Skip to main content
Answered

Fake GPS data

  • July 23, 2025
  • 10 replies
  • 1201 views
G
Forum|alt.badge.img+6

We run a rewards app based on top of Strava API

However we are getting a large number of people faking their Walks, Runs, Cycles using tools like “GPS Joystick” on Android. 

There are many tools to fake Strava activities, and we are concerned that a rewards app on Strava can be exploited heavily.

We would like to suggest that the Strava mobile app has extra security features to detect such apps, and pass a flag through to the API so that consumers can decide what to do with fake data

We suggest that the Strava mobile app, also includes Cellular network GPS verification, accelerometer sensor verifcation, to verify that the mobile device “was actually moving” when the activity was recorded

 

Kind regards

 

Best answer by Emily_A

Hello ​@greencommuter. While not a perfect system, you could evaluate a combination of a few factors when fetching activities:

  • We pass a boolean for manual when an activity has been manually created without any underlying data. However, this is not the case for files uploaded to Strava, altered or unaltered. 
  • We also pass device_name and upload_id 

Between these three, you should have a sense of “legitimate” activities. 

For feedback on the application as a whole, as mentioned by Jana_S, please submit an Idea. 

    10 replies

    D
    Forum|alt.badge.img

    Mohon dengan sangat kembalikan uang sayaa yang tiba tiba masuk aplikasi strava yang saya tidak ketahui

    Jana_S
    Superuser
    Forum|alt.badge.img+29
    • Jana_S
    • Superuser
    • July 23, 2025

    Hi ​@greencommuter,

    While Strava doesn't recognize all cheating automatically, you can report cheaters or individual activities, here's some details: https://support.strava.com/hc/en-us/articles/206522304-How-to-Report-Cheating-on-Strava

    You might also want to add your vote and/or feedback to this feature request: 

     

    And here's some background on the latest about the auto-detection: 

    https://stories.strava.com/articles/removing-cars-from-leaderboards

     

    Jan_Mantau
    Jana_S
    Superuser
    Forum|alt.badge.img+29
    • Jana_S
    • Superuser
    • July 23, 2025

    @Dwi eri sandria 

    google translate:

    Please refund my money which suddenly entered the strava application without my knowledge.
     

     

    You need to contact Strava Support, unfortunately we can't help you here at the Community Hub. Here’s the details: 

     

    Jan_Mantau
    E
    G
    Forum|alt.badge.img+6
    • greencommuter
    • Author
    • Hub Climber
    • July 23, 2025

    hi ​@Jana_S 

    Well we can only report cheaters if there is a way to identify them

    We are interested to know how to differentiate activities that are fake from activities that are real.

    Does the strava mobile app perform any checks? For example:

    • multi-space cloning
    • use of multiple device sensors, not just GPS
    • rooted device

    etc.

    As these could be good to pass through the API, so that apps can differentiate real from fake.

    Our long term plan is actually develop our own Run, Walk, Cycle app instead of using Strava - but we would much prefer that Strava took genuine activities seriously.

    Thanks

     

    Jana_S
    Superuser
    Forum|alt.badge.img+29
    • Jana_S
    • Superuser
    • July 23, 2025

    @greencommuter what kind of checks does the Strava app do - well that's a good question (and I don't have an answer, note that this is a community hub - fellow users helping out each other). But my guess is that the check is rather done server-side, as Strava serves as an aggregator of data from countless apps that allow syncing to a Strava account, rather than recording directly with the Strava app. I’m not sure though whether Strava would be willing to publish the specifics, as that might actually serve as a checklist for the cheaters...

    Anyway: if you’d like to request a specific functionality, you can submit an “idea” that other users can vote for - and hopefully it will get attention of the product managers at Strava.

    Jan_Mantau
    Jan_Mantau
    Superuser
    Forum|alt.badge.img+26
    • Jan_Mantau
    • Superuser
    • July 23, 2025

    As ​@Jana_S said, the Strava app doesn’t have much relevance for this topic. Maybe someone could trick the Strava app to record fake GPS data but that would be unnecessary complicated in comparison to all the other cheating options. The usual problem with recording the wrong activity type or even vehicle rides with the Strava app or any other app or device is way more problematic in this regard. There is some progress to detect that automatically but it will never be perfect.

