Movement App — Security and anti-fraud system.

Introduction

The most common way of addressing a problem of implementing a pedometer in software is to use the readings from the accelerometer. The approach consists of extracting the magnitude of the acceleration vector from the accelerometer on the device that will act as a pedometer. A typical 3-axis smartphone accelerometer produces the following signal in the pocket of running person:

Each period of the waveform is equivalent to the human step under the perfect conditions. In order to enhance the results from the accelerometer signal a low pass filter is applied to the waveform. This results in a smoother waveform and allows to eliminate high frequency noise.

Ideally, the approach seeks to get a perfect waveform like the one above.

Problems

The problem with this approach is that it could easily be deceived by simulating the acceleration pattern. For example, attaching an accelerometer to the moving object, animal or a mechanism might produce periodic peaks that would be recognized as steps. Good demonstrations of such “cheating” methods could be observed in the following video materials:

https://www.youtube.com/watch?v=ptkaEJiKVuw

https://www.youtube.com/watch?v=fl1ophVnCrc

https://www.youtube.com/watch?v=4jJAG6TAhzg

Solutions

Use more sensors: gyroscope, magnetometer.

What this allows us, is to get different signatures and combine them using sensor fusion to get a more unique signature of the walking pattern. For example, a filtered gyroscope signal of the walking person looks very different from the accelerometer signal:

Combining the data from two sensors gives us six data points in six dimensions, six for accelerometer and three for gyroscope respectively. Combining them into a 6-dimensional vector and search for a consistent periodic pattern could be a good way to improve the accuracy.

And finally the last sensor that we can make use of - the magnetometer. Magnetometer measures the electro-magnetic field and is used at determining the directions. Think about the compass app on your smartphone. The knowledge of the current direction could easily filter out all the spinning, rotating devices as well as animals running around in hectic manner for short distances.

Spectral analysis

The signal from the sensor could be further analyzed by applied Fourier Transformation to waveform. Fourier Transformation transforms the signals from the time domain (like the ones above) to the frequency domain. Walking or running is usually consistent in its frequency on the short term interval. By looking at the frequency signatures of the devices we could mark suspicious behaviors and then further analyze them to catch cheaters.

For those who run outside:

First of all we should note that all the devices demonstrated in provided video materials are stationary. The Movement App team views it as one of the main ways to determine a cheating user in the system. For example, when user is in the process of running or walking with the movement app on, in addition to step count data the software will be able to check that the GPS location changed and verify that the number of steps was indeed traveled. Building a cheating mechanism that will not only simulate the movement of the human leg but also move itself around in space is not practical for the potential cheater. The reason is that it will require the investment of resources and time that outweighs the benefit.

For those who run inside the gym:

If you live in California you could go jogging outside 365 days a year, but what if you live in a place that has 4 seasons per year and you prefer to go on the treadmill in winter? As more approaches and details are discussed it becomes clear that counting steps accurately becomes more of machine learning problem than just an algorithmic approach. Movement App could check if the location is a gym. For example, what if several movement app users perform physical activity at the same geographical place? It certainly leads to the platform learning, that most probably that location is a gym, a stadium, etc. So even though the GPS sensor is not being engaged the platform could learn from the big number of users and data and make smart decisions.

What if I run inside my own house and my location doesn’t change:

This is completely fine you will still get RUN coins for you distance. However not displaying the GPS location change will lead to the Movement App platform to perform additional checks before issuing tokens to you. Let’s say that we have 100 users in the Movement App. We could see that 96 of them are running outside (due to GPS location change) and 4 are running inside. The platform could compare the running patterns of the 4 users running inside and see if anyone stands out. If so the platform could take one step further and look at the running patterns of those who run outside (more credible data) and look for any inconsistency. This an example of how big corporations such as Facebook, Twitter, Instagram are looking for abnormal behaviors in their data. It helps them to identify bots and block malicious accounts.

Conclusion

We are now working towards implementing more ways to check the data validity. Of course, we cannot guarantee that it is 100% impossible to cheat on our platform at this point. But our main security goal for now is to minimize the possibility of it.