When i wanted to gift my wife Spandana an activity tracker for her birthday since she was planning to buy one, I went with Goqii, since it came recommended by one of my colleagues Prafful Nagwani. I was already late and tweeted to Goqii if I could get it on the same day.

Great Team

They are definitely a young team. I was surprised when the CEO replied and assured of a same day delivery, which they did!

Everything was good until my wife asked me to help setup the app. I did help her set it up. The app was a bit buggy but was able to get the setup done.

Security

What surprised me the most was that the apps (mobile and web) looked like something built by school kids. I was shocked to see that almost all data is exposed to be publicly available through the APIs that the web app uses.

When I say data was exposed, it was everything - including name, email address, mobile, postal address, age, gender, date of birth, profile pic, height, weight….

I built a small script that retrieved a set of 50 records and shared with the Goqii team responsibly the data that I was able to retrieve as well as the details of the vulnerability.

I reported the vulnerability to the CXOs and they were very swift in getting the issue fixed the specific issue.

But the issue wasn’t some obscure one that required a web security expert to discover. It was standing right in front of their team all the time. As simple as this - They did not have any sort of authentication mechanism for the primary APIs that their web/mobile apps were using.

So recently when I read on the news about Axis Bank partnering with Goqii to build wearable devices for NFC payment, my first reaction was “WTF!”. Having examined their apps closely, Axis Bank might be getting into a big mess considering the poor levels of security on Goqii apps.

They did release a small bounty for the responsible disclosure- although all of it was Goqii merchandise including a couple of bands and subscriptions.

Having used the band extensively for a while before losing it, and having given off the additional ones to some friends whom I helped set up the app, I think I have a fair idea of the band and the app now to pen down my thoughts about what is good and what is bad.

What is good about Goqii?

Personal coach: This is not always True. Spandana had a very good coach that she liked. I never found mine interesting or inspiring. Heard mixed reviews from 4 colleagues who have used Goqii for more than 6 months.
Their team : They look like an amazing team. I found them inspiring. Although if you are just a regular user of the band/app, this might not affect you much.

What is bad about Goqii?

Battery Life: The battery life is very low. Hardly 2 days with moderate activity. 3 days with less activity. If you have used any others like Mi Band, Fitbit etc, you will find this frustrating.
You will lose the band: Not saying this because I lost mine but this is a design problem. The first version of the strap did not have the free/fastening loop to hold the strap ends together. Although this was slightly improved by adding a fastening loop in the second version of the band strap, the problem remains with how the band hands the core.

With the little battery life, you will have to dislodge the core from the band to charge it overnight every alternate day. Over a period of time, the band becomes a bit loose and hence wouldn’t hold the core as firmly as it holds on the first day of use. So you would end up having the band on your wrist but the core would have fallen out of the band.

Spandana ended up losing the core this way. Same was the case with my colleague Suchi Garg who had taken the band on our recommendation.

A replacement of the core costs Rs 2000 which is not worth it since you are prone to lose it again due to the design problem.
Sleep Tracking is manual : Unlike most other bands like Mi Band, you will have to manually notify the band by pressing a button that you are about to sleep. It is a bit irritating to think about sleeping before sleeping ;-) If you are like me who just falls asleep when tired, this wouldn’t work with you.
Very Buggy App: (Android) I have checked only the Android App. The app is very buggy. Breaks on changing orientation. Frequent crashes with a message “Unknown Error Occured”. Would not detect the band many times and requires frequent re-pairing. Many UI issues like - For logging water, the “Log” button remain inaccessible for the screen doesn’t have a scroll and the button extends to below the visibility on the screen on most 5”-6” devices (Tested on Yuphoria Yu, One Plus 2)
Personal Coach: I included this in the “What is good” as well. Since this highly depends on your coach. Spandana liked her coach very much and she was really good. While I found mine mostly sending pre-canned / automated messages every other day.
No Calorie Count in food tracking: You can only log the names of the dishes you had. Couldn’t find a way to log calorie intake or any helpful information. I like how HealthifyMe does it. (NOTE: I haven’t used Healthify’s device. I don’t expect it to be any better than Goqii. But their app is amazing and integrates well with most other wearable devices). You would select the dish by keying in the first few characters of the dish and give the quantity taken and it retrieves information about the approximate calorie count as well as breakup of nutrition. Wish Goqii had something like this.
Does not Integrate : Does not integrate with Google Fit or any other apps.
Not Waterproof : You already have to take the band out very often for charging. On top of it, you will have to remove it and wear it every time you wash your hands or take a bath.

I heard similar feedback from my colleagues who used it.

Suchi Garg ended up losing her band twice due to the same design flaw mentioned above. She found hers the first time after a few hours of searching. She couldn’t find it the second time. Gave up and moved to Fitbit.
Prafful, Spandana and I moved to Mi Band

One of my colleagues was approached by a research associate at Goqii. My colleague had similar feedback as above to the associate.

Overall

I think there is a lot of scope for improvement. The band is not any close to being usable without frustration in its current state.

Advice to Goqii Team

Improve the battery life. Mi Band is a good example for you to look upto.
Automate Sleep Tracking. Again, Mi Band is a good example
Improve the app. Lots of bugs to be resolved. Improve the interface.
Add better food logging capabilities. HealthifyMe app (not their device) is a good example
If you could place the charging port of the device on its side, and have an opening on the port on one side (with a rubber cap) such that the cap can be removed and a microUSB charger cable can be plugged into the device from the side, without removing the device from the band, that would solve the problem with losing the band. This will also eliminate the need to carry the additional goqii docking cable all along when we travel since we can now charge the device directly with our mobile chargers.
Additionally, if you could place a small speaker on the device that could be made to beep from the mobile app when the device is within the bluetooth range of the mobile, that would be a great helper to locate lost device. Sometimes it might have just sunk in between the pillows of your sofa and there is no easy way to locate the device although you know it’s no more than a few feet away in your house.
Train coaches better. You already have some very good ones. I heard great things about her coach from my wife. Discourage “personal coaches” from sending “automated / pre-canned” messages.

Should I buy it?

No. Not right now. I would love to see this Indian startup compete with Fitbit and the likes. But before they do a total revamp of their app, and improve the hardware to extend the battery life in future versions, you might want to try something else. Also, don’t be surprised if you find all your personal information on some torrent dump considering the poor security of the apps.

Goqii Review: All you need to know about the Indian fitness tracker