Master the Art of GPS Spoofing: Tricks to Fake Your Phone’s Location

Uncover apps and techniques to change locations on iPhone and Android for fun and practical uses

Tim Fisher

What to Know

• You can change your Android phone’s GPS location using a free app from the Google Play Store.
• To spoof your iPhone location, use a desktop program like 3uTools on a Windows or Mac computer.
• Be careful, as fake GPS can change your location for all apps, like maps and weather apps.

This article explains how to spoof a GPS location on your phone. In most cases, faking the location on your iPhone or Android affects every location-based app on your device.

Spoof Android Location

Search for “fake GPS” on Google Play, and you’ll find many options, some free and others not, and some requiring root access.

One app that doesn’t need you to root your phone—so long as you’re using Android 6.0 or newer—is called Fake GPS Location Spoofer, and it’s my favorite choice for changing my phone’s location. It’s straightforward to use, as you’ll see:

The information below should apply no matter who made your Android phone: Samsung, Google, Huawei, Xiaomi, etc.

1. Install Fake GPS Location Spoofer. It works on Android 4.4 and up.
2. Open the app and accept any prompts you see. You’ll need to tap Allow to let the app send notifications, and While using the app to give it location access.
3. Tap Accept if you see a terms prompt, then choose Enable from the message about mock locations at the bottom.
4. Choose Developer Settings to open that screen, tap Select mock location app toward the very end of the page that opened, and then select FakeGPS Free.

If you don’t see this screen, turn on developer mode and then return to this step. In some Android versions, you have to put a check in the box next to the Allow mock locations option on the Developer options screen.

1. Use the back button to return to the app. Search for the location you want to fake on your phone (you can also drag the map to position the pointer). If you’re creating a route, tap and hold on the map to place markers.
2. Tap the play button at the bottom of the screen to enable the fake GPS setting.

You can close the app and open Google Maps or another location app to see if your GPS location has been spoofed. To get your real location back, press the stop button.

If you’re interested in trying a different Android location spoofer, we’ve confirmed that the following free location-changing apps work much like FakeGPS Free: Fake GPS, Fly GPS, and Fake GPS Location. Another method is to use Xposed Framework to install a location-spoofing app.

Spoof iPhone Location

Faking your iPhone location isn’t as easy as on an Android device—you can’t just download an app. However, software makers have built desktop programs that make this easy.

Fake iPhone or iPad Location With 3uTools

3uTools is the best way to spoof the location of your iPhone or iPad because the software is free, and I’ve confirmed that it works with iOS 17 and iPadOS 17, so it’s likely also compatible with other versions of these operating systems.

1. Download and install 3uTools. This was tested on Windows 11, but it works in other versions of Windows as well, plus macOS.
2. With your iPhone or iPad plugged in, select Toolbox at the top of the program, and then VirtualLocation from that screen.

1. Select somewhere on the map, or use the search bar, to choose where you want to fake your location.
2. Select Modify virtual location, and then OK when you see the “succeeded” message.

If you see a prompt about Developer Mode, follow the steps on the screen to turn that on.

Restart your device to pull real GPS data again.

Fake iPhone or iPad Location With iTools

Another way to change your iPhone’s location without jailbreaking is by using iTools from ThinkSky. It runs on Windows and macOS and can simulate movement, but it isn’t free indefinitely. It works with iOS 16 and older versions.

1. Download and install iTools. You might have to select Free Trial at some point before it fully opens.
2. Plug your device into your computer and navigate to Toolbox > Virtual Location.

1. If you see this screen, select the image in the Developer Mode section to agree to download the iOS Developer Disk Image file.
2. Search for a location from the top of the screen, and then select Go to find it on the map.
3. Select Move here to instantly fake your location.

The iTools website has more information on how to use the map. It can also simulate a route.

You can now exit the Virtual Location window in iTools as well as the program itself. If you’re asked whether to stop the simulation, you can choose No to make sure that your fake GPS location stays even when you unplug your phone.

To get your real location back, return to the map and select Stop Simulation. You can also reboot your device to immediately start using its real location again.

Remember that you can fake your phone’s location with iTools only within the 24-hour trial period; you’ll need to use an entirely different computer if you want to run the trial again. The fake location will remain as long as you don’t restart your device.

Why Would You Fake Your Location?

