Radar
Active competitorRetail-origin location platform pushing into iGaming via IC360 + DraftKings DFS NJ migration. Nine weeks of repeated spoofing failures across four operators. Also competing for ticketing — GC lost the Proof Serve POC to Radar.
Detection scorecard
How Radar handles every spoofing technique we test for. Click any cell for findings.
| Competitor | VPN | Proxy | Remote access | Fake GPS app | GPS spoofer | Emulator | Device farm | Jailbreak / Root | Resigned / tampered app | Sideload (PlayCover) | Browser extension | MITM / replay | Tor |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Strongest findings
Failed and partial test outcomes ranked for sales impact — what to lean on in a call.
- MISSED★ Pinned
Radar / Wind Creek Casino Online PA: iOS RDP, DroidVNC + Tailscale, and Android VPN undetected (results June 19)
Full integration validation of Wind Creek Casino Online PA (Radar), results delivered June 19: iOS FaceTime and iPhone Mirroring undetected (TN operator controlling in-state iPhone after local login), Android DroidVNC + Tailscale undetected, Android Turbo VPN undetected. iOS VPN blocked at login and mid-session. TeamViewer, AnyDesk, HopToDesk, Android FLA, and ~90 m cross-border buffer compliant. Rooted Android mock location caught; root itself undetected.
RadarWind Creek Bethlehem
Remote accessVPN - MISSED★ Pinned
Radar / Underdog DFS: remote screen control via Tailscale undetected for 20+ minutes
A remote operator took full control of a device inside the permitted state over a Tailscale-tunnelled screen-sharing session and placed bets on Underdog DFS. Radar did not detect or block the remote-control session, which stayed active for more than 20 minutes. Part of the expanded remote-control campaign that began with the Bet365 NJ (XPoint) finding.
RadarUnderdog Fantasy
Remote access - MISSED★ Pinned
Radar / FanDuel WV: iOS betting app runs undetected on Mac via PlayCover (real-money bet placed)
Using PlayCover to run the FanDuel iOS app directly on a Mac, the tester logged in and completed a real-money bet on FanDuel West Virginia. Radar did not detect that the app was running in a non-standard environment. Both the standard and an advanced variant of the technique produced the same result. Confirms FanDuel WV as the standing outlier on a vector that other Radar-protected operators block.
RadarFanDuel
Sideload (PlayCover) - MISSED★ Pinned
Bet365 MI (Radar / XPoint): full competitive validation — near-border lag, FaceTime + Windows RDP undetected, UX recovery broken
Full Bet365 MI integration validation surfaced five distinct issues in a single test cycle: unreliable behaviour at 200–1,000 m from the Canadian border, an incorrect 'NJ-residents-only' jurisdiction prompt when crossing Detroit↔Canada, iOS FaceTime RDP undetected (MA → MI), Windows RDP undetected (MA → MI), and persistent app glitches after VPN detection that force a full restart. Multiple compliance and UX gaps across mobile + web layers.
Radarbet365
Near borderBoundary crossing - MISSED★ Pinned
Radar / Bet Saracen AR: modified ("resigned") iOS app placed bets from Michigan
A modified version of the Bet Saracen iOS app — altered to remove Apple's integrity protections — was used to place bets remotely from Michigan with no issues. The same account on the unmodified app was correctly blocked. Direct fraud and compliance risk: bad actors can use modified apps to bet from any location.
RadarBetSaracen
Resigned / tampered app - MISSED★ Pinned
Radar / DraftKings DFS NJ: full integration validation — RDP inconsistent, cross-border lag, generic UX
Full integration validation of the post-migration DraftKings DFS NJ deployment on Radar. RDP detection is inconsistent (Zoom + AnyDesk undetected; TeamViewer blocked May 8 but undetected on May 13–14). Cross-border session lag of ~100–150m past the PA→NJ line vs GeoComply's 2–5m. Generic Account-Locked error messaging with no user guidance.
RadarDraftKings
Remote accessNear border
All findings
Test results and intel tagged to Radar.
