On 5/25/2021 2:00 PM, Cameo wrote:

<snip>

> I am using ExpressVPN as well, and so far it's been pretty good at
> countering every instance where a VPN end-point was discovered by HULU.
> The customer support guys would just suggest some other location that
> was not yet on HULU-s black list. I'm afraid the VPN guys would
> eventually run out of those locations though. Fortunately using Windows
> laptops with ExpressVPN are not as wulnerable to these HULU disscoveries
> (no GPS there, I guess,) so I can use it as a fall-back method.

Exactly. I guess that's one advantage to using a device without a GPS!
guess a Wi-Fi only iPad connected to a network instead of a hotspot
would also work. But most Android tablets, even Wi-Fi only, include a GPS.

VanguardLH wrote on 25.05.2021 23:36

> Ooh, I don't if I'd yet trust Hola.

Funny you mention that 'cuz when I looked just now the GP link is gone!
https://play.google.com/store/apps/details?id=org.hola.gpslocation

Huh?
The download off of Google Play (via Aurora) worked today?

I can't believe we picked the very day that the app was removed though.
But I clearly downloaded it today and it just as clearly isn't there now.

Strange..........

> They were known for stealing
> bandwidth from their free version users to give to their paying
> customers. Free users became part of their botnet for use with the paid
> Luminati service (owned by Hola). Being part of their botnet meant you
> didn't know what traffic was going through your host, like kiddie porn
> for which you are legally liable for use as a pipe for distribution. At
> first, they made no announcement of that behavior, and only after
> getting exposed did they update their TOS to explain it.
>
> https://www.pcworld.com/article/2928340/ultra-popular-hola-vpn-extension-sold-your-bandwidth-for-use-in-a-botnet-attack.html

This is an app (org.hola.gpslocation) which at first I thought may or may
not have anything to do with the Chrome extension "Hola Better Internet."

But then I checked and it is from the same organization (https://hola.org).
So thanks for that warning. I'll delete the app (there were plenty others).

> Yeah, 6 years ago, but I'd research if they've amended their ways since
> then.
>
> https://www.lifehack.org/articles/technology/alert-hola-vpn-putting-you-danger.html
> https://dataprot.net/reviews/vpns/hola-vpn-review/
>
> Dated 6 and 3 months ago, so Hola is still using freeloaders as a P2P
> network for their paid customers to steal your bandwith, and transmit
> what they want through your host.

Sounds like a sketchy outfit these Hola folks.
Thanks for warning me (together we can improve our knowledge exponentially).

I don't know what they could be doing sketchy with the GPS spoofer though.
But there are other free ad free GPS spoofers on Google play to test out.

Besides, the hola app I downloaded today seems to be completely gone anyway!
But there are others, for example Aurora tells me these are free & ad free.

Fake GPS Location 2021 (target SDK 30)
https://play.google.com/store/apps/details?id=com.hopefactory2021.fakegpslocation

Mocklation (target SDK 30)
https://play.google.com/store/apps/details?id=de.p72b.mocklation

Fake GPS Location (target SDK 29)
https://play.google.com/store/apps/details?id=com.redskymedia.fakegps

Fake GPS: Phone Location Changer with Joystick (target SDK 29)
https://play.google.com/store/apps/details?id=find.my.friends.family.gps.location.tracker

Mock Loc (target SDK 29)
https://play.google.com/store/apps/details?id=com.mocker.mockloc

Location Mocker (target SDK 28)
https://play.google.com/store/apps/details?id=com.brianbhuang.fakelocation

Mockation (target SDK 24)
https://play.google.com/store/apps/details?id=com.blackkara.mockation

Fake GPS Controller (target SDK 22)
https://play.google.com/store/apps/details?id=com.delvedapps.fakegpscontroller

Fake GPS location (target SDK 21)
https://play.google.com/store/apps/details?id=com.lexa.fakegps

I've downloaded all of those above and installed them.
It may take a while to test but I appreciate Vanguard warned me about Hola.

