Comment by atmanactive
Comment by atmanactive 5 days ago
If you decompiled the app, then yes, you could spoof GPS. Still, a well behaved backend would stop you in your tracks.
The user is not self-reporting, the app is.
Again, just because something can't be 100% bulletproof it doesn't mean it needs to stay wide open.
That's a fair argument in general, though in this case I would both say that
- the risk of somehow abusing self-reported city-level location data is very low
- the effort involved in bypassing the proposed security measure is so exceedingly little, anyone who is passingly motivated to abuse it will also simply do that
As someone who works in the digital risk business, I fully subscribe to managing risk and that (as you say) 100% security is usually not a realistic option. Weighing risks against benefits is key, though