- Radar / Wind Creek Casino Online PA: iOS RDP, DroidVNC + Tailscale, and Android VPN undetected (results June 19)Full integration validation of Wind Creek Casino Online PA (Radar), results delivered June 19: iOS FaceTime and iPhone Mirroring undetected (TN operator controlling in-state iPhone after local login), Android DroidVNC + Tailscale undetected, Android Turbo VPN undetected. iOS VPN blocked at login and mid-session. TeamViewer, AnyDesk, HopToDesk, Android FLA, and ~90 m cross-border buffer compliant. Rooted Android mock location caught; root itself undetected.
- Radar / Underdog DFS: remote screen control via Tailscale undetected for 20+ minutesA remote operator took full control of a device inside the permitted state over a Tailscale-tunnelled screen-sharing session and placed bets on Underdog DFS. Radar did not detect or block the remote-control session, which stayed active for more than 20 minutes. Part of the expanded remote-control campaign that began with the Bet365 NJ (XPoint) finding.
- Bet365 MI (Radar / XPoint): full competitive validation — near-border lag, FaceTime + Windows RDP undetected, UX recovery brokenFull Bet365 MI integration validation surfaced five distinct issues in a single test cycle: unreliable behaviour at 200–1,000 m from the Canadian border, an incorrect 'NJ-residents-only' jurisdiction prompt when crossing Detroit↔Canada, iOS FaceTime RDP undetected (MA → MI), Windows RDP undetected (MA → MI), and persistent app glitches after VPN detection that force a full restart. Multiple compliance and UX gaps across mobile + web layers.
- Radar / FanDuel WV: iOS betting app runs undetected on Mac via PlayCover (real-money bet placed)Using PlayCover to run the FanDuel iOS app directly on a Mac, the tester logged in and completed a real-money bet on FanDuel West Virginia. Radar did not detect that the app was running in a non-standard environment. Both the standard and an advanced variant of the technique produced the same result. Confirms FanDuel WV as the standing outlier on a vector that other Radar-protected operators block.
- Radar / Bet365 MI: GPS simulator accessory bypass, restriction not re-applied on re-entryA hardware GPS simulator accessory was used to spoof the tester's physical location into Michigan from Tennessee. After an initial login error, a second login attempt succeeded with no further location checks enforced. Real-money bets placed on the MI casino. The restriction that appeared on first login was not re-applied on re-entry — repeatable compliance gap.
- Radar / Bet365 NJ: Tailscale + RealVNC RDP undetected for 25+ minutes of continuous bettingA Mac remotely controlled an Android device on a separate network via Tailscale + RealVNC. The tester placed bets continuously for over 25 minutes on Bet365 NJ (Radar) with no interruptions, timeouts, or restrictions triggered. Radar's geolocation checks did not detect the remote session at any point.
- Radar / DraftKings DFS NJ: full integration validation — RDP inconsistent, cross-border lag, generic UXFull integration validation of the post-migration DraftKings DFS NJ deployment on Radar. RDP detection is inconsistent (Zoom + AnyDesk undetected; TeamViewer blocked May 8 but undetected on May 13–14). Cross-border session lag of ~100–150m past the PA→NJ line vs GeoComply's 2–5m. Generic Account-Locked error messaging with no user guidance.
- Radar / Bet Saracen AR: modified ("resigned") iOS app placed bets from MichiganA modified version of the Bet Saracen iOS app — altered to remove Apple's integrity protections — was used to place bets remotely from Michigan with no issues. The same account on the unmodified app was correctly blocked. Direct fraud and compliance risk: bad actors can use modified apps to bet from any location.
- DraftKings DFS NJ migrated from GeoComply to Radar (web only)Confirmed provider transition: DraftKings has moved its New Jersey DFS web product from GeoComply to Radar. Sportsbook and mobile apps stay on GeoComply. Dual-vendor compliance testing underway.
- Radar / FanDuel WV: three exploitation methods bypass restrictions from TennesseeConfirmed compliance vulnerabilities at FanDuel WV: users can bypass geographical restrictions from Tennessee via iOS app resigning, virtualised environment emulation via VMOS, and sideloading via PlayCover on ARM-based macOS. Each technique successfully facilitated out-of-state betting.