On 5/26/2021 4:57 AM, paul wrote:
> VanguardLH wrote on 25.05.2021 23:36
>
>> Ooh, I don't if I'd yet trust Hola.
>
> Funny you mention that 'cuz when I looked just now the GP link is gone!
> https://play.google.com/store/apps/details?id=org.hola.gpslocation
>
> Huh?
> The download off of Google Play (via Aurora) worked today?
>
> I can't believe we picked the very day that the app was removed though.
> But I clearly downloaded it today and it just as clearly isn't there now.
>
> Strange..........
>
>> They were known for stealing
>> bandwidth from their free version users to give to their paying
>> customers. Free users became part of their botnet for use with the paid
>> Luminati service (owned by Hola). Being part of their botnet meant you
>> didn't know what traffic was going through your host, like kiddie porn
>> for which you are legally liable for use as a pipe for distribution. At
>> first, they made no announcement of that behavior, and only after
>> getting exposed did they update their TOS to explain it.
>>
>> https://www.pcworld.com/article/2928340/ultra-popular-hola-vpn-extension-sold-your-bandwidth-for-use-in-a-botnet-attack.html
>
> This is an app (org.hola.gpslocation) which at first I thought may or may
> not have anything to do with the Chrome extension "Hola Better Internet."
>
> But then I checked and it is from the same organization (https://hola.org).
> So thanks for that warning. I'll delete the app (there were plenty others).
>
>> Yeah, 6 years ago, but I'd research if they've amended their ways since
>> then.
>>
>> https://www.lifehack.org/articles/technology/alert-hola-vpn-putting-you-danger.html
>> https://dataprot.net/reviews/vpns/hola-vpn-review/
>>
>> Dated 6 and 3 months ago, so Hola is still using freeloaders as a P2P
>> network for their paid customers to steal your bandwith, and transmit
>> what they want through your host.
>
> Sounds like a sketchy outfit these Hola folks.
> Thanks for warning me (together we can improve our knowledge exponentially).
>
> I don't know what they could be doing sketchy with the GPS spoofer though.
> But there are other free ad free GPS spoofers on Google play to test out.
>
> Besides, the hola app I downloaded today seems to be completely gone anyway!
> But there are others, for example Aurora tells me these are free & ad free.
>
> Fake GPS Location 2021 (target SDK 30)
> https://play.google.com/store/apps/details?id=com.hopefactory2021.fakegpslocation
>
> Mocklation (target SDK 30)
> https://play.google.com/store/apps/details?id=de.p72b.mocklation
>
> Fake GPS Location (target SDK 29)
> https://play.google.com/store/apps/details?id=com.redskymedia.fakegps
>
> Fake GPS: Phone Location Changer with Joystick (target SDK 29)
> https://play.google.com/store/apps/details?id=find.my.friends.family.gps.location.tracker
>
> Mock Loc (target SDK 29)
> https://play.google.com/store/apps/details?id=com.mocker.mockloc
>
> Location Mocker (target SDK 28)
> https://play.google.com/store/apps/details?id=com.brianbhuang.fakelocation
>
> Mockation (target SDK 24)
> https://play.google.com/store/apps/details?id=com.blackkara.mockation
>
> Fake GPS Controller (target SDK 22)
> https://play.google.com/store/apps/details?id=com.delvedapps.fakegpscontroller
>
> Fake GPS location (target SDK 21)
> https://play.google.com/store/apps/details?id=com.lexa.fakegps
>
> I've downloaded all of those above and installed them.
> It may take a while to test but I appreciate Vanguard warned me about Hola.

Have you tested Lexa, too?

On 5/26/2021 3:39 AM, sms wrote:
> On 5/25/2021 2:00 PM, Cameo wrote:
>
> <snip>
>
>> I am using ExpressVPN as well, and so far it's been pretty good at
>> countering every instance where a VPN end-point was discovered by
>> HULU. The customer support guys would just suggest some other location
>> that was not yet on HULU-s black list. I'm afraid the VPN guys would
>> eventually run out of those locations though. Fortunately using
>> Windows laptops with ExpressVPN are not as wulnerable to these HULU
>> disscoveries (no GPS there, I guess,) so I can use it as a fall-back
>> method.
>
> Exactly. I guess that's one advantage to using a device without a GPS!
> guess a Wi-Fi only iPad connected to a network instead of a hotspot
> would also work. But most Android tablets, even Wi-Fi only, include a GPS.

