Im having difficulties finding any solutions to this problem.
I have a rest api, an android client and will eventually have an ios client.
I want to capture gps coordinates of my mobile client for certain cases when the user has given permission and then send the coordinates within the body of an HTTP POST request to my api.
If my api were to be used by another developer, I really don't want them to be able enter fake gps coordinates in the request. I can't think of a way that I could prove that the coordinates sent are the actually readings that the phone provided, and not just some fake input.
Certain features of my service require these coordinates to be genuine.
The only solution i could think of (and I don't consider it a good option) is that another developer is ever found to have been faking the coordinates then I would delete their account. Terrible solution.
Is there any pre-existing solution to this problem? Any ideas at all would be really appreciated,
I'm not sure there is an answer. I've had clients running my driver app with Wifi in their car, and the GPS fix came from the Wifi instead of satellites - unfortunately, that always returned the factory in Ontario, Canada.
Are you sure you want to open your server API to others? It sounds like you don't necessarily trust others to provide valid data (which is entirely understandable).
HTH, Jim