Mocking GPS on Android with the Official Test Provider API
Many Western developers assume location spoofing requires root or Xposed, but Android's official Test Provider API—when correctly applied to both GPS and network providers—handles a wide range of legitimate testing and preview scenarios without breaking the security model.
GPSSimulate injects fake coordinates into both the GPS and network location providers through Android's Test Provider API, paired with a foreground service that ticks every second to keep apps fed with updates. A map interface built on OSMDroid and OpenStreetMap lets users drag a center pin to pick a target, save preset cities, and start simulation with one tap.
The project grew out of a practical need: rental and battery-swap apps show different pricing and inventory by city, and existing spoofing tools were ad-heavy or unstable on Xiaomi hardware. The core insight is that mocking only GPS_PROVIDER fails against apps using fused or network location, so the fix pushes identical coordinates to both providers simultaneously.
Real-world limits remain. Banking, payment, and ride-hailing apps commonly call isFromMockProvider() and reject spoofed locations outright, while simpler weather or information apps accept them. The tool's value lies in understanding Android's location stack and building a stable, ad-free utility on official APIs.
Android's mock location API is surprisingly capable for a feature many developers dismiss as a debug-only toy—when you treat it as a continuous injection system rather than a one-shot override, it works against a broad set of real apps.
The gap between GPS-only mocking and dual-provider injection explains why so many off-the-shelf spoofing apps fail: they neglect network location, which fused providers silently consume.
Building the tool on official APIs rather than root-level hooks means it stays working across Android versions and doesn't trigger SafetyNet or Play Integrity on its own, though target apps may still reject it.
The project's origin—wanting to preview city-gated pricing in a rental app—reflects a broader pattern: location-based content restrictions create user demand for spoofing that platform APIs already enable.
OSMDroid remains a pragmatic choice for map UIs that don't need Google Play Services, but the overseas tile server latency is a real friction point for users inside China.