There are lots of situations where you might set up a fake GPS location, both for fun and for other reasons.

Maybe you want to change your location so that something like a dating app thinks you’re a hundred miles away, perfect if you’re planning to move somewhere and want to get ahead of the dating game.

Spoofing your location might also come into play when using a location-based game like Pokémon GO. Instead of having to travel several miles away to pick up a different Pokémon type, you could trick your phone into telling the game that you’re already there, and it will assume your fake location is accurate.

Other reasons to set up a mock GPS location might be if you want to “travel” to Tokyo and check in to a restaurant you’ve never actually been to, or visit a famous landmark to trick your Facebook friends into thinking you’re on an extravagant vacation.

You can also use your fake location to fool your family or friends in your location-sharing app, to hide your real location from apps that request it, and even to set your real location if GPS satellites aren’t doing a great job at finding it for you.

Changing your GPS location doesn’t hide your phone number, mask your IP address, or alter other things you do from your device.

GPS Spoofing Problems

Before getting started, please know that although it can be a lot of fun to fake your location, it’s not always helpful. Plus, because GPS spoofing isn’t a built-in option, it isn’t just a click away to get it going, and location fakers don’t always work for every app that reads your location.

If you install one of these apps on your phone to use it for, say, a video game, you’ll find that other apps that you want to use your real location with will also use the fake location. The game might very well use your spoofed address to your advantage, but if you open your navigation app to get directions somewhere, you’ll have to either turn off the location spoofer or manually adjust your starting location.

The same is true for other things like checking in to restaurants, staying current on your family-based GPS locator, checking the surrounding weather, etc. If you’re tricking your location system-wide for everything on your phone, it will affect the location in all your location-based apps.

Some websites falsely claim that using a VPN will change your GPS location. This is not true for most VPN apps, as their primary purpose is to hide your public IP address. Only a few VPNs include a GPS override function.

FAQ

• How do you share your location on iPhone?

Open the Find My app and select People > + > Share My Location. Enter the name or number of the contact you want to share your location with and select Send. Choose the amount of time you want to share your location (one hour, until the end of the day, or indefinitely) and select OK.

• How do you turn off your location on iPhone?

If you’re concerned with privacy on your iPhone, you can tell it to stop tracking your location. Go to Settings > Privacy & Security > Location Services and flip the toggle to Off.

• How do you find the location of an iPhone?

Open the Find My app, select Devices, and then choose the device you want to locate. If the phone can be located, it appears on the map. If it can’t, you will see “Offline” under its name. Its last known location is displayed for up to 24 hours.

• How can you see the location history on an iPhone?

Your iPhone keeps track of significant places you’ve visited, and you can review these. Go to Settings > Privacy & Security > Location Services > System Services > Significant Locations.

• How do you change the weather location on an iPhone?

Tap and hold your finger on the Weather widget, and then select Edit “Weather”. Tap My Location and then choose a new one from the list that pops up, or use the search bar. The new location is now the default.

• How do you share a location from iPhone to Android?

Open Contacts, select the contact, and then choose Share My Location. You can also share your location using Google Maps: Menu > Location sharing > Share location.

Telematics hacking: Three things you need to know

Jamming and spoofing may be your greatest threats

Sean Kilcarr

If you haven’t heard the terms “jamming” and “spoofing” in relation to trucking telematics before, you are not alone, for both are highly rare forms of telematics hacking in the U.S.

Yet Guy Buesnel, product manager for the positioning & navigation business unit at Spirent Communications, warns that such activity has occurred in overseas freight markets and could eventually make their way here to the U.S.

“GPS jamming is very prevalent right now, and the jamming equipment is easily procured and very inexpensive,” he told Fleet Owner. “We know that criminals are starting to use jammers to carry out crimes. For example, in Italy gangs have been targeting shipments of scrap metal. They hijack a truck, force the driver to pull over, hold the driver captive and then use a GPS jammer so the cargo can’t be tracked as they drive off with it.”

One of the more “insidious effects” of GPS jamming in Buesnel’s estimation is that as a jammer gets closer to a receiver, the receiver might start outputting hazardously misleading information such as incorrect information on position and time.

“Without understating how your receiver behaves with jamming and spoofing attacks, you’re taking a really big risk in trusting the data it outputs,” he explained.

