Methodology

A standing document. Updated when the test bench changes. Last revised April 2026.

Test hardware

• Android phone. Pixel 7a, GrapheneOS 2025-06 release, no Play Services unless an app explicitly requires them (in which case the app gets called out).
• iPhone. iPhone 13, iOS 18.x, fresh test profile, no app-tracking permissions granted unless required.
• Server. Proxmox 8 host, Debian 12 LXC, 2 vCPU, 4 GiB RAM. Reverse proxy via Caddy 2.x.
• Pi reference. Raspberry Pi 5 (8 GiB), 64-bit Bookworm, k3s.

Sample food set

For barcode and database testing, we use the same 30-item shopping list, refreshed quarterly. It is intentionally heterogeneous:

• 10 US-branded packaged foods (Oreo, Cheerios, Lay's, etc.) — tests USDA Branded coverage
• 10 European-branded packaged foods (Lidl, Carrefour, Tesco own-brand) — tests Open Food Facts coverage
• 5 raw whole foods (banana, kale, salmon fillet, brown rice, chicken thigh) — tests Foundation Foods + SR Legacy
• 5 restaurant items (Chipotle bowl, Sweetgreen Crispy Rice Bowl, Subway 6", Starbucks oat-milk latte, Panera mac) — tests where everyone fails

The list lives in a private repo and rotates so apps cannot game it. Each item is logged on every app under test using whatever the app's "easiest" path is (barcode, search, AI estimate).

Scoring

• Found. Did the app return a result that named the correct product?
• Calorie delta. Logged calories minus label calories, signed.
• Macro delta. Same for protein/carbs/fat.
• Time-to-log. Stopwatch from app foreground to "logged" state.
• Friction. Subjective 1-5 — paywalls, modals, sign-up prompts, ad walls.

Privacy testing

For commercial apps, we run them once on the GrapheneOS phone with a NextDNS profile capturing all DNS, and a mitmproxy session capturing TLS-decryptable HTTPS where the app's certificate pinning permits. Captures are logged for 24 hours of app use and then archived. We publish destination domains and observed payload categories — never the full capture.

FOSS evaluation

For an open-source app to be reviewed, we compile from source on a clean container, run on the test phone, and read at least the data-layer and network-layer source. Apps with no commits in the last 12 months are flagged "stale." Apps with no commits in 24 months are flagged "abandoned."

What we do not do

• We do not accept review units, pre-release access, or NDAs.
• We do not run sponsored comparisons. Ever.
• We do not deduplicate identical paragraphs across pieces. If you spot a paragraph that looks copy-pasted, it is a bug — please email.

Conflicts of interest

The editor has personally paid (and then cancelled) MyFitnessPal Premium, Cronometer Gold, and MacroFactor. He has run the OpenNutriTracker codebase on a personal phone for over a year. He has briefly trialed PlateLens for the purpose of writing the "Would I pay" piece. He has not received any compensation, free subscriptions, or merchandise from any of the above.