Competitor Portal

Competitor

VPN

Proxy

Remote access

Fake GPS app

GPS spoofer

Emulator

Device farm

Jailbreak / Root

Resigned / tampered app

Sideload (PlayCover)

Browser extension

MITM / replay

Tor

Misses

10/13 miss

6/13 miss

7/13 miss

3/13 miss

6/13 miss

Recent findings

The 20 most recent test results and intel updates. Filter below — or open the full feed for paginated history.

All 35 findings

Competitor

Operator

Threat

RadarDisplacementComplianceDraftKings2d agoDraftKings DFS NJ migrated from GeoComply to Radar (web only)Confirmed provider transition: DraftKings has moved its New Jersey DFS web product from GeoComply to Radar. Sportsbook and mobile apps stay on GeoComply. Dual-vendor compliance testing underway.
RadarResigned / tampered appDevice farmSideload (PlayCover)FanDuel2d agoRadar / FanDuel WV: three exploitation methods bypass restrictions from TennesseeConfirmed compliance vulnerabilities at FanDuel WV: users can bypass geographical restrictions from Tennessee via iOS app resigning, virtualised environment emulation via VMOS, and sideloading via PlayCover on ARM-based macOS. Each technique successfully facilitated out-of-state betting.
OpenBetRemote accessComplianceFanatics Sportsbook1w agoOpenBet / Fanatics TN: HopToDesk + iPhone screen mirroring bypassed detectionFanatics TN flagship deployment: HopToDesk + iPhone screen mirroring both bypassed OpenBet Locator's RDP protocols. Out-of-Tennessee wagering succeeded on both iOS and Android.
RadarNear borderUX / messagingBetSaracen1w agoRadar / Saracen AR: 100m from border — Mac 44% pass rate, Windows persistent lockoutSaracen AR proximity testing: success rates remained high beyond 350m from the state line, but at 100m Mac devices only cleared 44% of verifications. Windows users experienced a persistent lockout after a single failure, complicated by an atypical 'fraud_jumped_single_device' flag during betting attempts.
SocialDraftKingsFanDuel1w agoMonthly social brief: location verification failures = 38% of all complaintsMay 5 monthly brief: location verification failures dominate end-user complaints (38% of all findings), with DraftKings (11) and FanDuel (9) generating the highest complaint volumes across March 30 – April 27.
RadarBrowser extensionComplianceUnderdog Fantasy2w agoRadar / Underdog DFS: Chrome extension (Location Guard) undetectedUnderdog DFS browser-based Radar deployment: location-spoofing via the free Location Guard Chrome extension was not detected. Free, no technical skill required.
RadarJailbreak / RootSleeperPrizePicks1mo agoRadar: jailbroken root-hidden iOS not detected at Sleeper, PrizePicks, FliffThree operators, one structural gap: jailbroken root-hidden iOS devices bypass geolocation controls on Sleeper Sports, PrizePicks, and Fliff. Users can wager from prohibited locations without detection.
XpointSocialJailbreak / Rootbet3651mo agoReddit: two users publicly offer to spoof Bet365 XPoint Verify via MagiskFlorida user asked on Reddit how to spoof XPoint Verify. Two other users confirmed it is possible and offered help via Magisk. Worth investigating Magisk + XPoint Verify vulnerability.
XpointDisplacementMulti-jurisdictionSplash Sports1mo agoSplash Sports planning to offload XPoint in June 2026 — multi-state DFS gapSplash Sports is aiming to offload XPoint in June 2026. They have DFS game modes available in different states which XPoint requires them to handle themselves — XPoint has no Multipass equivalent and no Dynamic Boundaries equivalent.
OpenBetDisplacementCompliance1mo agoTQJ 'Todos Querem Jogar' switched OpenBet off — now running IP-onlyBrazil operator Todos Querem Jogar (Bet do Milhão) switched OpenBet off — described as 'worked poorly and caused UX issues'. Now using IP only as primary geolocation, with no proper geo-enforcement.