- Radar / Saracen AR: 100m from border — Mac 44% pass rate, Windows persistent lockoutSaracen AR proximity testing: success rates remained high beyond 350m from the state line, but at 100m Mac devices only cleared 44% of verifications. Windows users experienced a persistent lockout after a single failure, complicated by an atypical 'fraud_jumped_single_device' flag during betting attempts.
- Radar / Underdog DFS: Chrome extension (Location Guard) undetectedUnderdog DFS browser-based Radar deployment: location-spoofing via the free Location Guard Chrome extension was not detected. Free, no technical skill required.
- Radar: jailbroken root-hidden iOS not detected at Sleeper, PrizePicks, FliffThree operators, one structural gap: jailbroken root-hidden iOS devices bypass geolocation controls on Sleeper Sports, PrizePicks, and Fliff. Users can wager from prohibited locations without detection.
- Radar / FanDuel WV: tampered iOS app placed bets from TennesseeResigned iOS FanDuel app — modified to bypass security controls — successfully placed bets from TN on the WV platform. Radar failed to detect the modification.
- Radar / FanDuel WV bypassed by GPS simulator device from VietnamFD WV testing: location verification was bypassed using a GPS simulator device, with the tester apparently located in Vietnam. Radar accepted the spoofed coordinates.
- Radar Web 5.0.0 / 5.1.0: fraud detection moved to opt-in JS — emulators, screen sharing, IP check every 30 sRadar released Web version 5.0.0 and 5.1.0: fraud detection moved to a separate easy-to-use JS module so clients can opt in and out of fraud signals. Also adds emulator detection, screen sharing detection, and a hardcoded IP check every 30 seconds.
- Radar / Saracen AR: pre-installed Windows RDC no longer prevents app access (retest contradicts April 19); block fires without UX guidanceRetest since May 19, 2026 indicates that simply having the Remote Desktop Connection (RDC) client present on Windows 10 (later upgraded to Windows 11) is no longer sufficient to prevent access to the app — contradicting the April 19 finding. However, the system blocks access whenever the app is launched, even when no remote session is active, and surfaces no explanatory error or recovery guidance — significant UX friction with no path for the user to fix it.
- Cross-operator: iOS PlayCover sideloading blocked at Bet365 MI (Radar) and Fanatics TN (OpenBet) ✓Desktop-based emulation of iOS via PlayCover was blocked at the login stage on both Bet365 MI (Radar) and Fanatics TN (OpenBet). No geolocation bypass possible — both platforms neutralised this vector before any compliance check ran.
- Radar / Bet Saracen AR: Oxylabs residential proxy + Location Guard extension combo blocked ✓A residential proxy (Oxylabs) combined with the Location Guard browser extension — both pointing to an in-state Little Rock, AR address — was still detected as out-of-state by Radar at Bet Saracen AR. STATE_NOT_ALLOWED returned. Browser-level spoofing tools are insufficient to bypass the network-level check at this operator.
- Cross-operator: iOS PlayCover sideloading blocked at Bet365 MI, Fanatics TN, Bet Saracen AR ✓Desktop-based emulation of iOS applications via PlayCover is successfully restricted across all three tested operators. Bet365 and Fanatics neutralized the vector during authentication; Bet Saracen identified the unauthorized environment at the betting stage.
Battle card
Talking points for a live sales call.
Radar is a retail-origin location platform (founded 2016) that entered iGaming geo-compliance in 2024. The wedge is MAU-based pricing (claimed 50–75% savings vs GeoComply), open-source SDKs on GitHub, aggressive comparison-page marketing ('best Xpoint / OpenBet / GeoComply alternative?'), and a white-label distribution channel through IC360's Geo360. The SDK release cadence (every 3 weeks–couple of months) is shifting from "where is the user" to "can we continuously trust this location" — IP-triggered re-validation, multi-signal decisioning, indoor / floor-level accuracy, BLE beacons, and a modular fraud architecture (v3.31.0, April 2026, even adds offline, server-disconnected geofence-event generation). **As of May 2026, DraftKings has moved its New Jersey DFS web product from GeoComply to Radar** — the Sportsbook and mobile apps stay on GeoComply, and testing is underway on whether dual-vendor introduces compliance gaps.