    The fake GPS is usually a file that is uploaded in the Strava web UI. If that file contains plausible data it’s indistinguishable from a real activity, there is nothing Strava can do in this case.

    A reward app that doesn’t have channels outside of Strava to secure the legitimacy (like reliable witnesses or only allowing acquaintances where the chance exist that they can be seen when cheating) is always easy to exploit.

    Jana_S
    E
    G
    Forum|alt.badge.img+6
    • greencommuter
    • Author
    • Hub Climber
    • July 24, 2025

    Detecting use of GPX files is pretty easy, the issue is that the Strava mobile apps dont use other sensors like accelerometer or Celluar GPS correlation, and as such apps like GPSJoystick that just sends a fake GPS stream will always work.

    As such like i mentioned we’ll be moving our app off Strava, and develop our own activity recording app with such detection in place. Its a shame Strava dont take this seriously imho.

    E
    Community Manager
    • Emily_ACommunity Manager
    • Answer
    • July 24, 2025

    Hello ​@greencommuter. While not a perfect system, you could evaluate a combination of a few factors when fetching activities:

    • We pass a boolean for manual when an activity has been manually created without any underlying data. However, this is not the case for files uploaded to Strava, altered or unaltered. 
    • We also pass device_name and upload_id 

    Between these three, you should have a sense of “legitimate” activities. 

    For feedback on the application as a whole, as mentioned by Jana_S, please submit an Idea. 

    Jan_Mantau
    Jana_S
    Jan_Mantau
    Superuser
    Forum|alt.badge.img+26
    • Jan_Mantau
    • Superuser
    • July 25, 2025

    Detecting use of GPX files is pretty easy, the issue is that the Strava mobile apps dont use other sensors like accelerometer or Celluar GPS correlation, and as such apps like GPSJoystick that just sends a fake GPS stream will always work.

    As such like i mentioned we’ll be moving our app off Strava, and develop our own activity recording app with such detection in place. Its a shame Strava dont take this seriously imho.

    That’s a good idea if you have the vast knowledge and time to program that. Remember though that many if not most people usually don’t record with their smartphone and won’t be delighted to make duplicate recordings, one with your app and the other with their watches or head units. Besides that another app for recording will have impact on smartphones battery runtime and the quality of GPS reception is diminished i.e. for riders that have their phone in some bags.

    vagner_acorja
    Forum|alt.badge.img+10
    • vagner_acorja
    • Hub Explorer
    • August 12, 2025

    Hi ​@greencommuter,

    While Strava doesn't recognize all cheating automatically, you can report cheaters or individual activities, here's some details: https://support.strava.com/hc/en-us/articles/206522304-How-to-Report-Cheating-on-Strava

    You might also want to add your vote and/or feedback to this feature request: 

     

    And here's some background on the latest about the auto-detection: 

    https://stories.strava.com/articles/removing-cars-from-leaderboards

     

    This guy is faking his activities. I've tried flagging, reporting, and even submitting a support request, but nothing... it's very frustrating.
    https://www.strava.com/athletes/107010366

    activity 1: https://www.strava.com/activities/15312637614
    activity 2: https://www.strava.com/activities/15296943510

    I also have this girl, who's faking her activities. She's cloning old activities. I reported it once in the past, and nothing was done, and now she's doing the same thing again.

    https://www.strava.com/athletes/24583134

    activity (mai 2023): https://www.strava.com/activities/9053808194 
    same activity (jul 2025):  https://www.strava.com/activities/15310403279 

    activity (jul 2024): https://www.strava.com/activities/11971382704
    same activity (jul 2025): https://www.strava.com/activities/14337046652

    What's the point of having a reporting tool if no action is taken?

     

     

    Terms & ConditionsCookie settingsAccessibility statement