Spoofing, however, is “a little trickier” to conduct, Buesnel said, because spoofing is actually about “faking” a GPS signal.

“So far there hasn’t an instance where someone has spoofed by faking a satellite signal,” he explained. “However, we know spoofing is going to be a real threat because criminals are already getting into application software and faking GPS coordinates.”

For fleets, Buesnel thinks spoofing is going to become a real threat to navigation, positioning, and timing systems.

“In order to cope with this, you need to know how robust your equipment is today and to be prepared,” he emphasized. “And you can only do that if you assess your risks and then test your equipment against current and future trends.”

That includes closely monitoring how a trucking company’s information technology (IT) network is constructed as well.

“With fleet networks, often the focus is on the trucking and delivery aspects, and all too often the IT components—servers, routers, firewalls, etc.—aren’t necessarily taken as seriously,” Buesnel noted.

“But people can get into the networks and start messing with data, which can impact delivery schedules, for example,” he explained. “This can easily be addressed by looking at what you’re building and figuring out how to properly secure it.”

Cyber security is also becoming a larger concern throughout the U.S. business community, according to the 2015 Business Risk Survey conducted by insurance broker The Graham Company.

The firm polled 300 senior U.S. business professionals and found that cyber security retained the highest proportion of “business risk” with 21% of respondents naming it as the number one threat they were most concerned about.

The survey also found nearly half of respondents felt a “significant level” of cyber risk from the following scenarios:

• A hacking incident leading to theft of customer information
• Inability to use the organization’s network
• Theft of employees’ private information
• Theft of intellectual property
• Inability to access the organization’s website

“In the modern-day business environment where everything is interconnected, the potential threats facing a business are immense,” noted Ken Ewell, president and COO of The Graham Company. “This complexity of risks has caused many business leaders to become overwhelmed and unknowingly expose their businesses to risks that threaten their bottom line.”

That’s one reason why Spirent’s Buesnel believes IT security on the “back-end” of a motor carrier’s network “is vital, as all it takes is someone doing the wrong thing once” and malware gets installed within the carrier’s computer system.

“At that point a hacker now has complete access to your network, including delivery schedules, credit card payments, customer lists, etc.,” Buesnel warned. “All of this data can be taken very easily if the back-end IT network supporting the fleet is not secure.”

It’s also wise policy not to put too much trust in off-the-shelf “firewalls” designed to protect IT networks from hacking, he emphasized.

“Companies will often buy a firewall but they don’t always take time to think, ‘What does it actually mean that I bought a firewall?’” Buesnel pointed out.

“Is it configured properly? Did I buy the right licensing for it? Is it actually going to provide the protection I’m looking for? That goes for anti-virus too,” he added. “In Spirent’s testing, we’ve seen well-known products that are only 44% effective at blocking attacks. Just because you buy a firewall doesn’t mean you’re automatically secure.”

(There are many Apps which make GPS spoofing easy.)

How to Deal with GPS Jamming and Spoofing

CRFS

From ship navigation to financial transactions, we’re increasingly reliant on GPS (or other GNSS systems, such as Galileo, GLONASS or BDS BeiDou). Jamming and spoofing can therefore cause significant disruption and represent a public safety threat. Fortunately, spectrum monitoring allows detection and location of jammers and the possibility to pre-empt attacks with anti-jamming and anti-spoofing technologies.

GPS Jamming

Can GPS be jammed? Yes, and without much difficulty. GPS jamming is a relatively uncomplicated technique that simply involves producing an RF signal strong enough to drown out the transmissions from GPS satellites. The subject of a GPS jamming attack will be instantly aware that something is wrong, as the system will be unable to produce a geolocation result. GPS jamming can be carried out either unintentionally or deliberately, and its prevalence is increasing – during an L1 and L2 GPS band monitoring campaign over just a few weeks in London, we detected significant jamming activity. This ranged from crude unmodulated sources of interference poorly centered on the L1 or L2 band to synthesized sources suggesting deliberate targeting.

A common use of jammers in London is taxi and HGV drivers evading rules on maximum driving hours or trying to stop employers from tracking them. In other parts of the world, GPS jamming has been used for more sinister purposes. South Korea was subject to a major campaign of GPS jamming from North Korea in 2016, affecting ship and aircraft navigation. And with the advent of 5G systems moving into the frequencies used by GPS, interference is likely to become more and more widespread.

