Detecting App Cloning & Location Spoofing on Android
Article Summary
Swiggy discovered 8% of their delivery drivers were running cloned apps and spoofing GPS locations. This was breaking their live order tracking system and creating chaos for customers.
The Swiggy engineering team built a fraud detection system to combat app cloning and location spoofing on their Android delivery app. They needed to protect live tracking without disrupting legitimate drivers mid-delivery.
Key Takeaways
- 8% of drivers had cloned apps installed, detected across 23 different cloning tools
- Built multi-layered checks: package integrity, installation paths, and virtual machine detection
- Forced app updates via Firebase with authentication fallback for stubborn cloners
- Allowed spoofing mid-delivery to avoid customer impact, blocked new orders instead
- Massive reduction in fraudulent activity after implementing blocking banners
Critical Insight
Swiggy's layered detection approach (combining app integrity checks with smart enforcement timing) dramatically reduced delivery fraud while keeping legitimate orders flowing.
