Detecting App Cloning & Location Spoofing on Android
Article Summary
Swiggy discovered 8% of their delivery drivers were running cloned apps and spoofing GPS locations. This was breaking their live order tracking system and creating chaos for customers.
The Swiggy engineering team built a fraud detection system to combat app cloning and location spoofing on their Android delivery app. They needed to protect live tracking without disrupting legitimate drivers mid-delivery.
Key Takeaways
- 8% of drivers had cloned apps installed, detected across 23 different cloning tools
- Built multi-layered checks: package integrity, installation paths, and virtual machine detection
- Forced app updates via Firebase with authentication fallback for stubborn cloners
- Allowed spoofing mid-delivery to avoid customer impact, blocked new orders instead
- Massive reduction in fraudulent activity after implementing blocking banners
Swiggy's layered detection approach (combining app integrity checks with smart enforcement timing) dramatically reduced delivery fraud while keeping legitimate orders flowing.
About This Article
Swiggy's driver app was hit with a sophisticated fraud scheme. Attackers cloned the app and spoofed GPS locations, disabling native modules like Firebase to make their fake locations look real. Standard detection methods couldn't catch it.
Mehar Kaila's team built clone detection directly into the app binary and turned it on by default. They added fallback authentication header checks to enforce version requirements. For GPS spoofing, they used confidence scoring to block only the riskiest cases, while allowing some mid-delivery spoofing but restricting which orders could be completed.
Fraudulent activity dropped noticeably after the system rolled out. The blocking banner and order prevention mechanisms discouraged delivery partners from attempting GPS spoofing once the changes went live across the driver app.