Ionic 4 How to prevent time cheat with gps timestamp

Hi Everyone. I have an app that needs to track not only the location of an user but also the time for doing certain action. The problem I’m having is that if I change the time of the phone then the app shows that time instead of the real one.

I’m trying to avoid the user to cheat in this way and obtain the real time based on its location, so for this I’ve read that I can obtain the timestamp when getting the location over the Geolocation plugin besides the position.

What I see is that if I change the device time, then when pulling the location of the user the timestamp received matches the one from the device and not from the user’s location - which doesn’t seem right.

This is happening on Android at the moment, will check it on ios and update this post based on my findings if this also happens there.

Is this a bug or its the actual way this works? Is there a possibility to avoid the user to cheat by changing the time of its device? Thanks a lot!

Looks to me like the timestamp that comes with Geolocation just represents what time the device thought it was when that location was recorded - I don’t think it’s any sort of magical timestamper-in-the-sky.

No. An important rule of mobile app security is that anything you don’t trust the user with must be done outside of the app (generally on a network-connected server that you do control). If the user controls the execution environment (which they do in mobile deployment situations), your app can’t rely on anything from that environment. Time is only part of your problem - users can spoof GPS location information as well.

Thanks for your response! This seems completely logic. What I’m trying now is to use Google’s TimeZone API, pulling a timestamp for the user’s location and then parse it to check if there are differences. Still need to check it out more deeply but so far seems like a solution. Although is not ‘free’ the pricing seems really low so it’s a viable and trusted option imho