Watch out for
- DraftKings DFS NJ (web) migrated to Radar (May 2026) — first major US live-traffic win.
- Bet365 mobile uses Radar (confirmed April 2026) — XPoint web + Radar mobile dual stack.
- MAU pricing — restructures the buyer's compliance-cost math at high volume.
- Open-source SDKs (GitHub) and aggressive search-page marketing ('best <competitor> alternative').
- Self-serve onboarding: signup → API key in <2 min, sandbox auto-provisioned.
- Broadest SDK coverage among challengers: iOS, Android, Web, React Native, Flutter, Capacitor, MAUI, Cordova.
- IC360 / Geo360 white-label gives indirect access to operators we don't see directly.
- Released v3.31.0 (Apr 24, 2026): offline geolocation event generation, mid-outage geofence tracking, modular fraud architecture.
- Oxylabs residential proxy + Location Guard extension combo blocked at Bet Saracen AR (May 19) — STATE_NOT_ALLOWED returned even with both layers pointing to in-state AR. Network-level check holds when stacked with state mismatch.
- Cross-vertical reach: Radar is competing in ticketing fraud. GeoComply LOST the Proof Serve POC to Radar — note for the new-verticals competitive set as well. LexisNexis partnership (2025) also brings them into banking + fintech via ThreatMetrix.
- AnyDesk + TeamViewer detection confirmed at Saracen AR (May 5) — but TeamViewer flipped to undetected on DraftKings DFS NJ retests (May 13–14).
- iOS PlayCover sideloading detected at Bet365 MI, Fanatics TN, Bet Saracen AR (May 11) — reconfirmed at Bet365 MI on May 19.
How we win
- GPS simulator: REPEATABLE bypass at Bet365 MI (May 19) — first login error, second login succeeded with no further checks. Restriction not re-applied on re-entry. Also bypassed FanDuel WV from Vietnam (Mar 24).
- Bet365 NJ: Tailscale + RealVNC RDP undetected for 25+ minutes of continuous real-money betting (May 19, CIV-69).
- DraftKings DFS NJ: full integration validation surfaced three independent failures (May 19, CIV-65) — RDP inconsistent (Zoom + AnyDesk undetected; TeamViewer flipped from blocked to undetected across consecutive retests); cross-border session lag of 100–150m past the PA→NJ line vs GeoComply 2–5m; generic 'Account Locked' messaging with no user guidance.
- Resigned iOS app NOT detected at Bet Saracen AR (May 19, CIV-44) — modified iOS app placed bets from Michigan, unmodified app correctly blocked. Same gap previously confirmed at FanDuel WV (Mar 31). Detection earlier reported at Saracen on May 11 did not hold.
- Rooted Android with hidden root (Magisk) NOT detected — confirmed at FanDuel WV (Mar 24, Mar 31, Apr 7) and Saracen AR (Apr 7). Allowed illegal cross-state bets from Tennessee.
- VMOS device-farm detection is flaky — undetected at FanDuel WV on second attempt (Apr 7), then failed at Bet Saracen AR (May 11), but successfully detected at FD WV pending Android release (Mar 31).
- Jailbroken root-hidden iOS NOT detected at Sleeper Sports, PrizePicks, Fliff (Apr 7) — three operators, one structural gap.
- PlayCover on ARM macOS bypassed FanDuel WV (May 11) even though it was blocked at Bet365 MI, Fanatics TN, and Saracen AR — operator-integration-dependent.
- Chrome browser extension (Location Guard) NOT detected at Underdog DFS (Apr 28) — undetected spoofing via a free browser plugin.
- Border crossing: 1-minute grace period after entering a restricted zone at Underdog DFS (Apr 28); 100–150m post-border session lag at DraftKings DFS NJ (May 19).
- Reactive state-selector logic at FanDuel WV — TN user initially verified on WV platform; misleading 'account sharing' error instead of regulatory message (Mar 31).
