Skip to main content

OpenBet

Active competitor

Locator SDK live at Fanatics. HopToDesk + iPhone-mirror RDP gaps, no IP-change monitoring, no border buffer. TQJ just dropped them.

openbet.commaxim.mosinVerified yesterday
Compare
USUKEUCanadaLATAMSportsbookiGaming platforms#platform-bundle#fanatics-flagship#aws-locator#neccton-rg-aml#tqj-churn#hoptodesk-gap

Detection scorecard

How OpenBet handles every spoofing technique we test for. Click any cell for findings.

Full matrix →
  • Detected
  • Partial
  • Missed
  • Not tested
CompetitorVPNProxyRemote accessFake GPS appGPS spooferEmulatorDevice farmJailbreak / RootResigned / tampered appSideload (PlayCover)Browser extensionMITM / replayTor
OpenBet

Strongest findings

Failed and partial test outcomes ranked for sales impact — what to lean on in a call.

All findings

Test results and intel tagged to OpenBet.

Operator
Threat

Battle card

Talking points for a live sales call.

OpenBet Locator launched May 2024 on AWS Location Service (BatchEvaluateGeofences, SigV4) and is sold as part of the broader OpenBet sportsbook platform plus Neccton (RG/AML, acquired 2023). The flagship US client is Fanatics Sportsbook (22 states + DC, full Protect Suite deployed Dec 2025), running alongside XPoint via a Fanatics-built orchestration layer. Two Brazil clients (BandBet, Todos Querem Jogar) launching 2025 — though **TQJ has since switched OpenBet off**, citing poor UX, and is now running on IP-only with no proper geo-enforcement. AWS Marketplace distribution and the 75% savings vs legacy AWS case study remain the commercial wedge.

Watch out for

  • Fanatics is a Tier-1 US reference (22 states + DC) — high-profile credibility.
  • Bundle pricing: geo as a marginal-cost add-on to a full platform deal — GeoComply cannot match this as a standalone vendor.
  • Neccton RG/AML is a genuine product advantage for single-vendor compliance suites in new markets.
  • AWS Marketplace listing simplifies procurement for cloud-native operators.
  • VMOS device farm at Fanatics TN successfully mitigated via proxy-based detection (May 11).
  • iOS PlayCover sideloading neutralised at Fanatics TN during authentication (May 11).
  • Resigned iOS app blocked at Fanatics TN (May 11) — application sandbox integrity held.
  • Active Brazil entry (BandBet).

How we win

  • HopToDesk + iPhone screen mirroring NOT detected at Fanatics TN (May 5) — out-of-Tennessee wagering on both iOS and Android via these RDP-class tools.
  • No state border buffer zones at Fanatics TN — frequent state-switching within 50m of the boundary, persistent page refreshes, inability to finalise cash-out (May 5).
  • No IP-change monitoring during active sessions — overlooks a critical spoofing indicator (May 5).
  • Aggressive VPN restriction triggers false positives for legitimate corporate-network users — operational support overhead (May 5).
  • 'Best State' logic returns the most favorable state outcome even when accuracy is low — does not handle 'Precise Location Off'.
  • Border jumping observed in Fanatics app: standing still near a state border, the app intermittently switches between states (zero buffer zones, no multi-point aggregation).
  • Three-step token chain (accessKey → SigV4 → tracker token) — observed 'Expired tracker token' / 'Access key expired' failure strings.
  • Mobile-only SDK; no confirmed Flutter / React Native / Unity / desktop bindings.
  • Backend on AWS — third party in the decision path; data flows through Amazon.
  • TQJ (Todos Querem Jogar) — Brazil client — switched OpenBet off as it worked poorly and caused UX issues. Now using IP only as primary geolocation (Apr 7 / Apr 14).
  • OpenBet SDK has no analysis for rooting, memory modifications, or proxies (Mar 31) — potential breach for rooted devices.
  • Fanatics social signal: USGambling.com 2025 ('really hard time with geolocation'), Reddit 'Why they didn't go with GeoComply like everyone else is beyond me' (Mar 24), KYC selfie/ID failures, account suspensions after winning streaks (Apr 28).
  • New users report location error on first launch (Apr 14).

