Testing Fitness Apps: Can You Cheat the Algorithm?
Most people have at least one health and fitness app on their phone that they use to track their movement and monitor various metrics, like distance, speed, time, and calories. Namely, these types of apps are generally used to track workout activity. While there are many different health and fitness apps, all of them work by using similar technologies that are built into the device, such as accelerometers and location services.
However, although these apps are intended to provide accurate insight into our physical activities and our overall well being, it can be tempting to cheat the system and increase your daily step count. Why? Well, things like fitness challenges, discounts and rewards are reason enough for people to get creative and look for ways to outsmart their step counters. But is it possible to fool such apps and their algorithms? This is what we are determined to find out—by conducting a bit of an experiment and sharing our findings in this blog post.
To get the answers we need, we will be testing a fitness app, specifically their step counter—let’s not upset any developers by exposing the name of the app—and see if it's possible to cheat their step counter algorithm. To do this, we will be using two testing scenarios.
For the first scenario we will be using a bicycle and an iPhone to see if we can make the app think that the user is walking or jogging, when we are, in fact, cycling. For the second scenario we will be conducting a test in our location testing laboratory—with EMF shields, a Faraday cage, GPS signal spoofing equipment, and a phone holder-pendulum—where we will simulate GPS signals from elsewhere and make the device think that it is moving outside when in reality it will be located inside the box. Both tests will last 10 minutes.
Why would you want to cheat step counters?
Now, you might be thinking—why would I want to cheat step counters in the first place, what do I stand to gain? This may be a bit controversial, but if we are going to talk about the how, then we need to talk about the why as well. That being said, there are actually various reasons that may encourage people to try and outsmart their fitness app, like getting a discount on your health insurance policy or earning financial or social rewards in projects like Charity Miles, Evidation, HealthyWage, Vitality, and so on. People might also be tempted to deceive popular web3 and move-to-earn (M2E) apps, like Genopets, Sweatcoin, Dustland and, of course, Stepn. Or they may want to gain an upper hand in games that require them to move or change locations, like Pokemon Go, or perhaps they just want to trick their friends into thinking that they ran a marathon in an hour. Essentially, the reasons and incentives for cheating step counters are endless.
Fortunately, the equipment that we are going to be using in this experiment isn’t that easy to acquire. That means that those who would try to repeat this experiment to “get rich fast” won’t be able to do so that easily. But before we get to the actual testing, it’s important to understand how fitness apps and step counters work, and how they collect data.
How do step counter apps measure speed, distance and steps?
In short, these technologies need a few things to tell us our location, orientation, speed and the distance we have traveled. The GPS signal and MEMS-IMU modules should provide that information. These technologies are used in various devices and objects like mobile phones, smart watches, planes, cars, industrial machines, drones, and many others.
When the modem in the device receives a signal from the GPS satellite, it compares the time sent by the satellite and the time it is received, and then determines the difference. Therefore, knowing the speed of the signal and the time required for its passage, the receiver calculates the distance from the satellite. By having three data sets from three different satellites and knowing their exact position in Earth's orbit, you can calculate the coordinates of the receiver.
Another technology, called Assisted GPS (A-GPS), allows devices to capture GPS signals better. Assisted GPS acquires and stores information about the location of satellites using the cellular network, it uses proximity to cellular towers to calculate positional data. In our case, we used a WiFi signal to help our spoofing solution, which allowed us to easily receive the position of the device under test. However, if the device can detect too many WiFi networks, it may reject the GPS data that we are feeding it through the GSG module and the whole test may fail. Therefore, the EMF shield has to be used.
Using GPS spoofing solution
In one of our earlier blog posts, we describe how we test mobile applications and devices using our GPS spoofing solution—which gives a more in depth look at GPS signal spoofing and what solutions TestDevLab uses to achieve these results. In order to visualize it a bit easier and get an understanding of how it works, let's look at this diagram:
The main principle is to take a device, put it in the Faraday box, and then by using a GSG Simulator push prerecorded scenarios that contain a GPS signal and global position to make the phone's cache fill with this data, and eventually to make it believe that it is somewhere else.
There is a really good video tutorial that explains how IMU chips work in more detail. It explains how the magnetometer chip, accelerometer chip and gyroscope chip work in order to provide us with the data needed to calculate movement and orientations of the movement. In order to understand more about why we need that data, let's discuss each of these chips below.
An accelerometer is a device that uses an electromechanical sensor to measure static or dynamic acceleration. With the help of this sensor, the phone knows whether it undergoes acceleration in any direction, and together with other data from the IMU chip, it’s the reason why your phone’s display switches on or changes orientation when you flip it.
There are two ways that accelerometers can be used to measure step count. The first one is what we described earlier—noticing the device's movement compared to one of the axes. This provides the data that is needed for the device to determine if you are moving and how many steps you take, for example.
The second way is more algorithmic and involves retrieving data from accelerometers for algorithms. Namely, different step counter apps may use their own algorithms and show data in their own specific way. These algorithms use the data that your device provides it with and either sends it to the server to be processed or processes it on your device, thus giving the result displayed on the app's UI. You can read this article on getting raw accelerometer events to learn how this is done.
Gyroscope and magnetometer chip
Modern smartphones use a gyroscope which consists of a tiny vibrating plate on a chip. When the phone's orientation changes, that vibrating plate gets pushed around by the Coriolis forces that affect objects in motion when they rotate.