- Proxy betting allowed at Radar — just asks the user to 'wait additional time' (Mar 31).
- OK-border proximity: validation fails until 100m (iOS) / 220m (Android) from the line (Apr 14).
- Static desktop verification failed at 1,750m from the OK border via public Wi-Fi (Apr 14). Threshold undetermined.
- Mobile-hotspot incompatibility on Mac/Windows desktop (Apr 14).
- Auto-launch on system startup without consent (Mac + Windows, Apr 14).
- Mac 44% pass rate at 100m from the AR border; Windows users hit persistent lockout after a single failure with an atypical 'fraud_jumped_single_device' flag (May 5).
- Pre-loaded Windows 'Remote Screen Sharing' triggers silent account restriction — false-positive RDP flag (May 5).
- Radar Verify desktop app is Chrome-incompatible on Mac + Windows (Mar 24). Inconsistent across macOS 26.0.1 vs 26.3.1 and Chrome 146 vs 147 (Apr 14).
- Generic 'Account Locked' / 'account security' messaging across BetSaracen + DraftKings DFS NJ — no diagnostic data for end users (Apr 14, Apr 28, May 19).
- Device-counting logic flaw at Underdog DFS: every login recorded as a new device; breaks multi-account detection (Apr 28).
- Open-source unobfuscated SDK with client-side compliance decisioning and GPS injection methods in the public API (May 5 monthly brief).
- Publishable API key baked into app at build time — potential replay-attack surface (Mar 31).
Capability claims
What they say they do, grouped by category. Cross-check against the detection scorecard above — claims and tests don't always match.
Geolocation
How accurately and reliably the product determines a user's real location.
- GPS / OS locationUses native device GPS or OS-level location services.● Yesverified
- Wi-Fi triangulation● Yesinferredstale
- IP geolocation● Yesverifiedstale
- IP-change detectionContinuously monitors IP and re-runs geolocation on Wi-Fi ↔ cellular or VPN swap (GeoComply MyIP equivalent).◐ Partialverified
v3.x adds IP-triggered re-validation per Radar SDK release analysis; depth in regulated contexts unverified.
- Boundary / state-lineHandles users moving across regulated boundaries during an active session.○ Noverified
DraftKings DFS NJ: ~100–150m post-border session lag crossing PA→NJ (vs GeoComply 2–5m); session-state issue carries prior-state restriction across the line. Underdog DFS: ~1 minute grace period after entering a restricted zone (Apr 28).
- Near-border accuracyMulti-point aggregation + buffer-zone handling near regulated borders; measured as pass rate at 250m.○ Noverified
DraftKings DFS NJ 100–150m lag (May 19). Saracen AR: Mac 44% at 100m; Windows persistent lockout after single failure with 'fraud_jumped_single_device' flag. No successful bet within 1km of AR border on Win+hotspot (Mar 24). OK border: validation fails until 100m iOS / 220m Android (Apr 14).
- Pre-login pre-check◐ Partialinferredstale
trackVerified() returns signed JWT with passed boolean and failureReasons[].
- Multi-jurisdictionSingle integration handling operators in multiple regulated states (GeoComply Multipass / Dynamic Boundaries equivalent).○ Noverified
DraftKings DFS NJ session-state issue carrying prior-state restriction across the line (May 19). FanDuel WV: reactive state selector — TN user initially verified on WV platform (Mar 31). No Multipass / Dynamic Boundaries equivalent.
- Desktop plugin (PLC-class)Native desktop client / plugin required by PA, NJ, MS and most US iGaming regulators.◐ Partialverified
Radar Verify exists but is Chrome-incompatible (Mac+Win), auto-launches without consent on startup, and breaks across macOS / Chrome point releases.
- On-property BLE geofenceBluetooth Low Energy precision geofencing for tribal / on-property venues (PinPoint-class).◐ Partialverifiedstale
Roadmap signal: floor-level accuracy + BLE beacons added in v3.x — not yet a regulated-iGaming product.
Anti-spoofing detection
Detection coverage for the spoof vectors tested by the Competitive Intelligence team. Cell values reflect SDK-level detection of the listed vector at the most recently tested operator.