XpointRemote accessBoundary crossingNear borderRushStreet Interactive (BetRivers)1mo agoXPoint / RSI DE: FaceTime RDP undetected — MI user wagered on DE iOS deviceMichigan-based user placed remote wagers on a Delaware-localised iOS device via FaceTime RDP — both casino and sportsbook. Same gap previously confirmed in AZ. Cross-region structural failure, not an operator-specific bug.
RadarResigned / tampered appComplianceFanDuel1mo agoRadar / FanDuel WV: tampered iOS app placed bets from TennesseeResigned iOS FanDuel app — modified to bypass security controls — successfully placed bets from TN on the WV platform. Radar failed to detect the modification.
XpointComplianceMITM / replayGPS spoofer1mo agoXpoint: unsigned iOS SDK + findable SDK = client-side coordinate injectionSource analysis of the raw iOS + Mac Xpoint SDKs obtained in March: the iOS SDK is unsigned and findable. An attacker can patch the app to inject coordinates before every compliance check.
RadarGPS spooferFanDuel2mo agoRadar / FanDuel WV bypassed by GPS simulator device from VietnamFD WV testing: location verification was bypassed using a GPS simulator device, with the tester apparently located in Vietnam. Radar accepted the spoofed coordinates.
RadarSideload (PlayCover)bet365Fanatics Sportsbook2d agoCross-operator: iOS PlayCover sideloading blocked at Bet365 MI, Fanatics TN, Bet Saracen AR ✓Desktop-based emulation of iOS applications via PlayCover is successfully restricted across all three tested operators. Bet365 and Fanatics neutralized the vector during authentication; Bet Saracen identified the unauthorized environment at the betting stage.
RadarDevice farmBetSaracen2d agoRadar / Bet Saracen AR: VMOS not detected — but PlayCover + resigned iOS blocked ✓Radar was unable to identify virtualized device simulation through VMOS, which permitted a successful out-of-state bet from Tennessee. However, Radar correctly detected and restricted sideloading via PlayCover and the use of resigned iOS apps during the betting process.
ComplianceMITM / replayRobinhood (Prediction Markets)2d agoRobinHood (TN, prediction markets): no device-level geolocation — IP-only, trivially bypassedReplay-attack testing on RobinHood TN: no device-level geolocation in place. RobinHood relies solely on IP to verify player location. Basic spoofing tools went undetected — bypass requires zero technical skill.
RadarRemote accessBetSaracen1w agoRadar / Saracen AR: AnyDesk + TeamViewer correctly restrictedSaracen AR Radar deployment: active sessions via AnyDesk and TeamViewer were effectively restricted. A rare positive Radar result — worth recording for parity.
RadarRemote accessUX / messagingBetSaracen1w agoRadar / Saracen AR: pre-loaded Windows 'Remote Screen Sharing' silently blocks accountsThe pre-loaded Windows Remote Desktop Connection app ('Remote Screen Sharing') triggers account restrictions without notifying the user. Significant risk for support teams — high ticket volumes and player dissatisfaction with no clear resolution path.
RadarSDK releaseCompliance2w agoRadar v3.31.0 (Apr 24, 2026): SDK generates geofence events offline, without serverNotable Radar SDK release: when the backend is unreachable, the SDK generates geofence entry/exit events directly on the device from cached data, tagged as offline. Backend-toggled. Watch point: does this satisfy regulatory requirements?

See all 35 findings on the Updates feed

Competitor Portal

Detection matrix

Strongest findings

Radar / FanDuel WV: three exploitation methods bypass restrictions from Tennessee

DraftKings DFS NJ migrated from GeoComply to Radar (web only)

Monthly social brief: location verification failures = 38% of all complaints

Radar / Saracen AR: 100m from border — Mac 44% pass rate, Windows persistent lockout

OpenBet / Fanatics TN: HopToDesk + iPhone screen mirroring bypassed detection

Radar / Underdog DFS: Chrome extension (Location Guard) undetected

XPoint / RSI DE: FaceTime RDP undetected — MI user wagered on DE iOS device

TQJ 'Todos Querem Jogar' switched OpenBet off — now running IP-only

Social & monitoring signals

Recent findings

Pinned

Reference docs