Capability claims

What they say they do, grouped by category. Cross-check against the detection scorecard above — claims and tests don't always match.

Geolocation

How accurately and reliably the product determines a user's real location.

  • GPS / OS locationUses native device GPS or OS-level location services.
    Yesverified

    GPS + speed + accuracy + drift + Wi-Fi APs + cell/network + movement + device integrity.

  • Wi-Fi triangulation
    Yesverifiedstale
  • IP geolocation
    Yesverifiedstale
  • IP-change detectionContinuously monitors IP and re-runs geolocation on Wi-Fi ↔ cellular or VPN swap (GeoComply MyIP equivalent).
    Noverified

    Fanatics TN: fails to flag IP address changes during active user sessions. Critical spoofing indicator missing.

  • Boundary / state-lineHandles users moving across regulated boundaries during an active session.
    Partialverified

    'Best state' logic returns most favorable outcome. Players within 50m of boundary experience frequent state-switching, persistent page refreshes, inability to finalise cash-out.

  • Near-border accuracyMulti-point aggregation + buffer-zone handling near regulated borders; measured as pass rate at 250m.
    Noverified

    Border jumping in Fanatics app — zero buffer zones, no multi-point aggregation, no state-line buffer.

  • Pre-login pre-check
    Partialverifiedstale

    canWagerSportsbook explicit flag returned.

  • Multi-jurisdictionSingle integration handling operators in multiple regulated states (GeoComply Multipass / Dynamic Boundaries equivalent).
    Partialverifiedstale

    'Best state' resolution model; per-region orchestration done by Fanatics-built layer, not by Locator itself.

  • Desktop plugin (PLC-class)Native desktop client / plugin required by PA, NJ, MS and most US iGaming regulators.
    Noverifiedstale

    No confirmed desktop plugin equivalent — Locator is mobile SDK only.

  • On-property BLE geofenceBluetooth Low Energy precision geofencing for tribal / on-property venues (PinPoint-class).
    Noverifiedstale

Anti-spoofing detection

Detection coverage for the spoof vectors tested by the Competitive Intelligence team. Cell values reflect SDK-level detection of the listed vector at the most recently tested operator.

  • VPN exit nodesDetects commercial VPN exit nodes (NordVPN, ExpressVPN, Surfshark, etc.).
    Partialverified

    VPN_DETECTED constant + DisconnectFromVPN remedial action. Aggressive enforcement at Fanatics TN triggers false positives on corporate networks.

  • Proxy / residentialDetects datacenter and residential proxies — the harder class of IP obfuscation.
    Partialverifiedstale

    PROXY_DETECTED constant; residential-proxy depth unconfirmed. SDK has no documented proxy analysis.

  • Tor exits
    · Unknownrumorstale
  • Remote desktop (RDP)Detects AnyDesk, TeamViewer, FaceTime, Assistant, HopToDesk, iPhone screen mirroring, RustDesk and similar remote-control sessions.
    Noverified

    Fanatics TN: HopToDesk + iPhone screen mirroring NOT detected → out-of-state wagering on iOS + Android. Earlier remedial action classes claim screen-share detection but coverage is incomplete.

  • Fake-location appsDetects iAnyGo / Fake GPS / mock-location apps on iOS and Android.
    Yesverifiedstale

    Mock-location detection + location-jump detection.

  • Hardware GPS spooferDetects HackRF / BladeRF and GPS-simulator-device signal injection.
    Partialinferredstale
  • Emulator / VMDetects Xcode iOS Simulator, BlueStacks, Genymotion and similar virtual environments.
    Yesverifiedstale

    Emulator detection in remedial action classes.

