Our latest iOS and Android SDK update brings an exciting addition: the introduction of new methods that offers the flexibility to toggle specific security settings within the SDK.
With this enhancement, you have the ability to take charge of security features tied to network access, checks for rooted/jailbroken devices, Bluetooth access, and external accessory connections. We refer to it as the toggleSecurity() Method.
This update was purposefully made to help developers tailor their security settings of the SDK to align seamlessly with their application's requirements.
We're here to provide you with a clear and simple walkthrough that sheds light on the significance of these capabilities and their practical application in a use case.
How it works
Simply put, our SDK's security method functions by causing the SDK to generate error events according to predefined security settings and conditions. When security checks are turned on and a specific event denoted as "x" is identified, the tracking process will be temporarily paused to ensure data protection.
The developer can personalize and customize the configuration of this security method, which varies depending on the specific use case.
Let's use bluetooth to illustrate how an error event is triggered:
Bluetooth Enabled
This alert occurs when our Bluetooth security checks are activated and Bluetooth functionality is detected as enabled. In such instances, our tracking system temporarily pauses to mitigate potential vulnerabilities associated with Bluetooth connections. This measure ensures that your data remains safeguarded.
Bluetooth Access Denied
Similar to the previous scenario, this alert arises when security checks are engaged, but access to Bluetooth is intentionally disabled. Consequently, our tracking mechanism halts to uphold the security of your information.
Bluetooth Access Status Unknown
In this analogous scenario, the status of Bluetooth access cannot be definitively determined. As a precautionary step, our location tracking temporarily ceases to ensure the integrity of your data.
Whether enabled, disabled, or in an unknown state, these scenarios signify instances where tracking will be suspended to maintain a secure environment for your data.
Our SDK when it detects an error event:
Use Cases
This method comes in handy for location spoofing prevention. For the casual reader, It’s like an anti-spoofing-location-consistency-software-mechanic. Not sure that helps.
Location spoofing refers to the act of falsifying the GPS coordinates of a device to make it appear as if it is located in a different place than it actually is. Houdini stuff. We’ve written an in-depth article on mock location prevention, which is all about location spoofing, if you want to familiarize yourself further with the topic.
Prevention of location spoofing exists to ensure that location-based apps and services receive accurate and reliable location data from the device's GPS receiver, as opposed to spoofed location data. The average person uses location spoofing apps like VPN to access location-restricted content or services because streaming platforms, like Netflix, have regionally distinct catalogs. They also use it for privacy reasons, like protection of personal data.
That said, the practice of location spoofing can have various malicious purposes, such as cheating in location-based games, evading location-based restrictions, or providing false information. Roam’s SDK security method will detect that false location information, and by stopping the tracking it will make an alert of the false activity.
Let’s get to the use case.
This security method is effective in preventing criminals from spoofing their location data and going about some illegal activity.
Take for example a network security check. In order to achieve location spoofing, you can turn off your network connectivity to prevent being seen in the actual location you are broadcasting your spoofed GPS location from. That’s why an error event is triggered when a network is disabled, which would stop tracking until network access is restored.
People also attempt GPS spoofing by jailbreaking their phone. I feel like this term hasn't been used much since the early days of iPhones.Back then, people would jailbreak their phones to customize the interface. At least that's what friends of mine did.
Regardless, jailbreaking smartphones is still a thing in the world of GPS spoofing and that’s why our security method tracks whether a device is rooted.
You’ll get some folks going as far as building external accessories to achieve GPS spoofing. We’re legitimately talking about GPS spoofing computers. They’ll plug their phone to these spoofing computers to broadcast a fake GPS location. That’s what our security method also checks.
Read more
If you want to read about our new toggleSecurity() method update and more, follow these links on github for Android and iOS.