You mean that a lack of feature can sometimes be an advantage? I'll be
darned!

sms <scharf.steven@geemail.com> wrote:
> On 5/25/2021 2:00 PM, Cameo wrote:
>
> <snip>
>
> > I am using ExpressVPN as well, and so far it's been pretty good at
> > countering every instance where a VPN end-point was discovered by HULU.
> > The customer support guys would just suggest some other location that
> > was not yet on HULU-s black list. I'm afraid the VPN guys would
> > eventually run out of those locations though. Fortunately using Windows
> > laptops with ExpressVPN are not as wulnerable to these HULU disscoveries
> > (no GPS there, I guess,) so I can use it as a fall-back method.
>
> Exactly. I guess that's one advantage to using a device without a GPS!
> guess a Wi-Fi only iPad connected to a network instead of a hotspot
> would also work. But most Android tablets, even Wi-Fi only, include a GPS.

[Disclaimer: I haven't followed all the nitty gritty details of the
thread:]

Isn't 'HULU' just an app on the Android device?

If so, Cameo could check if he can't just configure the 'Location'
part of his settings to 'Deny' Location services for the 'HULU' app.

I.e. on my Android 10/11 Samsung Galaxy A51:

Settings -> Location -> App permissions -> find 'HULU' app in one of
the three lists -> tap the app -> set 'Deny'.

N.B. Some apps can apparently disable (grey-out) the 'Deny' (and some
other) choice, but it's worthwhile to see if 'HULU' is such an app or
not.

Cameo wrote on 26.05.2021 16:30

> Have you tested Lexa, too?

The only one I had tested so far was Hola (and even then only because it was
ad free, free, Google free, GSF free, etc.) and because it was on a current
SDK.

At your request, I'm testing Lexa as the next one to see how well it works.
Fake GPS location (target SDK 21), free, ad free, GSF free, etc.
https://play.google.com/store/apps/details?id=com.lexa.fakegps

First we go to Settings > Developer options > Select mock location app
and we choose "Fake GPS com.lexa.fakegps"

Then we turn on the Location tile (teardrop icon) since mine is normally off
by design.

Then we go into Settings > Apps > Your apps and find "Fake GPS" which,
interestingly, only wants app storage permission.

Then I start the app and take a look at the settings (usually in reverse).
It has some interesting options such as
Spoof Wi-Fi provider (mandatory for spoofing apps like Viber) = yes/no
Simulate moving (Random move your location) = yes/no
Move distance (Set move distance for every update) (default = 10)
Manual altitude (Set GPS fix altitude value in meters)
Auto altitude (Get altitude by lat/long using Google) = yes/no
Update interval (default is 3000ms)
Accuracy (Set GPS fix accuracy value in meters) (default = 1)
Start on boot (start with last used location on bootup) = yes/no
Show icon (show status bar icon when Fake GPS is active) = yes/no

I kept the map at the default even though Lexa has multiple map choices
(including OSM & terrain & satellite views).

I zoomed into the Tower of London to then hit the green "play" arrow.

When I hit the green play arrow the app disappeared from view but it was
running in the background because when I pulled up Google Maps and pressed
on the "location" sight, Google Maps zoomed into the Tower of London.

Interestingly every few seconds the location moved visably (due to the
settings to randomly move a given number of feet on a given time frame).

So it would be interesting how "realistic" that movement may look over time.

That's it for the one-minute test (where, as always, it took longer to write
this up than it took to run the test).

So that everyone helps everyone else, it would be nice if each of us chose a
different GPS spoofing app to test to get an idea of which may be best.

Frank Slootweg <this@ddress.is.invalid> wrote:

> [Disclaimer: I haven't followed all the nitty gritty details of the
> thread:]
>
> Isn't 'HULU' just an app on the Android device?
>
> If so, Cameo could check if he can't just configure the 'Location'
> part of his settings to 'Deny' Location services for the 'HULU' app.
>
> I.e. on my Android 10/11 Samsung Galaxy A51:
>
> Settings -> Location -> App permissions -> find 'HULU' app in one of
> the three lists -> tap the app -> set 'Deny'.
>
> N.B. Some apps can apparently disable (grey-out) the 'Deny' (and some
> other) choice, but it's worthwhile to see if 'HULU' is such an app or
> not.

I had already made that suggestion (of going into the app's properties
to disable Location permission). The OP's response was:

Unfortunately HULU wants you to have the location ON. I guess it wants
to see if your IP address location matches the GPS.

Presumably "wants" means the app /refuses/ to function when denied
access to Android's location service. If true, and for those suggesting
using the app on an Android device that has no GPS, the app is going to
puke on those devices, too, by complaining it requires GPS data. You
can deny permission, but an app can demand them, so it's your choice
that the app works or not. If you demand Location be disabled, and the
app refuses to function without Location, ditch the app.

