Detection matrix
Every competitor against every spoofing technique we test for. Click any cell to see the underlying findings.
Live · GeoComply Internal
What we know about every competitor — kept fresh, searchable, shareable.
Every competitor against every spoofing technique we test for. Click any cell to see the underlying findings.
41 misses and 6 partials ready to use in a sales conversation.
Follow-up to last week's CIV-88 advanced spoofing review on BetRivers Pennsylvania (XPoint): FaceTime screen sharing sustained a full hour of remote wagering from New Jersey onto an in-state iPhone in PA — sportsbook and casino bets placed continuously with no block. Tailscale Mac-to-Mac RDP via Finder screen sharing also failed detection — unattended full control of the in-state host, geolocation check passes against the host's PA position.
GeoComply's desktop solution (PLC) blocked the same Mac-to-Mac remote screen-sharing technique that went undetected on BetRivers PA / XPoint last week. Remote Mac screen sharing via Tailscale on FanDuel NJ triggered the Blocked Software rule immediately — no bets were possible. A direct, same-method, same-week comparison against the competitor gap.
Advanced spoofing review of BetRivers Pennsylvania (XPoint): two Macs on the same Tailscale account — Mac1 (out of state) gets full unattended control of Mac2 (in PA) via Finder screen sharing. Rooted Android with Magisk + a low-level module suppresses the mock-location flag before BetRivers reads it. FaceTime RDP requires local login + 2FA, then full remote control with no further local presence.
Full integration validation of Wind Creek Casino Online PA (Radar), results delivered June 19: iOS FaceTime and iPhone Mirroring undetected (TN operator controlling in-state iPhone after local login), Android DroidVNC + Tailscale undetected, Android Turbo VPN undetected. iOS VPN blocked at login and mid-session. TeamViewer, AnyDesk, HopToDesk, Android FLA, and ~90 m cross-border buffer compliant. Rooted Android mock location caught; root itself undetected.
Compliance analysis of BetRivers Pennsylvania (XPoint) surfaced three undetected attack paths: native iOS remote control via FaceTime and iPhone Mirroring (bets placed from an out-of-state operator on an in-state device), Tailscale combined with macOS native screen sharing, and rooted Android with concealed mock-location telemetry. TeamViewer, AnyDesk, HopToDesk, IP-change checks, Android fake-location apps, and a resigned iOS app were all compliant.
A remote operator took full control of a device inside the permitted state over a Tailscale-tunnelled screen-sharing session and placed bets on Underdog DFS. Radar did not detect or block the remote-control session, which stayed active for more than 20 minutes. Part of the expanded remote-control campaign that began with the Bet365 NJ (XPoint) finding.
GeoComply's geolocation product blocked a remote-screen-control attack on Bally Bet NJ — macOS Native Screen Sharing driven over a Tailscale tunnel, with one Mac handing full screen control to a second Mac in a different location. Detection fired both at login and mid-session with a Blocked_software error. A direct compliance advantage over the three competitor integrations that missed the same attack this week.
Using Tailscale to put two Macs on the same private network and macOS's built-in Screen Sharing to drive one from the other, the tester accessed Bet365 NJ from a different physical location and placed wagers. XPoint did not detect the remote session. Follow-up testing across Radar, OpenBet, and GeoComply-integrated clients has been requested.
Reddit, X, and Play Store / App Store review chatter about operators we track. Intel — not test proof; the matrix doesn't rely on these.
The 20 most recent test results and intel updates. Filter below — or open the full feed for paginated history.
Source-of-truth documents the team keeps in Drive. Portal data is seeded from these and refreshed via the import script.