- VPN exit nodesDetects commercial VPN exit nodes (NordVPN, ExpressVPN, Surfshark, etc.).◐ Partialverified
Enterprise Fraud module only; not on standard plan. Bet365 TN replay-attack passed (May 11).
- Proxy / residentialDetects datacenter and residential proxies — the harder class of IP obfuscation.◐ Partialverified
Bet Saracen AR: Oxylabs residential proxy + Location Guard extension combo BLOCKED with STATE_NOT_ALLOWED (May 19) — network-level check held when stacked with state mismatch. But Radar historically allows proxy betting with a 'wait additional time' message (Mar 31).
- Tor exits· Unknownrumorstale
- Remote desktop (RDP)Detects AnyDesk, TeamViewer, FaceTime, Assistant, HopToDesk, iPhone screen mirroring, RustDesk and similar remote-control sessions.○ Noverified
Bet365 NJ: Tailscale + RealVNC UNDETECTED for 25+ min of continuous bets (May 19, CIV-69). DraftKings DFS NJ: Zoom + AnyDesk UNDETECTED; TeamViewer blocked May 8 then UNDETECTED on retests May 13–14 (CIV-65). Bet Saracen AR positives (AnyDesk + TeamViewer blocked May 5) did not generalise. Pre-loaded Windows 'Remote Screen Sharing' fires false-positive silent account block (May 5).
- Fake-location appsDetects iAnyGo / Fake GPS / mock-location apps on iOS and Android.◐ Partialverified
- Hardware GPS spooferDetects HackRF / BladeRF and GPS-simulator-device signal injection.○ Noverified
Bet365 MI: hardware GPS simulator triggered an error on first login then was IGNORED on the second login attempt — repeatable bypass with real-money bets placed from TN (May 19, CIV-48). FanDuel WV: GPS simulator bypassed from Vietnam (Mar 24).
- Emulator / VMDetects Xcode iOS Simulator, BlueStacks, Genymotion and similar virtual environments.· Unknownrumorstale
- Device farm / VMOSDetects VMOS / virtualized Android device-farm environments used for multi-accounting.◐ Partialverified
VMOS detected once at FD WV (Mar 31) then UNDETECTED on second attempt (Apr 7) and UNDETECTED at Bet Saracen AR (May 11). Inconsistent.
- Jailbreak / rootDetects jailbroken iOS, rooted Android (incl. Magisk hidden root), and Frida / runtime-hook tampering.○ Noverified
Rooted Android (hidden root / Magisk) NOT detected at FD WV + Saracen AR. Jailbroken root-hidden iOS NOT detected at Sleeper, PrizePicks, Fliff.
- Resigned / tampered appDetects iOS apps that have been re-signed / Android apps that have been repackaged with injected code.○ Noverified
Bet Saracen AR: resigned iOS app placed bets from MI; unmodified app correctly blocked on the same account (May 19, CIV-44). FanDuel WV: same gap (Mar 31). The May 11 Saracen + Fanatics 'detected' result did not hold under the May 19 retest — gap evolved or detection was build-specific.
- Sideload (PlayCover)Detects ARM-macOS iOS sideloading via PlayCover and equivalent hardware-abstraction loaders.◐ Partialverified
PlayCover ARM-macOS BLOCKED at Bet365 MI (May 11 + reconfirmed May 19), Fanatics TN (May 11 + May 19), Saracen AR (May 11); BYPASSED at FD WV (May 11).
- Browser extension spoofDetects Chrome / browser extensions that spoof location (Location Guard, Hola, etc.).◐ Partialverified
Underdog DFS: Chrome extension (Location Guard) NOT detected — undetected spoofing via a free extension (Apr 28). BUT Bet Saracen AR: Oxylabs proxy + Location Guard combo pointing to in-state AR was BLOCKED with STATE_NOT_ALLOWED (May 19, CIV-44) — Saracen-specific positive on top of a Chrome-extension network signal.
