Mobile devices, such as, for example, smartphones, often have location determination capabilities. These capabilities may be based on global positioning system (GPS) technology or other methods. It is sometimes useful for the determined location to be passed to an application running on the device or for the location to be passed over a wireless network connection to a remote server so that the location may be used to provide services or other enhanced features to the user of the mobile device. In some instances, for example, mapping or navigational services may be provided to the user. As another example, listings of nearby restaurants or stores may be provided. As yet another example, location information may be provided to emergency responders.
Security and privacy concerns are of growing importance, however, and users of mobile devices may not want their location to be made available to unauthorized entities. Typically, an encryption based secure channel is established over the wireless network between the operating system (or an application) running on the mobile device and the remote server. This method is vulnerable, however, to a type of attack known as a “man-in-the-middle” attack, where a malicious application may gain control of the device and obtain access to the location information before it is encrypted. The malicious application may then redirect the location information to unauthorized entities (sometimes referred to as snooping) or may modify the location information prior to transmission to the intended destination (sometimes referred to as spoofing). In some cases, the modified (or counterfeit) location may be used to circumvent restrictions related to position.
Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications, and variations thereof will be apparent to those skilled in the art.