Instead of using the app, why couldn't the OP just use a web browser to
the hulu.com web site? After all, web-centric apps are just web
browsers with minimal functionality to present a different interface to
the same site.

On 5/26/2021 5:18 PM, Frank Slootweg wrote:
> sms <scharf.steven@geemail.com> wrote:
>> On 5/25/2021 2:00 PM, Cameo wrote:
>>
>> <snip>
>>
>>> I am using ExpressVPN as well, and so far it's been pretty good at
>>> countering every instance where a VPN end-point was discovered by HULU.
>>> The customer support guys would just suggest some other location that
>>> was not yet on HULU-s black list. I'm afraid the VPN guys would
>>> eventually run out of those locations though. Fortunately using Windows
>>> laptops with ExpressVPN are not as wulnerable to these HULU disscoveries
>>> (no GPS there, I guess,) so I can use it as a fall-back method.
>>
>> Exactly. I guess that's one advantage to using a device without a GPS!
>> guess a Wi-Fi only iPad connected to a network instead of a hotspot
>> would also work. But most Android tablets, even Wi-Fi only, include a GPS.
>
> [Disclaimer: I haven't followed all the nitty gritty details of the
> thread:]
>
> Isn't 'HULU' just an app on the Android device?
>
> If so, Cameo could check if he can't just configure the 'Location'
> part of his settings to 'Deny' Location services for the 'HULU' app.
>
> I.e. on my Android 10/11 Samsung Galaxy A51:
>
> Settings -> Location -> App permissions -> find 'HULU' app in one of
> the three lists -> tap the app -> set 'Deny'.
>
> N.B. Some apps can apparently disable (grey-out) the 'Deny' (and some
> other) choice, but it's worthwhile to see if 'HULU' is such an app or
> not.

That's a non-starter with HULU. The app definitely wants you to turn on
Location, otherwise it won't work. HULU is very agressive about its
geo-location enforcement. I wish I knew why. What's in it for them when
they still collect the membership fee? So far I only have been using it
to watch some US soccer games when I am in Europe because none of the
European networks pick them up.

In article <s8mdm2$mbt$1@dont-email.me>, Cameo <cameo@unreal.invalid>
wrote:

> > Settings -> Location -> App permissions -> find 'HULU' app in one of
> > the three lists -> tap the app -> set 'Deny'.
> >
> > N.B. Some apps can apparently disable (grey-out) the 'Deny' (and some
> > other) choice, but it's worthwhile to see if 'HULU' is such an app or
> > not.
>
> That's a non-starter with HULU. The app definitely wants you to turn on
> Location, otherwise it won't work. HULU is very agressive about its
> geo-location enforcement. I wish I knew why. What's in it for them when
> they still collect the membership fee? So far I only have been using it
> to watch some US soccer games when I am in Europe because none of the
> European networks pick them up.

to prevent sharing memberships.

To update people on GPS spoofing, I tested a few more of the apps, where I
deleted most because I give them a one-strike and you're out criteria.

First I tested & deleted the Hola GPS location as per advice from Vanguard.
https://play.google.com/store/apps/details?id=org.hola.gpslocation

Next I tested the Lexa *Fake GPS location* to help out the OP and reported
on the results in a prior post.
https://play.google.com/store/apps/details?id=com.lexa.fakegps

In addition, if you're going to be faking the location you may as well set
the time zone properly. For that I added a one-click shortcut to Android 11
Settings > scroll > General management > Date and time

Next I tested *Mock-Loc* which had one nice feature not in the rest which
was you could apparently create a track and then "play" that track whenever
you wanted the phone to spoof that specific track (as far as I could tell in
the quick test).
https://play.google.com/store/apps/details?id=com.mocker.mockloc

I found *FakeGPSController* location setting cumbersome and even so it
complained about needing to be in the system folder and it kept crashing
(perhaps as it was built for an older Android) so I also deleted it after a
quick test.
https://play.google.com/store/apps/details?id=com.delvedapps.fakegpscontroller

*Mockation* was similar to Lexa in that you could set a few things (but not
as many as Lexa allowed). Like Lexa Mockation has a search so it zoomed
right into the Tower of London when I searched for "London Tower."
Unfortunately, in every test I ran after setting the location, Google Maps
reported my correct location - so I uninstalled it.
https://play.google.com/store/apps/details?id=com.blackkara.mockation

