The problem is that you don't need root for GPS spoofing. Botters also don't care about SafetyNet (used to detect root before the game starts), since they reverse engineer the API and make REST calls directly. Furthermore, there are ways around the root check - mostly involving hiding the su binary and some additional tweaks.

Furthermore, you can buy GPS spoofing devices anwyay which you can just carry around with you in your pocket.

Is that really something that's available? Nothing turned up on a cursory web search, aside from a story about students building their own with $3,000 dollars worth of equipment (and it sure didn't fit in a pocket)

edit: And Wikipedia says "GPS spoofing attacks had been predicted and discussed in the GPS community previously, but no known example of a malicious spoofing attack has yet been confirmed"

They're highly illegal under US laws but from my reading around this topic, as someone who is currently building a gps-dependent app, is it's feasible.

It's cheaper than that. A HackRF and some sort of better clock and you're done.

http://www.rtl-sdr.com/cheating-at-pokemon-go-with-a-hackrf-...

Don't carry it around, though! Put the thing in a Faraday's cage, and use a cable through the mesh to get your Internet connection.

Furthermore, you don't need a device at all if you want to bot. The unofficial API (and client-side signing) was figured out a while back.

Got a link for that? I'd like to go read about it. Primarily as what NOT to do ... :)

Man, you can probably crash some planes with those.

Only if you carry the plane in your pocket too or set a way too high output power while sitting inside one, if even then.

To be fair, that's probably highly illegal if caught by the fcc.

The FCC only has business in the US though.

Almost every country has something like that. The Dutch Agentschap Telecom will hunt you down for transmitting a fake GPS signal too.

The thing is, nobody cares if you send a signal too weak to go beyond a meter of your pocket. That's why it's totally legal to send FM on registered frequencies as long as your output is under a certain amount. Same with WiFi even.

I heard about someone looking into GPS spoofing once in the context of catching drones, even nearby ones (e.g. fly near to it). It takes a lot of energy to do that and was basically not practical outside of military settings.

This is not always true - FM transmitters were not legal in the UK, regardless of power, until 2011 or so. Can't imagine anyone was actually prosecuted for using one, though.

If there is no chance of getting caught anyway, there is only moral law. Since you're not disturbing anyone with an FM transmitter in your car that transmits only as far as you car radio, it passes moral law.

Interesting to learn that it wasn't legal in the UK though. I wouldn't know of the legality in the Netherlands, but I know they're in use and nobody's complaining.

Wow. You really have to stop drinking the Kool-Aid. This actually was the first thing they did, and very possibly the only thing they've done specific to Pokemon.

Niantic uses the same techniques they used for Ingress to deal with GPS spoofers, and they're not that advanced. Play for an unrealistically long period of time without stopping and you might get a tempban and flagged for careful examination. Appear to travel at jet plane speeds by performing non-idempotent actions without stopping by an airport first, or doing this too many times in a short period, and you'll also get flagged for possible banning. Beyond that, they're really not doing much and it doesn't really qualify as "advanced localtion anomaly detection". You're giving Niantic far too much credit.

do you see PC multiplayer game devs block users that know the admin password?