While testing the app, we had to “get around” the geolocation check.
While Android offers many easy ways to spoof geolocation—including installing just one app (mock geolocation)—there are just as many methods for detecting this spoofing. In Android, geolocation itself isn’t considered a very reliable verification factor by developers.
On iOS, however, it’s considered more reliable; at the very least, the average iOS user isn’t going to set up a developer account and install the 9 GB Xcode. But what if it’s not as daunting as it seems—and is actually even easier than on Android?
Comparison
Let’s start by looking at the differences between the security methods that can be used on iOS versus Android:
| Name | Android | iOS | Description |
|---|---|---|---|
| Checking the current SSID/BSSID | + | ± | Android, access depends on permissions and location restrictions. On iOS, you can only retrieve the current Wi-Fi network if you meet Apple’s requirements via NEHotspotNetwork.fetchCurrent, but not a list of nearby networks. |
| Scanning nearby Wi-Fi SSIDs | + | - | Android has historically allowed Wi-Fi scanning with restrictions on permissions, throttling, and location. On iOS, a standard app cannot retrieve a list of nearby SSIDs; Apple explicitly states that there is no general API for a nearby Wi-Fi list. |
| Cell Tower | + | - | Android can retrieve cellular radio information via TelephonyManager.getAllCellInfo(), including registered/serving and neighboring cells, with ACCESS_FINE_LOCATION and telephony radio support. Results may be cached, rate-limited, unavailable, or partially unavailable depending on device, carrier, OS version, and permissions. iOS does not provide a public App Store-safe API to retrieve serving/neighboring cell tower IDs, LAC/TAC, signal strength, or nearby cell list. CoreTelephony exposes limited carrier/service-provider information, not tower-level radio scan data. |
Based on this, virtually every Android app can additionally request nearby networks and use them for internal geolocation via a third-party service. This data can be spoofed and is not a strong indicator.
On iOS, the situation is slightly different, and the requirements for apps are slightly different as well. It also explicitly prohibits the use of this data for geolocation. In any case, this data can be spoofed using a device acting as a network access point.
Neither platform has a direct way to detect developer mode, but there are detectors for Mock Location.
Location.isMock() — on Android.
CLLocation.sourceInformation?.isSimulatedBySoftware — on iOS.
On Android, any app you select for Mock Location will have the location.isMock=true flag set if the device isn’t rooted. However, in conjunction with deviceIntegrity, this can theoretically be avoided or made much more difficult.
On iOS, however, things are different. CLLocation can be generated by the app itself; that is, if you’re using a third-party toolkit other than Xcode, you can remove isSimulatedBySoftware=true
This is what we’ll take advantage of. We also won’t use any proprietary software—only open-source tools. So no Xcode, iTools, or 3uTools.
Solution: pymobiledevice3
Installation
You must have Python version 3.9 or higher installed.
0. In the terminal, run: python3 -m pip install -U pymobiledevice3
1. Unlock the device
2. Connect it to your computer via USB and authorize access
3. Tap “Trust” for this PC
4. Enable developer mode: pymobiledevice3 amfi enable-developer-mode
You may need to restart the device and repeat steps 1–4 if it doesn’t work the first time.
5. Check Settings -> Security & Privacy -> Security -> Developer Mode
6. Let’s check if our device is recognized: pymobiledevice3 usbmux list
where the response should be:
[
{
"BuildVersion": "23F84",
"ConnectionType": "USB",
"DeviceClass": "iPhone",
"DeviceName": "******",
"Identifier": "0000000-00000000000000",
"ProductType": "iPhone17",
"ProductVersion": "26.5.2",
"UniqueDeviceID": "0000000-00000000000000"
}
]Device detected.
7. Let’s select and mount the iPhone Developer Disk Image
pymobiledevice3 mounter auto-mount
After successful mounting, we can send the command:
pymobiledevice3 developer dvt simulate-location set --userspace -- <LAT> <LONG>
Now you can open any app, and it will display your geolocation at the selected point.
Final
We bypassed the security measures and gained access to features that should not have been available on this device. We’ve written recommendations on how to improve security and prevent certain scenarios.
Thank you for reading, and finally, I’d like to add: don’t rely on the user environment—it can always be spoofed.