did all 3 OAs back to back this month (HackerRank, CodeSignal, Codility), here is what each one actually flags
ok so brutal week in March. 3 different companies threw me on their assessment platforms inside 5 days. fintech wanted HackerRank tuesday, ad tech wanted CodeSignal thursday, data infra startup wanted Codility saturday morning. all remote, all timed, all on my own laptop, no break in between. backend engineer about 5 years in, applying mid level.
been lurking on a few subreddits trying to figure out what each platform actually flags during the assessment, and i kept seeing handwavy stuff like "they use ai to detect cheating" or "they record everything." which, ok, but i wanted to know which signals each platform actually captures since the prep advice changes based on what is being watched. since i did all 3 back to back i figured i would write up what i noticed. plan was the same on all three, clean window, no extra tabs, second monitor unplugged, phone face down. then i just paid attention to what each one was doing in the background.
what i was looking for, basically, was whether the assessment runs in the browser or asks you to install a desktop client, what kinds of focus and tab activity end up in the recruiter facing report, and whether anything outside the chrome process tree gets touched.
started tuesday morning with HackerRank. turned out to be the most permissive of the three by a wide margin. runs entirely in the browser, no install, no extension. proctoring features are stuff the company has to turn on per assessment, and the fintech had it on light mode, tab switch logging, copy paste logging, and a single full screen check at the start. i opened devtools during a break and basically all the platform was sending back was timing data and the keystroke timeline for the editor. no process scan. no video recording on this assessment. recruiter could see if i left the tab and for how long. that was it. what bit me afterwards is the editor logs every paste with the size and the source URL if it can grab it. even if you copy from a non browser app it logs the paste event. so if youre referencing notes during a HackerRank, type them. do not paste.
forty-eight hours later: CodeSignal. flipped the whole script. strictest on paper of any of these. you have to install a desktop client (it wraps chromium so it kind of looks like a browser, kind of doesnt), screenshot stream every couple seconds, mouse leaves window markers, focus change events, tab switch counter that flags for human review past a stupidly low threshold. webcam check at the start of the GCA where you have to spin around and show the room. felt like i was renewing my passport.
so here is the thing. the desktop process scan is way less invasive than i expected. went in expecting an FBI sweep. it looks at running browser windows and any obvious overlays that registered an OS window with the system, and basically nothing else. pulled up an old reddit thread from a CodeSignal recruiting tools eng during my debrief that basically said the same thing: "we look for the obvious stuff and take the rest on faith." that exact line. score wise the GCA was brutal though. that second hard problem ate 25 of my 70 minutes before i caught that i was on the wrong approach and the score got me cut, not the proctoring. behavioral stuff was clean per my report.
then saturday. Codility surprised me lol.
i had assumed it would be a HackerRank clone since it was browser based. nope, not even close. mine was a CodeCheck (the asynchronous one, not the live coding product) and even on the chill version it logged everything. every keystroke with timestamps, every paste with source attribution, full screen exit events, the works. when i pulled up my own report afterwards i could see the timestamps of when i had gotten up to refill my coffee. they had me cataloged like a museum specimen lol.
then there is the "similarity" check, which i had no idea was a thing until i found their docs page on it after the assessment. Codility runs your final solution against a database of known answers and other candidates from previous assessments. so if you find a stack overflow answer, paste a near identical version, submit it, the platform can flag your code as a duplicate against another candidate from a year ago. recruiter sees a similarity score on the final report. cool feature, also slightly terrifying. i typed my hash bucket implementation from scratch on this one specifically because i did not want any stack overflow pattern overlap to ping that tool.
what it does NOT do is scan your machine. no webcam by default on CodeCheck, no process inspection, no screen recording. so it is the inverse of CodeSignal, way less surveillance of your actual environment but way more analysis of what you ended up writing.
biggest takeaway from doing all 3 back to back was just realizing the browser based ones cannot see anything outside chrome. like literally cannot, the proctoring script is sandboxed in the browser process, it has zero API into the rest of the machine. felt obvious once i noticed but i had walked into all 3 of these expecting like an FBI sweep.
the desktop wrapped one at least tries. that same recruiting tools eng said elsewhere "we look at maybe four things on the process scan, we are not the FBI." second FBI joke from the same poster on a different sub. the alert volume would be useless if they tried to flag every dev who has a notes app open on a second monitor, so they scan for the obvious and trust the rest. honestly reassuring lol, i had been worried they were doing some weird kernel level thing.
the other thing that came out of doing all 3 close together: the one signal that gets flagged consistently across every platform is tab switches paired with a low score. tab switches alone usually do not move the needle. but tab switches plus a borderline submission triggers human review every time. multiple recruiter posts on r/cscareerquestions confirm this. that combo is what they actually act on.
pasting from anywhere also gets logged on all three with source attribution if available. if you are referencing notes during a take home OA, type them from a separate device. do not paste them from your clipboard, you will get flagged.
results so far. bombed CodeSignal lol. passed HackerRank with a strong score. passed Codility with the similarity check coming back clean. got the offer from the data infra startup last week.
curious if anyone else here has done these 3 platforms within a week or two of each other. most posts i find focus on one platform at a time and a lot of the differences are only obvious when you do them back to back.