Looks to me like the timestamp that comes with Geolocation just represents what time the device thought it was when that location was recorded - I don’t think it’s any sort of magical timestamper-in-the-sky.
No. An important rule of mobile app security is that anything you don’t trust the user with must be done outside of the app (generally on a network-connected server that you do control). If the user controls the execution environment (which they do in mobile deployment situations), your app can’t rely on anything from that environment. Time is only part of your problem - users can spoof GPS location information as well.