- Session terminationTerminates session when location services are disabled mid-game or device leaves the jurisdiction.○ Noverified
Bet365 MI: GPS-simulator restriction triggered on first login was NOT re-applied on re-entry — session state effectively whitelisted the device (May 19). RSI BetRivers NJ analogue at XPoint: detection can be cleared by logout/login.
- MITM / replay attackResists network-level interception, request tampering, and replay attacks against the SDK ↔ backend channel.● Yesverified
Bet365 TN replay-attack test: network-level attacks fully blocked. Minor visibility gap in verification flow but not exploitable in practice.
Identity & KYC
Document verification, biometric liveness, sanctions screening.
- Document scan / OCR○ Noverifiedstale
- Biometric liveness○ Noverifiedstale
- Sanctions / PEP○ Noverifiedstale
- AML / responsible gaming· Unknowninferredstale
- Reusable identity· Unknowninferredstale
Platform coverage
Which surfaces the SDK / product runs on.
- iOS native● Yesverified
- Android native● Yesverified
- Web / browser● Yesverified
- React Native● Yesverifiedstale
- Flutter● Yesverifiedstale
- Unity· Unknowninferredstale
- .NET / desktop◐ Partialverifiedstale
Verify app exists; MAUI bindings unclear; macOS / Chrome version compat fragile.
- Server-side API● Yesverifiedstale
Compliance & certification
Regulatory coverage and certifications.
- US state-licensed (iGaming/sportsbook)◐ Partialverified
BetSaracen AR + DraftKings DFS NJ (web, May 2026) + FanDuel WV + Bet365 mobile (multi-state) are the confirmed regulated US sportsbook/DFS deployments.
- US tribal / on-property○ Noinferredstale
- Canadian provincial○ Noinferredstale
- European (MGA/UKGC)○ Noinferredstale
- LatAm (Brazil SPA)· Unknowninferredstale
- SOC 2 Type II● Yesinferredstale
Referenced in trust pages — verify before quoting.
- ISO 27001· Unknowninferredstale
- GLI-certified· Unknowninferredstale
Fraud & device intelligence
Device fingerprinting, IP intelligence, behavioral signals, account-takeover detection.
- Device fingerprint○ Noverified
Logic flaw: every login at Underdog DFS recorded as a new device — defeats multi-account detection.
- IP intelligence DBMaintained DB of VPN / TOR / proxy / hijacked-residential IPs with documented refresh cadence (GeoGuard equivalent).◐ Partialverifiedstale
Enterprise plan only; no published DB size or refresh cadence.
- Behavioral signals○ Noinferredstale
- Velocity / impossible travel◐ Partialverifiedstale
Impossible-travel check listed as a trackVerified() signal.
- Bot detection· Unknowninferredstale
- Account takeover· Unknowninferredstale
- Chargeback mgmt· Unknowninferredstale
Ops & integration
How easy the product is to integrate, observe, and operate.
- Self-serve onboarding● Yesverifiedstale
Signup → key in <2 min, sandbox keys auto-provisioned.
- Case management UI○ Noverifiedstale
- Webhook delivery● Yesverifiedstale
- Real-time API● Yesverifiedstale
p50 50ms / p90 150ms; lightweight checks only.
- Analytics dashboard● Yesverifiedstale
- Audit log export◐ Partialinferredstale
- Encrypted responseDetection flag names hidden from the end user (GeoComply uses encrypted XML; most challengers expose JSON flag names).○ Noverifiedstale
trackVerified() returns signed JWT with passed boolean + visible failureReasons[]; client-side compliance decisioning surfaced in May 5 monthly brief.
- SDK hardeningSDK is signed, obfuscated, and license-bound — not findable / patchable to inject coordinates client-side.○ Noverified
Open-source unobfuscated SDK; publishable API key baked into app at build time; GPS injection methods exposed in public API.
Commercial
Pricing model and go-to-market shape.
- Usage-based pricing● Yesverifiedstale
MAU-based pricing (vs per-transaction).
- Flat license / enterprise· Unknowninferredstale
- Free tier / trial● Yesverifiedstale
- Publicly listed pricing● Yesverifiedstale
- Bundled with platformGeo is bundled inside a broader platform deal (OpenBet, GeoLocs/Mkodo, Playtech).◐ Partialverifiedstale
White-labelled into IC360's Geo360 product suite.
