features like real-time analytics, live tracking, etc. Such features are developed to enhance user and the restaurant experience where they can see where the driver is once they pick up the order. 

For a customer the excitement of your food near you is unmatched. Food delivery app development companies around the world see live tracking as a very important feature of the food delivery application. But when the apps gets into the real world there are real challenges faced by Food deliver apps like Uber eats, Swiggy are quite different. Hence today a food delivery app developer needs to make sure that the app can detect App Cloning, fake GPS location, location spoofing, use of Virtual Private Network (VPN), proxies, mobile emulators, or any other techniques use to hide or obscure users true location. Fraud can happen anytime and with anything. Hence when developing a Food Delivery App securing an app at the code level is highly important.

App cloning sometimes seems to be of great help, but many times people use it in ways that cause losses to the companies. Before we dig into how & why location spoofing is done? How to avoid it, let’s have a quick look into exactly what it is. 

Location Spoofing: Understanding What is Location Spoofing?

Spoofing functions in a complex manner. It is majorly malpractice where the original location of a GPS-enabled device is overridden with some other location. To spoof the address, the attacker uses a radio transmitter that reflects fake signals and disturbs the receivers’ GPS in the vicinity. Thus, the GPS locations displayed are fake. 

The simplest way to spoof your location is to download a third-party app that fakes the location and shares it with other applications. 

Talking Numbers 

If you own a food delivery app or have any other delivery business, then you have probably been a victim of the issue. As we talk about the issue, there would be someone in your locality who would be faking their locality to their friends or family. 

• The GPS spoofing on Food Delivery Applications is around 11.9M
• The number of devices generating hoax locations using GPS Spoofing on food delivery applications is 80k 
• Around 2.6% of devices are registered with multiple driver accounts 
• Not just this, around 1.9% of devices seem to have multiple consumer accounts

One shocking fact that would surprise you is 

“Location spoofing on Food Delivery Applications is 6.5 times more than any other application.”

Related Post: Track a Mobile for Free – Best Location Tracking Apps in 2022

A Quick Look at How Cloning and Faking Locations Work 

Back in time the Android and iOS app developers created a MockedLocation to let them test the location tracking feature of the application they work on. It was enabled using the explicit setting on developer mode or simulator. 

To check if the location is faked, there’s a generic code “isFromMockProvider” with Android’s API.

Without jailbreaking, mocking the location of the iOS device is next to impossible. Here is the catch. Android is open source and location can be forged using a few applications available on Google Play Store. The API check we have discussed above sometimes fails considering the rooting of the device to gain some privileges. Spoofing is one of the biggest issues that most logistic and food delivery apps like Zomato, Swiggy, etc. are suffering from. 

How Cloning Is Done?

The simplest way to spoof your location is to simply download a location spoofing app. Some of the techniques that these applications use to spoof your location are: 

Technique 1: Simply bring a slight change to the package name like from in.XYZ.app to in.XYZ.app2 

Technique 2: Install the application and store it in a different location. 

Technique 3: Sandboxing. A technique where the hacker runs the application in a virtual setup. 

The use of app cloners in conjunction with GPS spoofing is quite effective. It might be quite challenging to determine whether location pings are genuine because certain cloners even permit designating faked locations as the original.

The Far Reach of GPS Spoofing Issue

Some food delivery applications took an initiative to realize the size and scope of the issue before they come up with a scalable and logical solution. Swiggy took an initiative where they launched a project “Fight Against Fraud” to develop and implement a series of preventive measures to curb the loss. 

Looking back in April 2021, they have initiated the basic preventive measure where: 

• Check if the developer mode was on
• Verify if the device is rooted
• Check if the location is hoaxed using Android’s isFromMockProvider API
• See the list of applications installed that allow access to the user’s phone’s location using ACCESS_MOCK_LOCATION
• Cross-check if anytime the package name was renamed
• Check if the application was installed using a storage path other than the usual one
• Look if the Android Work Profile option was enabled and the app was running

The research and the efforts revealed some shocking facts. 

• Around 8% of users run a cloned application on their devices which could easily make up a fake location
• Although not many used the clone apps, it was found the problem was much bigger than it was anticipated. 

Related Post: Best Food Delivery Apps & Services in 2022

Why Locations Spoofing Is an Issue? 

Location spoofing is a big problem that most delivery-based applications are facing. The biggest struggle in the picture is: 

1. Excess Time Investment 

Any business monetizes on the time in which it operates. Due to spoofing, sometimes the time to deliver the order is extended, which reflects in the loss to the food delivery business. 

2. Unhappy Customers 

One of the biggest reasons why a business may see a downward graph is dissatisfied customers. A lot of times, the delivery partners forge their location and mark orders delivered without actually delivering them. 

3. Loss of Resources 

Another important factor to consider here is sometimes customers order food from fake locations and then make stories against no delivery and other things, blaming the organization and enjoying compensation

The delivery services have recently found the loss due to these issues can be reduced if the practices are changed and better security and monitoring measures are adopted. The location spoofing problem is prevailing in the market for long enough, it is recently when the food delivery app market exploded that the issue made a significant loss. 

The Solution: Step 1 to Protecting Business 

The food delivery applications can keep a list of the applications that shouldn’t be utilized in conjunction with their product. Apps that let users clone, and create false GPS, and similar attacks must be prohibited at once. If you find any of these apps installed, let your delivery partners know so they can keep away from choosing to take orders from Swiggy. However, there were thousands of apps available both inside and outside of the app store, making it impossible to maintain the list of apps that were greylisted.

The applications these days come up with a novel approach where a confidence score could be calculated from the abuse signals. Here the strategy is straightforward: the app admin would only take action if the risk classification of the cloning signals produced a high confidence score considering starting off assuming there isn’t any bad intent.

Swiggy’s Way Out after detection of location spoofing

Swiggy has been excellent when it comes to customer care and thus figured out a way to push users to update the app to a newer version in order to get better results. For this, the food delivery giant employs a minimum version configuration on Firebase, which is assessed when a user runs an application. Before continuing to log in, the user must now upgrade the app.

Wrapping Up Detection of Location Spoofing!

As you partner with a food delivery app development company, make sure to discuss the technicalities and other details before you move forward. It is important that your food delivery app is laden with the latest technology and features that would help you upscale your business easily and be your customers’ favorite!