*Mocklation* has a map that's harder to use because there is no search I
could find but it saved the Tower of London after forcing me to name it
first. Worse though is that even after I set Mockation to access GPS even
when in the background, it didn't spoof Google Maps location in the least.
https://play.google.com/store/apps/details?id=de.p72b.mocklation

*FakeGPSLocation* from HopeFactory had an easy search-&-set but no other
options so it's of limited usefulness even as it's very easy to use.
https://play.google.com/store/apps/details?id=com.hopefactory2021.fakegpslocation

*FakeGPS* from RedSkyMedia had a nice map but it kept crashing and worse, it
didn't fool Google Play so it was deleted within a minute or two of use.
https://play.google.com/store/apps/details?id=com.redskymedia.fakegps

*Fake GPS* Phone Location Changer with Joystick wouldn't even display the
map so I deleted it within a minute of use.
https://play.google.com/store/apps/details?id=find.my.friends.family.gps.location.tracker

*Location Mocker* was blocked by Play Protect for some reason.
https://play.google.com/store/apps/details?id=com.brianbhuang.fakelocation

On 5/27/2021 9:51 AM, paul wrote:
> To update people on GPS spoofing, I tested a few more of the apps, where I
> deleted most because I give them a one-strike and you're out criteria.
>
> First I tested & deleted the Hola GPS location as per advice from Vanguard.
> https://play.google.com/store/apps/details?id=org.hola.gpslocation
>
> Next I tested the Lexa *Fake GPS location* to help out the OP and reported
> on the results in a prior post.
> https://play.google.com/store/apps/details?id=com.lexa.fakegps
>
> In addition, if you're going to be faking the location you may as well set
> the time zone properly. For that I added a one-click shortcut to Android 11
> Settings > scroll > General management > Date and time
>
> Next I tested *Mock-Loc* which had one nice feature not in the rest which
> was you could apparently create a track and then "play" that track whenever
> you wanted the phone to spoof that specific track (as far as I could tell in
> the quick test).
> https://play.google.com/store/apps/details?id=com.mocker.mockloc
>
> I found *FakeGPSController* location setting cumbersome and even so it
> complained about needing to be in the system folder and it kept crashing
> (perhaps as it was built for an older Android) so I also deleted it after a
> quick test.
> https://play.google.com/store/apps/details?id=com.delvedapps.fakegpscontroller
>
> *Mockation* was similar to Lexa in that you could set a few things (but not
> as many as Lexa allowed). Like Lexa Mockation has a search so it zoomed
> right into the Tower of London when I searched for "London Tower."
> Unfortunately, in every test I ran after setting the location, Google Maps
> reported my correct location - so I uninstalled it.
> https://play.google.com/store/apps/details?id=com.blackkara.mockation
>
> *Mocklation* has a map that's harder to use because there is no search I
> could find but it saved the Tower of London after forcing me to name it
> first. Worse though is that even after I set Mockation to access GPS even
> when in the background, it didn't spoof Google Maps location in the least.
> https://play.google.com/store/apps/details?id=de.p72b.mocklation
>
> *FakeGPSLocation* from HopeFactory had an easy search-&-set but no other
> options so it's of limited usefulness even as it's very easy to use.
> https://play.google.com/store/apps/details?id=com.hopefactory2021.fakegpslocation
>
> *FakeGPS* from RedSkyMedia had a nice map but it kept crashing and worse, it
> didn't fool Google Play so it was deleted within a minute or two of use.
> https://play.google.com/store/apps/details?id=com.redskymedia.fakegps
>
> *Fake GPS* Phone Location Changer with Joystick wouldn't even display the
> map so I deleted it within a minute of use.
> https://play.google.com/store/apps/details?id=find.my.friends.family.gps.location.tracker
>
> *Location Mocker* was blocked by Play Protect for some reason.
> https://play.google.com/store/apps/details?id=com.brianbhuang.fakelocation

Thanks for the tremendous amount of research you put into this. Based on
that, I think I'll stick to using my Win10 laptop with HULU.

On 5/26/2021 11:15 PM, nospam wrote:
> In article <s8mdm2$mbt$1@dont-email.me>, Cameo <cameo@unreal.invalid>
> wrote:
>
>>> Settings -> Location -> App permissions -> find 'HULU' app in one of
>>> the three lists -> tap the app -> set 'Deny'.
>>>
>>> N.B. Some apps can apparently disable (grey-out) the 'Deny' (and some
>>> other) choice, but it's worthwhile to see if 'HULU' is such an app or
>>> not.
>>
>> That's a non-starter with HULU. The app definitely wants you to turn on
>> Location, otherwise it won't work. HULU is very agressive about its
>> geo-location enforcement. I wish I knew why. What's in it for them when
>> they still collect the membership fee? So far I only have been using it
>> to watch some US soccer games when I am in Europe because none of the
>> European networks pick them up.
>
> to prevent sharing memberships.

