Global Navigation Satellite Systems (GNSS) provide the foundation for modern location-based services, yet civilian signals remain critically vulnerable to spoofing attacks that can compromise navigation integrity. While effective anti-spoofing countermeasures exist, they typically rely on specialized hardware such as multi-antenna arrays or software-defined radios, rendering them unsuitable for deployment on commodity smartphones. To bridge this gap, this paper proposes a practical, server-assisted Navigation Message Authentication (NMA) framework designed specifically for mobile platforms. Our approach introduces a lightweight verification layer where the mobile receiver cross-references locally decoded navigation data against cryptographically signed reference messages retrieved from a trusted server. The detection pipeline rigorously enforces both content consistency and timing sanity checks to identify and isolate varying classes of spoofing. Experimental validation, conducted using a custom Android application and the NAVISIM signal simulator in mixed-signal environments, demonstrates that the proposed method achieves a 0\% False Negative Rate, effectively filtering out counterfeit signals in our test scenario. Although the exclusion of spoofed satellites inevitably results in reduced satellite availability and a consequent increase in the Root Mean Square Error (RMSE) due to geometric degradation, the system successfully preserves the integrity of the Position, Velocity, and Time (PVT) solution. This work contributes a deployable, software-defined defense mechanism that prioritizes authentic positioning over misleading precision, offering a potentially scalable software-based defense suitable for mobile devices. Similar to other NMA schemes (e.g., Galileo OSNMA), the proposed method remains vulnerable to replay/meaconing attacks when the delay between signal capture and retransmission is very short.