Incognia
Active competitorClosest direct competitor in location-for-fraud. iLottery product directly targets GeoComply's home vertical. SDK-only (no web). Limited iLottery robustness evidence.
Detection scorecard
How Incognia handles every spoofing technique we test for. Click any cell for findings.
| Competitor | VPN | Proxy | Remote access | Fake GPS app | GPS spoofer | Emulator | Device farm | Jailbreak / Root | Resigned / tampered app | Sideload (PlayCover) | Browser extension | MITM / replay | Tor |
|---|
Strongest findings
Failed and partial test outcomes ranked for sales impact — what to lean on in a call.
No findings yet
Once tests land in updates/ with an outcome, they'll surface here.
All findings
Test results and intel tagged to Incognia.
Battle card
Talking points for a live sales call.
Incognia is GeoComply's **closest direct competitor in location-for-fraud**, operating specifically in iLottery and broader fintech/crypto. They combine device fingerprinting with location behavioural biometrics — building a persistent identity signal from a user's unique location-behaviour pattern — for compliance, account security, and fraud prevention. **Their iLottery product directly targets GeoComply's home vertical** with state-specific geofencing, player authentication, and location-tamper detection. **Two structural gaps:** (1) **No web browser coverage** — iOS + Android SDK only. iLottery products have both mobile + web; an Incognia-only deployment leaves web unprotected. (2) **No publicly documented gaming-commission certification** or regulatory audit trail — a decisive differentiator in state-licensed iLottery RFPs. Well-funded: $31M Series B (Jan 2024, led by Bessemer). Scaling in NA + EMEA. Competitive pressure in iGaming / iLottery will increase over the next 12-24 months.
Watch out for
- Direct location-for-fraud overlap with GeoComply — the most technically comparable competitor in this set.
- Multi-signal location: GPS + Wi-Fi + Bluetooth + Cell (SDK-side).
- Location behavioural biometrics: historical location pattern vs current location — richer signal than simple jurisdictional check.
- Incognia ID (April 2025): persistent cross-device identity resilient against factory resets + device changes.
- Customer base spans iLottery, food delivery (Grubhub, Delivery Hero), ride-hailing, fintech, crypto.
- Active GPS spoofing detection + VM/emulator detection.
- Cross-device clustering for device-farm detection.
How we win
- iOS + Android SDK only — **no web browser coverage** (critical gap). iLottery products often have both mobile + web; web is unprotected.
- Limited public information on iLottery robustness — no published gaming-commission certifications or regulatory audit documentation.
- Compliance output is probabilistic risk score (0-1) + reason codes — not deterministic verified coordinate. Compliance assertion requires custom implementation.
- Compliance audit log limited — not publicly documented as court-defensible.
- Behavioural-location profile requires history — cold-start users have lower-confidence signals until enough data accumulates.
Capability claims
What they say they do, grouped by category. Cross-check against the detection scorecard above — claims and tests don't always match.
Geolocation
How accurately and reliably the product determines a user's real location.
- GPS / OS locationUses native device GPS or OS-level location services.● Yesverifiedstale
GPS via iOS / Android SDK.
- Wi-Fi triangulation● Yesverifiedstale
- IP geolocation● Yesverifiedstale
- IP-change detectionContinuously monitors IP and re-runs geolocation on Wi-Fi ↔ cellular or VPN swap (GeoComply MyIP equivalent).● Yesverifiedstale
- Boundary / state-lineHandles users moving across regulated boundaries during an active session.◐ Partialverifiedstale
Geofence-based; SDK-only — no web.
- Near-border accuracyMulti-point aggregation + buffer-zone handling near regulated borders; measured as pass rate at 250m.◐ Partialinferredstale
Not benchmarked vs GeoComply's pass-rate metrics.
- Pre-login pre-check◐ Partialverifiedstale
Risk score (0-1) + reason codes; compliance assertion is custom-implemented.
- Multi-jurisdictionSingle integration handling operators in multiple regulated states (GeoComply Multipass / Dynamic Boundaries equivalent).◐ Partialverifiedstale
Geofence-based; no Multipass equivalent documented.
- Desktop plugin (PLC-class)Native desktop client / plugin required by PA, NJ, MS and most US iGaming regulators.○ Noverifiedstale
No web / desktop coverage — SDK-only.
- On-property BLE geofenceBluetooth Low Energy precision geofencing for tribal / on-property venues (PinPoint-class).● Yesverifiedstale
BLE signals collected via SDK.
Anti-spoofing detection
Detection coverage for the spoof vectors tested by the Competitive Intelligence team. Cell values reflect SDK-level detection of the listed vector at the most recently tested operator.
- VPN exit nodesDetects commercial VPN exit nodes (NordVPN, ExpressVPN, Surfshark, etc.).● Yesverifiedstale
- Proxy / residentialDetects datacenter and residential proxies — the harder class of IP obfuscation.● Yesverifiedstale
- Tor exits◐ Partialinferredstale
- Remote desktop (RDP)Detects AnyDesk, TeamViewer, FaceTime, Assistant, HopToDesk, iPhone screen mirroring, RustDesk and similar remote-control sessions.◐ Partialinferredstale
- Fake-location appsDetects iAnyGo / Fake GPS / mock-location apps on iOS and Android.● Yesverifiedstale
Active GPS spoofing / fake-location detection.
- Hardware GPS spooferDetects HackRF / BladeRF and GPS-simulator-device signal injection.◐ Partialinferredstale
- Emulator / VMDetects Xcode iOS Simulator, BlueStacks, Genymotion and similar virtual environments.● Yesverifiedstale
VM + emulator detection.
