Hi everyone, we’re planning to use geofencing in Hexnode so that certain internal apps only work when devices are inside the office.
One concern from our security team is that users could spoof their GPS location or disable location services and bypass the restriction.
Has anyone implemented this before? How do you make sure the geofence rule isn’t easily bypassed?
13 Views
We ran into the same question when we started using geofencing for one of our internal dashboards.
One thing we did early on was enforce location services through device restrictions. If users can turn location off, the geofence rule becomes unreliable.
In our case we pushed a policy that prevents users from disabling location services on managed devices. That at least ensures the device keeps reporting its location.
Another thing to watch for, especially on Android devices, is mock location apps.
Before we locked this down, someone on our test devices installed a GPS spoofing app and it completely broke our geofence testing.
What worked for us was:
blocking known mock location apps
restricting developer options where possible
After that, the device location became much harder to fake.
We also noticed that GPS alone isn’t always reliable inside large buildings. Some of our devices occasionally showed as outside the fence even when users were in the office.
To make it more reliable we added a second check: the device must also be connected to the corporate Wi-Fi network.
That combination worked much better for us.
Great suggestions here already — these are exactly the types of controls most organizations combine when using geofencing.
To summarize the common approach:
• Enforce location services through device restrictions so the device continues reporting its location.
• On Android devices, restrict mock location apps and developer options to reduce the chance of GPS spoofing.
• In environments where GPS accuracy fluctuates (large buildings, dense areas), many admins also use network signals like corporate Wi-Fi as an additional validation point.
Another thing worth mentioning is how location data is handled. Some organizations prefer not to continuously track device movement. In those cases, geofencing can simply evaluate whether the device is inside or outside a defined fence without storing detailed location history.
If you run into unexpected behavior during deployment, a few quick checks usually help:
verify the device clock is synchronized
confirm the Hexnode agent has location permissions
slightly increase the geofence radius if GPS drift occurs indoors
If you’re planning a geofencing rollout, feel free to share your device platforms or deployment model. Different setups sometimes need slightly different configurations.
Don't have an account? Sign up