  • Device farm / VMOSDetects VMOS / virtualized Android device-farm environments used for multi-accounting.
    Yesverified

    Fanatics TN: VMOS device farm successfully mitigated via proxy-based detection.

  • Jailbreak / rootDetects jailbroken iOS, rooted Android (incl. Magisk hidden root), and Frida / runtime-hook tampering.
    Partialverified

    Root via Play Integrity + custom; iOS jailbreak detection claimed. SDK lacks documented rooting / memory-mod analysis — potential breach for rooted devices per source review.

  • Resigned / tampered appDetects iOS apps that have been re-signed / Android apps that have been repackaged with injected code.
    Yesverified

    Fanatics TN: resigned iOS app blocked; application sandbox integrity intact.

  • Sideload (PlayCover)Detects ARM-macOS iOS sideloading via PlayCover and equivalent hardware-abstraction loaders.
    Yesverified

    Fanatics TN: PlayCover sideloading neutralised during authentication.

  • Browser extension spoofDetects Chrome / browser extensions that spoof location (Location Guard, Hola, etc.).
    Noverifiedstale

    No browser SDK; non-applicable on web.

  • Session terminationTerminates session when location services are disabled mid-game or device leaves the jurisdiction.
    Partialinferredstale
  • MITM / replay attackResists network-level interception, request tampering, and replay attacks against the SDK ↔ backend channel.
    · Unknownrumorstale

Identity & KYC

Document verification, biometric liveness, sanctions screening.

  • Document scan / OCR
    Partialinferredstale

    Via platform partners, not Locator.

  • Biometric liveness
    Partialinferredstale
  • Sanctions / PEP
    Yesinferredstale
  • AML / responsible gaming
    Yesverifiedstale

    Neccton (acquired 2023) provides AI-enhanced RG + AML — genuine differentiator.

  • Reusable identity
    · Unknowninferredstale

Platform coverage

Which surfaces the SDK / product runs on.

  • iOS native
    Yesverifiedstale

    Claimed; Android confirmed (min SDK 26).

  • Android native
    Yesverifiedstale
  • Web / browser
    Noverifiedstale

    No confirmed web/browser SDK.

  • React Native
    Noverifiedstale
  • Flutter
    Noverifiedstale
  • Unity
    Noverifiedstale
  • .NET / desktop
    Noverifiedstale
  • Server-side API
    Yesverifiedstale

    AWS Location Service backend (BatchEvaluateGeofences, SigV4).

Compliance & certification

Regulatory coverage and certifications.

  • US state-licensed (iGaming/sportsbook)
    Yesverified

    22 states + DC via Fanatics deployment (~95% of US addressable market).

  • US tribal / on-property
    · Unknownrumorstale
  • Canadian provincial
    · Unknownrumorstale
  • European (MGA/UKGC)
    Yesverifiedstale

    Strong UKGC / MGA posture inherited from platform business.

  • LatAm (Brazil SPA)
    Partialverifiedstale

    BandBet launching 2025. TQJ switched OpenBet off after launch and is now IP-only.

  • SOC 2 Type II
    Yesinferredstale
  • ISO 27001
    Yesinferredstale
  • GLI-certified
    · Unknowninferredstale

Fraud & device intelligence

Device fingerprinting, IP intelligence, behavioral signals, account-takeover detection.

  • Device fingerprint
    Yesverifiedstale
  • IP intelligence DBMaintained DB of VPN / TOR / proxy / hijacked-residential IPs with documented refresh cadence (GeoGuard equivalent).
    Partialinferredstale

    Built on AWS; no equivalent IP database confirmed.

  • Behavioral signals
    Yesverifiedstale

    Neccton-enabled behavioural monitoring for RG/AML.

  • Velocity / impossible travel
    Yesverifiedstale
  • Bot detection
    Partialinferredstale
  • Account takeover
    Partialinferredstale
  • Chargeback mgmt
    Noverifiedstale

Ops & integration

How easy the product is to integrate, observe, and operate.