- Device farm / VMOSDetects VMOS / virtualized Android device-farm environments used for multi-accounting.● Yesverifiedstale
Cross-device clustering — strong against device-cycling fraud.
- Jailbreak / rootDetects jailbroken iOS, rooted Android (incl. Magisk hidden root), and Frida / runtime-hook tampering.● Yesverifiedstale
Tamper detection.
- Resigned / tampered appDetects iOS apps that have been re-signed / Android apps that have been repackaged with injected code.◐ Partialinferredstale
- Sideload (PlayCover)Detects ARM-macOS iOS sideloading via PlayCover and equivalent hardware-abstraction loaders.◐ Partialinferredstale
- Browser extension spoofDetects Chrome / browser extensions that spoof location (Location Guard, Hola, etc.).○ Noverifiedstale
No web coverage.
- Session terminationTerminates session when location services are disabled mid-game or device leaves the jurisdiction.● Yesverifiedstale
Persistent identity across factory resets + device changes.
- MITM / replay attackResists network-level interception, request tampering, and replay attacks against the SDK ↔ backend channel.· Unknownrumorstale
Identity & KYC
Document verification, biometric liveness, sanctions screening.
- Document scan / OCR○ Noverifiedstale
- Biometric liveness○ Noverifiedstale
- Sanctions / PEP○ Noverifiedstale
- AML / responsible gaming○ Noverifiedstale
- Reusable identity· Unknowninferredstale
Platform coverage
Which surfaces the SDK / product runs on.
- iOS native● Yesverifiedstale
- Android native● Yesverifiedstale
- Web / browser○ Noverifiedstale
Critical gap — SDK only.
- React Native· Unknowninferredstale
- Flutter· Unknowninferredstale
- Unity· Unknowninferredstale
- .NET / desktop· Unknowninferredstale
- Server-side API● Yesverifiedstale
REST API for risk score delivery.
Compliance & certification
Regulatory coverage and certifications.
- US state-licensed (iGaming/sportsbook)◐ Partialverifiedstale
Markets to iLottery but no publicly documented gaming-commission certification.
- US tribal / on-property· Unknowninferredstale
- Canadian provincial· Unknowninferredstale
- European (MGA/UKGC)● Yesverifiedstale
- LatAm (Brazil SPA)● Yesverifiedstale
- SOC 2 Type II· Unknowninferredstale
- ISO 27001· Unknowninferredstale
- GLI-certified· Unknowninferredstale
Fraud & device intelligence
Device fingerprinting, IP intelligence, behavioral signals, account-takeover detection.
- Device fingerprint● Yesverifiedstale
- IP intelligence DBMaintained DB of VPN / TOR / proxy / hijacked-residential IPs with documented refresh cadence (GeoGuard equivalent).◐ Partialverifiedstale
- Behavioral signals● Yesverifiedstale
Location behavioural biometrics — core differentiator.
- Velocity / impossible travel● Yesverifiedstale
- Bot detection· Unknowninferredstale
- Account takeover● Yesverifiedstale
- Chargeback mgmt· Unknowninferredstale
Ops & integration
How easy the product is to integrate, observe, and operate.
- Self-serve onboarding· Unknowninferredstale
- Case management UI· Unknowninferredstale
- Webhook delivery· Unknowninferredstale
- Real-time API● Yesverifiedstale
- Analytics dashboard● Yesverifiedstale
- Audit log export◐ Partialverifiedstale
Limited; not publicly documented as court-defensible.
- Encrypted responseDetection flag names hidden from the end user (GeoComply uses encrypted XML; most challengers expose JSON flag names).· Unknowninferredstale
- SDK hardeningSDK is signed, obfuscated, and license-bound — not findable / patchable to inject coordinates client-side.◐ Partialinferredstale
Commercial
Pricing model and go-to-market shape.
- Usage-based pricing● Yesinferredstale
- Flat license / enterprise· Unknowninferredstale
- Free tier / trial· Unknowninferredstale
- Publicly listed pricing○ Noverifiedstale
- Bundled with platformGeo is bundled inside a broader platform deal (OpenBet, GeoLocs/Mkodo, Playtech).· Unknowninferredstale
Resources
Briefings, source docs, and external links.
Website (1)
News (1)
- Incognia Series B ($31M, Jan 2024)incognia.com
Bessemer-led round; scaling in North America and EMEA.
Incognia is the most technically comparable competitor in this set — and they actively target iLottery, GeoComply's home vertical. Two structural gaps are decisive: no web coverage and no publicly documented gaming-commission certification. Lead with both in iLottery RFPs.
Talking points
- Web coverage is the most exploitable technical gap. iLottery products have both mobile + web. An Incognia-only deployment leaves the web surface unprotected — a fraudster simply accesses the lottery through a browser to bypass the Incognia mobile SDK.
- No publicly documented gaming-commission certification. In state-licensed iLottery RFPs, GeoComply's regulatory audit logs + multi-state gaming-commission relationships are a decisive differentiator Incognia cannot match.
- Probabilistic vs deterministic output. Incognia returns a risk score (0-1) requiring custom compliance implementation; GeoComply returns a deterministic verified coordinate with a court-defensible audit log.
- Scaling threat. $31M Series B (Jan 2024) — competitive pressure in iGaming / iLottery will increase over the next 12-24 months. Don't dismiss; build the response now.
Where they overlap with GeoComply
- iLottery — direct competition; closest case for displacement.
- Fintech / crypto / marketplace — secondary, but Incognia's behavioural-location signal is genuinely interesting in these verticals.