1. This was not a mitm attack, it was lawful mitm inspection of a user's own traffic. Mitm attacks are prevented by TLS and the system CA store already.

2. Please don't give people bad ideas. This is how we get bikeshare apps that don't work on rooted/old/GrapheneoOS/... devices and further entrench google's position in the Android ecosystem.

If your security depends on devices faithfully reporting their location, you've already lost. Get a whiteboard, start from scratch.