I would argue that your GPS coordinates can be easily spoofed by anyone who can type "fake GPS" into the play store search window and as such its effectiveness as a fraud detection is rather limited.
You have to look at the perspective troy would be coming from. When you witness large multinational companies accidentally letting 150 million accounts be breached, you have to recognise that step 0 for security is to not collect the private information that isn't necessary to fulfill the transaction. Or to put it another way, how much do you think the home addresses of papal customers would be worth to identity fraudsters?
Biting the hand that feeds IT
