Tracking Mobile Phone From Personal Laptop
What You Will Learn
- How Android location permissions work
- How to build a simple Android app that reports its GPS location
- How to receive that location on a laptop over a network
- Why understanding this is important for mobile security assessments
What Is It?
This is a hands-on project: build a simple Android application that tracks GPS location and sends coordinates to a laptop on the same network. This simulates what spyware and stalkerware do — understanding how it works helps you identify and protect against it.
Why It Matters
Mobile tracking is used in parental controls, fleet management, and — maliciously — in stalkerware. As a security professional, you need to understand:
- What permissions a malicious app would request
- How location data is transmitted
- How to detect such apps on a device
Key Concepts
Android Permissions
Android requires apps to explicitly declare the permissions they need in AndroidManifest.xml. Location is a dangerous permission — the user must grant it at runtime.
Hands-On
Building the Android Application
Required Permissions
Permission to get the user’s precise GPS location:
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
Permission to access the user’s location while the app is running in the background:
<uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" />
To enable persistence — start the app after device reboot:
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
Permission to access the internet (needed to send location data to your laptop):
<uses-permission android:name="android.permission.INTERNET" />
Storing Server Configuration (Shared Preferences)
One of the ways Android allows you to save app data is through Shared Preferences — a key-value pair storage that is usually used to store user-specified configuration details such as settings. In our case, we store the IP and port supplied by the user so that upon restart they won’t have to input them again.
SharedPreferences prefs = getSharedPreferences("config", MODE_PRIVATE);
SharedPreferences.Editor editor = prefs.edit();
editor.putString("server_ip", ipAddress);
editor.putInt("server_port", port);
editor.apply();
Reading Location Using FusedLocationProviderClient
FusedLocationProviderClient fusedClient =
LocationServices.getFusedLocationProviderClient(this);
fusedClient.getLastLocation().addOnSuccessListener(location -> {
if (location != null) {
double lat = location.getLatitude();
double lon = location.getLongitude();
sendToServer(lat, lon);
}
});
Receiving on Laptop (Python)
On your laptop, run a simple TCP listener to receive coordinates:
import socket
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.bind(("0.0.0.0", 9999))
server.listen(1)
print("[*] Listening for connections...")
conn, addr = server.accept()
print(f"[*] Connection from {addr}")
while True:
data = conn.recv(1024)
if not data:
break
print(f"[Location] {data.decode()}")
conn.close()
Security Implications
Real-world stalkerware often:
- Hides its icon after installation
- Requests
RECEIVE_BOOT_COMPLETEDto survive reboots - Uses background services to continuously report location
- Requests
ACCESS_BACKGROUND_LOCATIONto track even when the screen is off
How to Detect Tracking Apps on Android
- Go to Settings → Apps and look for apps without icons or names.
- Check Settings → Privacy → Permission Manager → Location to see which apps have location access.
- Review Settings → Battery → Battery Usage — background tracking apps consume unusual battery.