How I accidentally became PureGym's unofficial Apple Wallet developer
46 points by WilhelmVonWeiner
46 points by WilhelmVonWeiner
I love this sort of thing. Why not just use the PIN code though?
I think there are two entry requirements. One is to enter the PIN for physical entry into the building. The other is to scan your QR code at the front desk to "check in". Whether that makes sense or not is a separate issue.
PureGym is a chain of (usually) 24/7 gyms in the UK. They have three secure doors usually: a front door that's closed at night that requires a PIN, little 1-person-sized entry pods that use a PIN or scan a QR code, and locker rooms that require a PIN (maybe some have QR scanners but I've never seen those). They're "staffed" with skeleton crews and unstaffed at night - I've never seen a PureGym with a "front desk", maybe a little table for the employee/PT keeping an eye on what's going on.
I did this for my local gym, except it was as a Wear OS app for my galaxy watch! Unfortunately it ended up going nowhere, as my goal was to be able to log into my gym without taking my phone, but since my watch didn't have LTE, it could never hit the QR code endpoint when I was at the gym unless I had my phone with me 🤷 (and I had to open an app, since Google Wallet seems to be the rare case of an Android API being way more locked down than the iOS equivalent)
Did end up finding a vulnerability in their API that they were pretty cool about fixing though, so not all is lost.