Compass functionality in phones and tablets is enabled by something a bit more sophisticated, a sensor called a magnetometer, which is used to measure the strength and direction of magnetic fields. By analyzing Earth's magnetic field, the sensor allows phones to determine their orientation pretty accurately.
All of these components form a MEMS IMU chip, and together with a GPS chip they allow our mobile devices to calculate the device orientation in space, determine if we are moving or stationary, and check how fast and in which direction we are headed. However, these technologies are not only used in our mobile devices, but also in drones, cars, planes, smart watches and many other IoT devices as mentioned before.
Testing the fitness app
Okay, so now that you know how fitness apps and step counters work and collect data, we can get down to the actual testing. As mentioned at the beginning, we will be using two scenarios:
- First scenario: Can a fitness app be fooled into thinking someone is walking or jogging, when in reality they are cycling?
- Second scenario: Can we trick the fitness app into thinking that someone is walking by using various equipment inside our laboratory to simulate a 10-minute walk outside our office?
Let’s see how we tested both scenarios.
At the beginning of field testing, it all started fairly simple with a simple setup—a bicycle and a phone strapped to the crank arm to see if the phone under test would be fooled into believing that it's moving as if somebody was walking/jogging.
The image on the top is the initial setup (we know it looks like the real deal), while the image below it shows our 3D-printed solution for holding any phone inside our GPS spoofing setup. This 3D-printed pendulum is the next level in testing fitness and step counter apps, since it performs the same function as the bicycle crank arm, but inside the laboratory setup. There is even a third, more commercial solution—a mobile swing device—which more or less does the same job. All three solutions have the same goal, but all three have a different characteristic, therefore the results may differ. For this particular field test, an iPhone 7 with iOS 15 was used.
Now let's have a look in more detail how the laboratory test is set up and what equipment was used. For the test performed in our dedicated laboratory, we used AT&T Tinno with Android 9 and recorded the scenario using another Android device with GPS tracker software.
To try and trick the fitness app, we decided to go on a 10-minute “walk” outside our office in Riga without actually going on a walk. Instead, we printed a custom-designed phone pendulum that was placed inside the Faraday cage, and after 10 minutes of continuously pushing the phone back and forth, we got some results.
Now for the fun part—looking at the test results and seeing how successful we were in fooling the fitness app under test using our two different test scenarios. Keep in mind that they are not meant to be compared directly with one another. The two scenarios are there to add more context to the whole story. The field testing results with the bicycle is an example of a scenario that can be used to test fitness apps to determine how accurate and reliable they are. The laboratory test results, on the other hand, show the value of these tests and give a taste of TestDevLab's expertise and unique testing laboratories.
One more thing to keep in mind before analyzing the results is that a person walks about 5 steps every 2-3 seconds with a speed of about 5-6 km per hour. These metrics should be considered in order to better understand this data.
Field testing results
Let's start by looking at the results from the first scenario and see the number of steps that the app recorded during the 10-minute cycle with the phone strapped to the crank arm.
From the results, we can see that the number of steps recorded during the field test with the device strapped to the bicycle’s crank arm is much higher than the actual number of steps. Specifically, we can see that the app recorded 1,277 steps while cycling. This is due to the fact that the device strapped to the bicycle makes a lot of rotations, thus making the device think we are making a lot of steps. These results prove that this method can be used to cheat the step counter in a relatively cheap and easy setup. However, for the best results, the tests need to be standardized and planned accordingly to certain goals.
Laboratory testing results
We see the opposite situation happen in the laboratory test. The actual step count for the 10-minute “walk” is 815, while the step count from the laboratory test for the same distance and time is 600. There are several possible reasons for this:
- There is a bug in an application. Since we are feeding the app GPS data and swinging the phone in a cage, it might experience difficulties showing correct data.
- The holder-pendulum that is used in the setup may make the phone record a different combination of data compared to the actual walk.
- The cycling scenario may need improvement since even though the same distance was walked/cycled, the time used to bypass this distance is different and therefore these scenarios should be standardized.
All of the circumstances above could be the reason for such a big difference in the data, but in time with corrections being made to the whole setup and more tests being done, it could be calibrated more precisely and any inconsistencies or differences in the data from that moment could be considered system bugs or systems failures.
Can you cheat your fitness app and step counter?
Overall, the experiment proved itself worthwhile and we were able to gather some pretty valuable insight about fitness apps and whether there is a way to cheat the system.
Looking at the results, we were able to deduce that it is in fact possible to cheat a fitness app—well at least the one we tested in our experiment. However, there is still plenty of work to be done to achieve a much smoother testing process and be able to test all the fitness apps out there and their features. There is always room to take things even further by introducing different phone models, IoT devices, locations, trajectories, more testing variables, and even adding automation scenarios to this project. Nevertheless, we achieved what we set out to do and got the answers we were looking for.
Since these apps were made by humans for humans, the temptation to cheat will always exist and there will always be a way to cheat these systems, one way or another. As we mentioned at the beginning, it is not cheap to get your hands on the equipment necessary to test and outsmart such apps—even without considering the cost of a satellite license and other expenses—but it is doable.
To prevent users from cheating or “breaking” your app, we suggest getting your application tested by experienced quality assurance engineers. With a team of over 500 experienced quality assurance engineers, we are here to make sure that your application is as secure and stable as possible by testing it in all possible scenarios and using different methods to cheat the algorithm.
Do you have a health or fitness app—or any app that depends on location, movement, or sensors? With our custom solutions and setups we can help make sure your app cannot be broken by curious users. Contact us to learn more about our unique testing services and solutions.