Whatever the target of a GPS jammer, the devices do not discriminate, so there is usually additional collateral damage. Air Traffic Control (ATC), search and rescue operations, the electric grid and mobile phone services are all vulnerable to GPS jamming fallout. The London Stock Exchange has been subject to repeated GPS outages, affecting timestamping of financial transactions. In 2007, a navy exercise on loss of GPS communications in San Diego harbor meant that residents of the city were unable to withdraw cash from ATMs and doctors’ emergency pagers stopped working – it took 3 days to identify the ships as the cause. As jamming activity from civilian users becomes more prevalent, we risk similar disruptions as well as more fatal incidents such as aircraft colliding over populated areas.

Spectrum monitoring, as implemented in our London campaign, enables GPS jammers to be detected and located by mobile direction finding systems. Analysis of frequency spectra to determine duration of interference and signal type can also be used as an indication of whether the interference is accidental or deliberate. Those involved in unintentional jamming can then be warned and malicious attackers can be prosecuted. This results in quick resolution of disruption and danger caused by GPS jamming and acts as a preventative deterrent.

CRFS’s RFeye receivers have exceptional noise performance allowing detection and location over larger areas. Automation features minimize human intervention and allow triggering of alarms on detection of jamming activity. Our GPS holdover module also ensures accurate timing synchronization between receivers even if jamming activity (or poor reception) means GPS signal is lost. High-performance receiver boards can also be integrated into 3rd party anti-jamming and anti-spoofing systems for critical applications requiring a proactive approach. Anti-jamming and anti-spoofing systems can distinguish true GPS signals from jammers and spoofers, enabling GPS location and timing services to continue even while under attack.

CRFS recommends that law enforcement implement a wider strategy of spectrum monitoring to combat the rise in GPS jamming activity. Any organization highly dependent on GPS services, whether a stock exchange or Air Traffic Control, is also advised to operate a dedicated counter-jamming system to ensure continuous protection of critical infrastructure.

GPS Spoofing

GPS spoofing is a more insidious form of attack, which involves deliberately mimicking the form of transmissions from GPS satellites, tricking the receiver into believing that it has been sent information as expected. GPS spoofing in its simplest form (sometimes called denial-of-service spoofing) involves location information being sent to the GPS receiver which is clearly false (it might, for instance, tell a ship out at sea that it is currently located on land). It is immediately clear to the user that they are being spoofed, but it nonetheless stops them using their GPS system for its intended purpose. In these circumstances, spoofing basically functions as a more targeted form of jamming, that only affects GPS systems, rather than flooding the entire RF environment with noise.

An even more subtle and complex form of GPS spoofing, deception spoofing, involves hijacking GPS systems by initially sending them correct location information (so the spoofing is not immediately obvious), and then very slowly changing the information being sent so as to, for instance, drag vessels off course into hostile waters, or disable a vessel on a sand bank.

So how does it work? GPS satellites send out a pseudo-random code, and receivers on the ground can tell from this code what time the signal was sent from each satellite. This allows them to determine how long the signal takes to reach them, and therefore how far from each satellite they are. The obvious way to determine if spoofing is taking place is to work out where the received signals are coming from. If it turns out to be sent from near to the receiver, rather than high in the atmosphere, we can be fairly certain the receiver is being spoofed. This is where CRFS’s systems come in. Using a network of at least four RFeye Nodes, a time difference of arrival (TDOA) calculation can be performed to find out where it originated. Not only does this allow the spoofing to be detected, but knowing the location of the spoofers can allow measures to be taken to shut it down at source.

FMCSA Targets Falsified ELD Records in New Approach

Crash Spurs Investigation of Tactics Designed to Circumvent HOS Rules

Eric Miller

Faced with evolving tactics to bypass hours-of-service rules, the Federal Motor Carrier Safety Administration is taking steps to combat electronic logging device fraud. The agency is launching a multipronged approach to address what it describes as a “moving target.”

In particular, the agency cited National Transportation Safety Board concerns with so-called ghost drivers as well as drivers utilizing multiple ELD accounts, and it is exploring various technological requirements to target those specific issues. It also is monitoring ELD performance data, training enforcement personnel to identify and act against fraud, removing noncompliant ELD providers from the market, and updating its ELD rules.

