Why Amazon Flex's "prove you're not a bot" check triggers — what the app's anomaly detection is actually looking at in 2026
If you've driven Amazon Flex for any length of time, you've probably seen the "prove you're not a bot" challenge fire at least once — usually an image CAPTCHA, an SMS code, or a quick face-match — and felt your stomach drop. The natural read is that Amazon caught you doing something suspicious and a deactivation is one missed challenge away. That reading is almost always wrong.
The in-app bot check is a soft anomaly-detection gate, not a discipline action. It fires based on session and request patterns, and it's calibrated mostly for cloud-bot signatures — the kind of thing where Amazon's server can tell a request came from a data centre IP rather than a real phone. What it isn't designed to do is catch every driver who refreshes the offer screen aggressively. Once you understand what actually trips it, the bot check stops being scary and just becomes another piece of in-app friction you can plan around.
What the bot check actually is
An in-app challenge that fires when your account's recent offer-screen request pattern crosses Amazon's anomaly threshold. Three forms most drivers see:
- Image CAPTCHA — pick the squares with traffic lights, etc.
- SMS code verification — Amazon sends a 6-digit code to your registered number
- Biometric face-match — typically only on the first install of a new device, or when the model is confident enough that something's off to require strong identity proof
Crucially: it's a soft gate. Passing the challenge returns you straight to normal app flow. Failing it locks the offer screen for a short window — usually minutes — but doesn't auto-deactivate you. It's a different team and a different signal source from the Standing investigation pipeline (covered in the deactivation post).
The misconception drivers carry
The most common Reddit and Discord question we see is variations of "I just got the bot check, am I about to be deactivated?" The short answer: no. The bot check and Standing investigations are different pipelines run by different teams looking at different data.
What this means practically:
- A driver with a perfect Standing record can trip the bot check tomorrow just from refresh frequency or a cell-tower handoff
- A driver who fails the bot check once doesn't accumulate a Standing demerit from it
- Repeated bot-check failures within a short window can escalate into a soft suspension, but a single failure does not
- The bot check fires on session/request patterns, not on identity correctness or block performance
What actually triggers it (multi-source observation)
Driver-reported patterns line up consistently across r/AmazonFlexUK, r/AmazonFlexDrivers and the older Discords. The triggers Amazon's anomaly model appears to weight most:
- Refresh cadence below ~500ms sustained. Models look first for perfectly regular intervals — a human refreshing the app does it at irregular timings; an unsophisticated bot does it at exactly 250ms. Random intervals matter more than slow intervals.
- Polling-while-screen-off. Amazon's server can see when you're requesting offer pages without the corresponding screen-on lifecycle events. That's a cloud-bot signature — the screen-off requests strongly suggest something outside the normal app process is making them.
- Geo-velocity anomaly. Your IP or cell location changes faster than driving physics allows. This is the classic cloud-bot or VPN-proxy signature.
- Identical request signatures across multiple accounts. Bulk-tool signature — same TLS fingerprint, same headers, same timing patterns across many accounts.
- App-version mismatch. Running an old or sideloaded Flex app variant that doesn't emit the latest telemetry fields the server expects.
- Time-of-day pattern outside human norms. Perfectly regular polling 24/7, or 4am-7am polling every single day with no rest pattern.
What does NOT trigger it
This is the part most drivers worry about unnecessarily:
- Single fast tap on an offer. One-off events sit well below the cadence threshold.
- Switching networks (Wi-Fi → 4G). Completely normal driver behaviour.
- Battery saver mode kicking in. Doesn't change the request signature on Amazon's side.
- App backgrounded and reopened. Normal lifecycle.
- Routine use of Android accessibility services. Accessibility services are an on-device feature for screen reading — they don't generate any network signal Amazon can see. The server only sees your normal offer-screen request stream regardless of whether the screen is being read by accessibility tooling locally.
On-device tools vs cloud bots — why the bot check sees them differently
This is the architectural distinction that matters most and the one that the public discussion of "Flex bots" usually conflates.
The bot check is calibrated specifically against cloud bots: services that run from a data centre, often spoof GPS, often refresh from non-mobile IP ranges, often poll at impossibly regular intervals, and often manage many accounts in parallel from the same infrastructure. All of those signals are visible to Amazon's server-side anomaly model — IP, TLS fingerprint, timing, request signature. They're exactly what the bot check exists to catch.
On-device accessibility tools — a phone app reading the Flex offer screen via Android's accessibility framework and tapping accept when conditions match — produce a fundamentally different network signature. The traffic still comes from your real phone, your real IP, your real cell tower, with realistic timing variability that comes from the phone OS itself. From Amazon's server's perspective, an on-device tap looks essentially identical to you tapping with your thumb.
