iOS private API to track location in background after the app is killed (like Find My Friends)

Question

I'm trying to spoof the location update in Find My Friends with Theos.

What I have so far:

When the app is in foreground, I was able to spoof the update message(using Theos/Logos to hook FMFLocation class).

What is missing:

When the app is in background or killed, it still sends my location to the server when my friend requests my location. This background update does NOT invoke the regular update method, so my hook does not work. Moreover, it can respond to location request from the network even if the app is killed. I don't think Apple allows this behavior in regular apps.

I think this can only be done with some private API. Could anyone point me in the right direction to find out what API/method it is using in background?

Answer 1

You might want to check the -startMonitoringSignificantLocationChanges method in CLLocationMananger (docs).

As the docs state:

This method initiates the delivery of location events asynchronously, returning shortly after you call it. Location events are delivered to your delegate’s locationManager:didUpdateLocations: method. The first event to be delivered is usually the most recently cached location event (if any) but may be a newer event in some circumstances. Obtaining a current location fix may take several additional seconds, so be sure to check the timestamps on the location events in your delegate method.

After returning a current location fix, the receiver generates update events only when a significant change in the user’s location is detected. For example, it might generate a new event when the device becomes associated with a different cell tower. It does not rely on the value in the distanceFilter property to generate events. Calling this method several times in succession does not automatically result in new events being generated. Calling stopMonitoringSignificantLocationChanges in between, however, does cause a new initial event to be sent the next time you call this method.

If you start this service and your application is subsequently terminated, the system automatically relaunches the application into the background if a new event arrives. In such a case, the options dictionary passed to the locationManager:didUpdateLocations: method of your application delegate contains the key UIApplicationLaunchOptionsLocationKey to indicate that your application was launched because of a location event. Upon relaunch, you must still configure a location manager object and call this method to continue receiving location events. When you restart location services, the current event is delivered to your delegate immediately. In addition, the location property of your location manager object is populated with the most recent location object even before you start location services.

In addition to your delegate object implementing the locationManager:didUpdateLocations: method, it should also implement the locationManager:didFailWithError: method to respond to potential errors.

So basically you need to:

• Set the location key as a background mode in your Info.plist file
• Start a CLLocationMananger
• Call startMonitoringSignificantLocationChanges
• On your AppDelegate, you'll receive a location in the info dictionary, keyed with UIApplicationLaunchOptionsLocationKey when the users moves about 500 meters.
• On that method, you can update the location on the server.