EDIT May 19th 2015:
I removed the guide from this article.
My point was to show how easy any one can spoof in this game and ask Niantic for changes.
This article got, until now, more than 150k hits.
Niantic never answered nothing, no one contacted me, this method still works and after more than one year, they just added some ridiculous protections in the backend.
So i realized that my aim was useless and today i’m removing this guide.
If you love this game, as i do, please stop spoofing.
A strange game. The only winning move is not to play. How about a nice game of chess?
Sorry Niantic, i cheated.
Spoofing location in Ingress is really really easy.
Since i started to play this game, i always played cleanly, but recently i started to see many episodes of GPS spoofing around me.
It is extremely bad when a player drives for kilometers and kilometers for a field just to see it destroyed by a cheater after few minutes.
So i decided to start an experiment to discover how easy is to cheat and to test the protection mechanisms implemented by your servers.
I discovered that one can cheat very easily and without any needs of technical knowledge.
So let’s see how to cheat in Ingress:
[ GUIDE REMOVED ]
I think that Ingress is a real revolution, a brand new, brilliant idea that linked the real world to the virtual one.
Ingress started new kinds of social phenomena, making nerds leaving the houses and goes in the streets, talking each others and collaborating for the team.
Ingress created a lot of new relationship and real friendships, even between “enemies”.
What i like most of this game is that it forces you to meet to really enjoy.
This is great.
But then comes the bad aspects..
I really love computer science, and i know well that this kind of software require to trust the clients.
There is no escape: it’s the player that communicates it’s own location, the server can only trust him or not.
But there is much that the server can do to understand if it can trust the user position or not.
It is something that every programmer can do, and certainly Google has the resources to make it.
You could prevent the creation of second accounts by verifying new users and devices with an SMS. This simple shrewdness could have prevented me from cheating and publishing this post.
You could check the accelerometer and the compass to see if them are static or they are moving.
You could check the IP of the client and restrict his playground not in his own city, but at least his region or country.
You could check if the GSM cell matches the provided GPS position.
You could check if the WIFI networks matches the provided position.
You could try to associate user’s speed with his transport.
You could check if the user is moving in a line, through walls and buildings or he is following the shape of the streets.
These are just some suggestions that came to my mind in a few minutes. They won’t make impossible to still fake the location, but surely it would be more difficult.
One thing that surely don’t prevent cheating, is security through obscurity.
I can’t believe that in 2014 someone still believes that this bad practice can really help to make a system more secure.
Open the source of the game, publish it with a Free Software license. Build a public API to access game data, trough well controlled API keys.
The game will be better, like IITC is really really better than the standard INTEL.
The purpose of this post is to ask you, Niantic, to do more against cheaters. Every one knows that something more can be done and every one knows that Google has the power to do it.
So, please, do it.