This is why on-device tooling users see the bot check less often than cloud-bot users despite "doing the same thing" — they're not actually producing the same signal. We covered the deeper architecture of this in the bot-detection post; this post is about what happens to you if the check fires.
What to do if you trip the check
- Complete the challenge calmly. Don't close the app, don't restart your phone, don't try to bypass it. Just do the CAPTCHA, type the SMS code, hold your phone for the face-match. The challenge is designed to be passable by a real human in 30 seconds.
- Don't immediately resume aggressive refreshing afterwards. Wait a couple of minutes. If the model already flagged your session as anomalous, hammering the offer screen right after is what would escalate a single check into a back-to-back-failure pattern.
- One pass returns you to normal flow. No follow-up action needed.
- Back-to-back failures within an hour are what escalates to a temporary lockout. Don't let frustration push you into a second failure.
- If you weren't using any tooling and the check still fired, that's almost always a cell-tower handoff, a network change, or a browser-version flag — not a personal flag against you. One pass and you're done.
- If the check fires repeatedly (3+ times in a week with no tooling change and no obvious network change), contact support. There's usually a server-side flag on your account that requires manual unset — support can do it, but only if you ask.
Standing implications — does it stay on your record?
The short answer: a passed bot check has no Standing impact. A failed-then-passed check has no Standing impact. The pattern of repeated failures or a finding of "abuse of system" by Amazon's anomaly team can show up in a Standing investigation as a flag — but a single bot-check event isn't that pattern.
What's worth understanding: Standing investigators don't have visibility into your bot-check pass/fail history directly. They see flags that Amazon's anomaly team chooses to raise to them. Those flags only get raised when the anomaly team has high confidence — typically a sustained pattern over weeks, not one event.
If you're worried about the bot check affecting your Standing, the thing that actually moves Standing is the patterns documented in the deactivation post: completion rate, cancellation rate, location-spoofing accusations, repeated customer complaints. Bot-check events as a category are not on that list.
Practical recommendations
- Don't optimise for "never seeing the check". Chase the £/hr instead. Seeing the check occasionally is a normal driver experience and not a sign you're doing something wrong.
- If you run on-device tooling, randomise the refresh interval. Humans don't poll at exactly 500ms. Even a small amount of variance (200ms range around your target) makes the timing pattern look much more human.
- Don't run cloud bots or proxy-based location spoofers. These are exactly what the bot check exists to catch, and they're what triggers the deactivation pipeline — not the bot check itself, but the cloud-bot enforcement waves that occasionally sweep through (we covered this in the bot-detection post).
- Keep your Flex app updated to the latest version for your region. Old app versions miss telemetry fields the server expects, which itself can elevate your anomaly score.
The bottom line
If you got the bot check today, you're not about to be deactivated. You hit an anomaly threshold and the gate fired — pass it, wait a couple of minutes, carry on. If it keeps firing, your refresh pattern is probably too regular or you're running tooling that's tripping cloud-bot signatures, not on-device ones. The check exists to make Amazon's life harder for the actual cloud-bot operators; everyone else just has to glance at a CAPTCHA every few weeks.
Related reading
- Amazon Flex bot detection in 2026 — why on-device block grabbers differ from cloud commission bots
- What actually gets you deactivated from Amazon Flex in 2026 — and what doesn't
- The 3 Amazon Flex pay top-ups most UK drivers never claim
- Amazon Flex vs Relay UK in 2026 — the real driver-reported maths
- How to tell if an Amazon Flex block is actually worth accepting
Sources
Trigger patterns and driver-reported behaviour drawn from r/AmazonFlexUK and r/AmazonFlexDrivers threads where drivers have shared their experience of the in-app bot check. The most substantive of these: the 2026-06 r/AmazonFlexUK "bot test" thread (8 driver comments on the typical fire conditions), the 2026-06-13 r/AmazonFlexDrivers "New type of block claiming bot???" thread (community confusion about bots vs on-device tools), and the 2026-06-25 r/AmazonFlexDrivers "Thoughts. Bots, Scammers, Tappers" thread (where the drivers themselves started drawing the architectural distinction between cloud bots and on-device tappers). Anomaly-detection mechanics inferred from the empirical pattern of which behaviours do and don't trip the challenge — Amazon doesn't publish its model, but the trigger pattern is consistent enough across thousands of driver reports to be readable.
Disclaimer
This post describes UK and US driver community observations of how the Amazon Flex in-app anomaly check behaves in 2026. It is not Amazon's documentation. Amazon's specific anomaly thresholds, challenge types, and escalation rules can change without notice. Grabber is not affiliated with, endorsed by, or built by Amazon. Amazon Flex is a trademark of Amazon.com, Inc.
Comments
Post a Comment