I don't follow that. How would that allow sharing membership?

Cameo wrote on 27.05.2021 16:40
> Thanks for the tremendous amount of research you put into this. Based on
> that, I think I'll stick to using my Win10 laptop with HULU.

I tested GPS spoofing aps so that everyone would benefit from the effort.

In summary it's not hard to spoof GPS location but there are other issues
depending on whether the outfit watching over you is looking at other
fingperint data (such as accounts, IMEI, time zones & regional settings).

For _just_ GPS spoofing on Android, here are the steps for others to follow.
1... Choose any decent GPS spoofing app that fits your needs
2... Set it as the mock location app & at startup/while-used/background
3... Set it up for location & movement (static, random, or play a track)

When you wish to spoof your GPS-reported location
4... Turn on the GPS spoofing app (if not set for starting at bootup)
5... Turn on the phone's "Location" (eg via the "teardrop" icon tile)
6... Test, perhaps with Google Maps by pressing the locate-me target icon

*If others want to suggest better _tests_ of the spoofing, please do.*
The goal is for all of us to learn from each other by our contributions.

In comp.mobile.android, Cameo <cameo@unreal.invalid> wrote:
> On 5/26/2021 11:15 PM, nospam wrote:
>> to prevent sharing memberships.
> I don't follow that. How would that allow sharing membership?

I don't know if that's why Hulu would want accurate location, but _how_
is probably by seeing if a membership is used in a bunch of geographic
locations at once. Consider the case of me running a personal VPN[*] to
let my kids (three kids, in three different states) use my Hulu
membership. The VPN would make it seem like all were coming from the
same location, the GPS would prove that wrong.

This is a lot of work for not a lot of value.

I would guess they are doing this for licensing reasons. Media is very
often licensed on a per-country basis, and they maybe are choosing GPS
as a way to prove to the content owners that they are being serious
about cracking down on VPN bypasses for national border license
restrictions.

[*] I don't run a personal VPN for any reason.

Elijah
------
"media" includes movies, tv shows, music, books, etc

On 5/27/2021 8:10 PM, Eli the Bearded wrote:
> In comp.mobile.android, Cameo <cameo@unreal.invalid> wrote:
>> On 5/26/2021 11:15 PM, nospam wrote:
>>> to prevent sharing memberships.
>> I don't follow that. How would that allow sharing membership?
>
> I don't know if that's why Hulu would want accurate location, but _how_
> is probably by seeing if a membership is used in a bunch of geographic
> locations at once. Consider the case of me running a personal VPN[*] to
> let my kids (three kids, in three different states) use my Hulu
> membership. The VPN would make it seem like all were coming from the
> same location, the GPS would prove that wrong.
>
> This is a lot of work for not a lot of value.
>
> I would guess they are doing this for licensing reasons. Media is very
> often licensed on a per-country basis, and they maybe are choosing GPS
> as a way to prove to the content owners that they are being serious
> about cracking down on VPN bypasses for national border license
> restrictions.
>
> [*] I don't run a personal VPN for any reason.
>
> Elijah
> ------
> "media" includes movies, tv shows, music, books, etc

The licensing idea also crossed my mind, but I could not find any
European satellite or terrestrial TV carrying US soccer games. I would
gladly drop the expensive HULU subscription if it was available in EU.

I ran a single blind test today and the GPS spoofing only worked initially.

Then it failed.
Maybe AGPS kicked in?
Dunno.

I spoofed the location to the London Bridge and had the location change
randomly by 10 meters every 3 seconds (or so I had thought).

I handed the phone to the passenger to route me to a location, which
initially confused her, but then, somehow, Google Maps fixed it.

It took her only a couple of minutes to fix the location.
I knew the gig was up when Google Maps told me to make a turn at the next
road using accurate local road names.

So _somehow_ Google Maps figured out something or maybe the spoof failed?
This spoofing needs more testing.

Afterward I looked up which app most people use.

At least this (older but reliable) article says to use the same one I did.
https://9to5google.com/2018/04/08/spoof-location-android-basics/