How Geolocation Verification Systems Work

[Cloned Boy]

An educational analysis of technologies used in Geocomply, banking systems and other anti-fraud solutions.

1. Main components of geoverification​

Modern location verification systems use multi-layered data analysis to distinguish a real user from a fraudster.

1.1. Signal triangulation​

Method	Accuracy	How is it checked?	Vulnerabilities
GPS	5–100 m	Coordinates from the device	Spoofing via Fake GPS (Android)
Wi-Fi	50–500 m	MAC addresses of nearby routers	Wi-Fi BSSID spoofing
Cell towers	100–3000 m	Tower ID (MCC/MNC/LAC)	Imitation via GSM modules
IP geolocation	City/Country	IP to database matching (MaxMind, DB-IP)	VPN/proxy

Code example (legal Wi-Fi BSSID request):

# For Android (requires permissions)
from android.net.wifi import WifiManager
wifi = context.getSystemService(WIFI_SERVICE)
scan_results = wifi.getScanResults()
for network in scan_results:
print(network.BSSID, network.level) # MAC address and signal strength

2. Consistency checking algorithms​

The systems compare data from different sources to identify inconsistencies:

2.1. Checkpoints​

• Distance between GPS and IP location:
  • If GPS shows Moscow, and IP - Berlin → risk flag.
• Travel speed:
  • Entering from New York and then 5 minutes later from London → physically impossible.

Formula for calculating the maximum permissible speed:

Allowable distance = Time × Max. speed (usually 900 km/h for airplanes)

2.2. Analysis of digital artifacts​

• Device time zone vs IP time zone.
• System language vs IP country.

3. Spoofing detection​

3.1. Fake GPS Detection​

• Signs:
  • No Wi-Fi/cell tower data.
  • Root/Jailbreak on the device.
  • Using apps like Fake GPS Location.

How systems are protected:

• Android API: Location.isFromMockProvider().
• iOS: Application Signature Verification.

3.2. VPN/proxy detection​

• Methods:
  • IP blacklists (Whois → Hosting/Data Center).
  • TTL analysis (for VPN packets TTL may differ).
  • Checking DNS leaks.

Example of a legal TTL check:

ping example.com # TTL=53 (normal) vs TTL=117 (VPN)

4. Additional protection mechanisms​

4.1. Behavioural Analysis​

• Mouse/Touchscreen: Bots move the cursor linearly.
• Keyboard: Typing speed, error rate.

4.2. Hardware signatures​

• TPM chips: Verifying device authenticity.
• MAC addresses: Randomization is detected.

5. Legal methods of testing​

For research you can:

1. Analyze open APIs:
   • Google Maps Geocoding API.
   • IP2Location.
2. Emulate devices:
   • Android Studio (virtual GPS coordinates).
   • Selenium with modified User-Agent.
3. Participate in Bug Bounty:
   • PayPal, Visa programs.

Important: All tests must be performed with the permission of the system owner.

6. Example of legal code for checking geodata​

import requests
from geopy.distance import geodesic

def verify_geolocation(ip, gps_coords):
# Get geo by IP
ip_response = requests.get(f"http://ip-api.com/json/{ip}").json()
ip_location = (ip_response['lat'], ip_response['lon'])

# Compare with GPS
distance = geodesic(ip_location, gps_coords).km
return distance < 50 # Acceptable discrepancy (km)

print(verify_geolocation("8.8.8.8", (37.422, -122.084))) # False: Google IP vs California

Conclusion​

Geolocation verification systems use:
Multilayer data (GPS, Wi-Fi, IP).
Consistency of readings (time, language, speed).
Anti-spoofing (root/jailbreak analysis, TTL).

For in-depth study:

• RFC 6225 (Geolocation in IP Networks).
• Google Location API documentation.
• Ethical Hacking Courses (OSCP).

Want to understand a specific algorithm (for example, how the distance between GPS and towers is calculated)? Or are you interested in methods of protection against false positives?