  • Self-serve onboarding
    · Unknowninferredstale
  • Case management UI
    Yesverifiedstale

    Geo BackOffice — heatmaps + player behaviour analytics.

  • Webhook delivery
    Yesinferredstale
  • Real-time API
    Yesverifiedstale
  • Analytics dashboard
    Yesverifiedstale
  • Audit log export
    Yesinferredstale
  • Encrypted responseDetection flag names hidden from the end user (GeoComply uses encrypted XML; most challengers expose JSON flag names).
    Noverifiedstale

    OBLocationCheckResult exposes structured fields + 10 named remedial action classes.

  • SDK hardeningSDK is signed, obfuscated, and license-bound — not findable / patchable to inject coordinates client-side.
    Partialverified

    Lacks rooting / memory-modification / proxy analysis per source review — potential breach surface.

Commercial

Pricing model and go-to-market shape.

  • Usage-based pricing
    Yesinferredstale
  • Flat license / enterprise
    Yesinferredstale
  • Free tier / trial
    · Unknowninferredstale
  • Publicly listed pricing
    Noverifiedstale
  • Bundled with platformGeo is bundled inside a broader platform deal (OpenBet, GeoLocs/Mkodo, Playtech).
    Yesverifiedstale

    Sold bundled with the OpenBet sportsbook platform; AWS case study claims up to 75% savings vs legacy.

Resources

Briefings, source docs, and external links.

Case study (1)

Drive doc (1)

Website (1)

News (1)

Drive folder (1)

Fanatics TN: four compliance gaps in one test (May 5)

HopToDesk + iPhone screen mirroring RDP undetected. No state-line buffer (50m state-switching). No IP-change monitoring. Aggressive VPN false-positives on corporate networks. All on the flagship US deployment. This is the single strongest sales asset against a bundled-OpenBet platform pitch.

Confirmed gaming clients (May 2026)

OperatorSegmentMarketNotes
Fanatics SportsbookSportsbookUS — 22 states + DCFlagship Locator client. Full Protect Suite (Locator + Neccton) deployed Dec 2025. Runs alongside XPoint via Fanatics's orchestration layer.
BandBetSportsbook / bettingBrazilLaunching 2025 — full OpenBet platform + Locator.
Todos Querem Jogar (Bet do Milhão)Sportsbook / bettingBrazilSwitched OpenBet OFF — described as "worked poorly and caused UX issues". Now using IP-only as primary geolocation (Apr 7 / Apr 14).
Non-geo OpenBet platform clientsVariousUS, UK, AU, CA, EU200+ brands use the OpenBet sportsbook platform; Locator adoption unclear beyond confirmed clients.

Strategic risks

  1. TQJ churned and replaced OpenBet with NOTHING. The fact that a paid customer chose IP-only over OpenBet Locator is the strongest possible product-quality signal — and they're operating with no proper geo-enforcement in a regulated market.
  2. Bundle pricing is the threat we can't match. OpenBet can offer Locator at marginal or zero cost as part of a full platform deal.
  3. The HopToDesk gap is structural. Locator's remedial action classes claim RDP / screen-share detection, but specific tools (HopToDesk, iPhone screen mirroring) sail through.
  4. Neccton is the real moat. Operators going into new markets (Brazil especially) value single-vendor RG/AML; we don't have an equivalent in-house.
  5. Fanatics is a Tier-1 reference window we can pry open. USGambling.com chatter ("really hard time with geolocation") + Reddit ("Why they didn't go with GeoComply") + KYC failures + post-winning-streak suspensions all stack up. Bring this to the next Fanatics conversation.

Open testing scope (carry-forward from weekly syncs)

  • Fanatics / OpenBet Locator — full integration validation (March → May)
  • Fanatics advanced spoofing — VMOS fresh Pixel image, rooted Android hidden root, jailbroken iOS, cross-border into exclusion zone (May)
  • Bet365 MI full validation (May)