CLLocation.sourceInformation.isSimulatedBySoftware not detecting third-party location spoofing tools

Summary

CLLocationSourceInformation.isSimulatedBySoftware (iOS 15+) fails to detect location spoofing when using third-party tools like LocaChange, despite Apple's documentation stating it should detect simulated locations.

Environment

  • iOS 18.0 (tested and confirmed)
  • Physical device with Developer Mode enabled
  • Third-party location spoofing tools (e.g., LocaChange etc.)

Expected Behavior

According to Apple's documentation, isSimulatedBySoftware should return true when:

"if the system generated the location using on-device software simulation. "

Actual Behavior

Tested on iOS 18.0: When using LocaChange

  • sourceInformation.isSimulatedBySoftware returns false

This occurs even though the location is clearly being simulated.

Steps to Reproduce

  1. Enable Developer Mode on iOS 18 device
  2. Connect device to Mac via USB
  3. Use LocaChange to spoof location to a different city/country
  4. In your app, request location updates and check CLLocation.sourceInformation?.isSimulatedBySoftware
  5. Observe that it returns false or sourceInformation is nil
  6. Compare with direct Xcode location simulation (Debug → Simulate Location) which correctly returns true

Thank you for sharing the post. The flag you mentioned is set by Core Location when you are using Core Location’s simulation. The API states:

“Core Location sets isSimulatedBySoftware to true if the 
system generated the location using on-device software 
simulation. You can simulate locations by loading GPX files
 using the Xcode debugger. “

You are utilizing a third-party tool that is not integrated into the core location framework. Consequently, the flag will only be set as per the reference provided by Core Location. For further information, please refer to the following link: https://developer.apple.com/documentation/corelocation/cllocationsourceinformation/issimulatedbysoftware

Any third-party tool can be utilized as an external location provider, but it will not have access to set that API flag. Only when simulating with Core Location will the flag be set to true using the Xcode debugger and loading in Xcode a GPX file.

Hope this helps. Thanks,

Albert Pascual
  Worldwide Developer Relations.

Hi Albert,

Thank you for the clarification.

I have a few follow-up questions:

  1. Developer Mode Detection: Is there an official API to detect if Developer Mode is enabled on iOS 16+? We've found that third-party location spoofing tools (like LocaChange) require Developer Mode to be enabled. For location-dependent apps that need to assess spoofing risk, detecting this state would be valuable. What's the recommended approach?

  2. External Location Providers: You mentioned third-party tools are "external location providers." Does this mean they use a different mechanism than CLLocationManager? Is there any way to distinguish between genuine GPS and external providers programmatically?

  3. Security Best Practices: For apps requiring location authenticity (fraud prevention, geofencing, etc.), what is Apple's recommended approach to detect location spoofing via third-party tools? Are there any APIs, private frameworks, or best practices you can suggest?

  4. Feature Request: Would Apple consider adding APIs like:

    • isDeveloperModeEnabled (iOS 16+)
    • isLocationFromExternalProvider
    • Expanding CLLocationSourceInformation with more metadata

Thanks,

Sree Charan

CLLocation.sourceInformation.isSimulatedBySoftware not detecting third-party location spoofing tools
 
 
Q