“FMCSA is committed to staying diligent with its fraud prevention efforts,” an agency spokeswoman said in a statement. “FMCSA continues to explore other methods to decrease ELD fraud in both the short and long term.”

A fatal December 2022 crash in Virginia put a spotlight on ELD fraud after a tractor-trailer driver for Illinois-based Triton Logistics was able to — with apparent participation from the carrier — falsify his ELD records to extend his driving time beyond the 11-hour regulatory maximum limit. The truck he was driving during early morning hours along Interstate 64 near Williamsburg, Va., came upon and crashed into a party bus after he failed to take evasive action or brake in time, according to the NTSB investigation. NTSB cited fatigue as a factor in the crash.

“We found that the truck driver’s lack of response to the slow-moving vehicle in his travel lane was due to fatigue from excess driving time and lack of sleep opportunity,” said the NTSB report, recently made public. “The truck’s motor carrier, Triton Logistics, created fictitious driver accounts for some of its vehicles’ electronic logging device systems that enabled drivers to operate beyond federal regulations, creating an opportunity for fatigued driving.”

Three occupants in the party bus died, nine sustained serious injuries, and 11 sustained minor injuries. The truck driver also was seriously injured.

Triton did not return a message left by Transport Topics seeking comment. However, NTSB said the company’s CEO denied knowledge of the fictitious logins and said it conducted internal checks to determine how the incident happened.

The driver detailed the scheme for NTSB investigators. He said whenever he reached his 11-hour limit, he could call the carrier’s HOS department — based in Lithuania — and add the name of a fictitious or former co-driver to the ELD, opening up another 11-hour driving window. If asked by a roadside inspector about the double login, the driver would tell the inspector that he dropped off his co-driver at a truck stop for a family emergency. The driver noted that other drivers used the login scheme to extend time behind the wheel.

After the 2022 crash, FMCSA conducted an on-site review of Triton and issued violations related to drivers making false reports regarding duty status as well as requiring or permitting drivers to extend driving time beyond 11 hours. After the review, FMCSA assigned Triton a conditional safety rating.

With an eye toward remedial action, NTSB concluded that a data-entry tracking history in ELD software could increase accountability and transparency and also deter motor carrier personnel from making false entries aimed at circumventing HOS regulations. Investigators recommended that FMCSA revise its requirements to require ELD providers to create an audit log that includes the date, driver login time and identity of who logged them in, driver’s license numbers, the names of anyone who edits a log, and any changes to active driver lists. NTSB also recommended that the Commercial Vehicle Safety Alliance inform its members about the scheme and circumstances surrounding the Williamsburg crash.

Senior NTSB investigator Shawn Currie told Transport Topics if the driver’s name was John, he’d be logged in as Frank and then operate with a new 11-hour HOS time limit. “The hours of service, whether you agree with them or not, are there to prevent drivers from driving in excess of the rules, and to ensure they have the appropriate time off,” Currie said. He noted that the circumstance of the Williamsburg case could result in FMCSA fines and possibly criminal penalties if the state elected to bring charges.

Jeremy Disbrow, a Commercial Vehicle Safety Alliance roadside inspection specialist, said inspectors encounter false ELD log entries “all day, every day. Of course, many of the false entries can’t be proven, or they go unnoticed.”

He said the issue is known to CVSA inspectors. “We just discussed all this in a conference after the NTSB report came out,” Disbrow said. “It was pretty clear from the inspectors around the country that this isn’t an isolated incident by any means. The average inspector is seeing this every shift, at least once or twice. There’s a number of ways that they’re falsifying [logs].”

This can include simply using tools available on some devices, he said.

“Drivers can make edits,” Disbrow noted. “If a driver makes an edit on the device himself, it will show up as an edit, and a suspicious inspector can see that. But if a carrier in their back office makes the edit, there are instances where it’s been done but doesn’t show up as an edit.”

Disbrow noted it’s risky to publicly discuss the varying methods. “It’s hard to talk about it because I don’t want to give people ideas,” he said. “I don’t want the industry to say, ‘Hey we can try that.’ As the years are going by, people are finding new workarounds. It’s a cat and mouse game.”

He added, “The hours-of-service rules are there to protect everybody. Thwarting them and running an extra five, six, seven hours without adequate rest is absolutely a recipe for fatigue.”