Resources
Briefings, source docs, and external links.
Case study (1)
- Radar Competitive Intelligence Brief — March 2026docs.google.com
Primary briefing — MAU pricing, IC360 white-label, Enterprise fraud module.
Drive doc (2)
- Radar — Full analysis (spreadsheet)docs.google.com
Complete test matrix and per-capability findings.
- Radar SDK Release Analysis (Apr 2025–Apr 2026)drive.google.com
Cadence + strategic direction: 'where is the user?' → 'can we continuously trust this location?'. IP re-validation, multi-signal, BLE indoor, modular fraud, v3.31.0 offline geofence events.
Website (1)
Pricing (1)
News (1)
- DraftKings DFS NJ migrated to Radar (May 2026)docs.google.com
Internal: CIV-65 — DraftKings DFS - validate the competitor's integration.
Drive folder (1)
Across eight weekly syncs (Mar 24 → May 19, 2026), Radar produced compliance gaps at five different operators (FanDuel WV, Bet Saracen AR, Sleeper / PrizePicks / Fliff, Underdog DFS, Bet365 NJ + MI, DraftKings DFS NJ) for at least ten distinct spoof vectors (rooted hidden Android, resigned iOS, GPS- simulator with re-entry bypass, Tailscale-driven RDP, multi-tool RDP inconsistency, VMOS, PlayCover ARM-macOS, browser extension, jailbroken iOS, proxy betting, near-border lag). Treat the Radar matrix row as the operative competitive document — every cell is verified-by-test as of the listed date.
Confirmed gaming clients (May 2026)
| Operator | Segment | Market | Use case |
|---|---|---|---|
| DraftKings DFS | DFS (web only) | NJ (May 2026) | First US live-traffic migration off GeoComply. Full validation (May 19, CIV-65) surfaced RDP inconsistency, 100–150m cross-border lag, and generic 'Account Locked' UX. |
| Bet365 mobile | Sportsbook / iGaming | US multi-state | Bet365 web → XPoint; mobile → Radar (confirmed April 2026). MI: GPS-simulator bypass on re-entry (May 19, CIV-48). NJ: Tailscale RDP undetected for 25+ minutes (May 19, CIV-69). |
| FanDuel WV | Sportsbook | US — WV | Eight weeks of repeated spoof failures. |
| Bet Saracen | Sportsbook | US — Arkansas | Regulated sportsbook reference; PlayCover + resigned iOS detected, VMOS not detected. |
| Underdog Fantasy | DFS | US multi-state | Chrome-extension spoof + device-counting flaw + 1-min border-crossing grace. |
| Sleeper | DFS | US multi-state | Jailbroken root-hidden iOS not detected. |
| PrizePicks | DFS | US multi-state | Jailbroken root-hidden iOS not detected. Note: also Xpoint Lite client. |
| Fliff | Social / sweepstakes | US multi-state | Jailbroken root-hidden iOS not detected. |
| Ballers Sportsbook | Sportsbook | US — licensed states | Jurisdiction enforcement. |
| 1/ST BET | Horse racing / wagering | US multi-state | Jurisdiction enforcement. |
| Everi | Gaming tech vendor | US multi-state | SDK embedded in vendor platform. |
| IC360 / Geo360 | Compliance vendor white-label | US multi-state | Radar powers Geo360. |
| Estrella Bet | Sportsbook | Brazil | Confirmed in Betting Hero's May 5 next-week scope. |
Strategic direction — Radar SDK release analysis (April 2026)
Strategic direction is clear: shifting from "where is the user?" to "can we continuously trust this location?" Releases every 3 weeks to a couple of months. Notable: v3.31.0 (Apr 24, 2026) added on-device offline geolocation-event generation — when their backend is unreachable, the SDK generates geofence entry/exit events from cached data, tagged as offline. This is a watch point — we don't know yet whether offline-generated events satisfy regulatory requirements in gaming markets. GitHub monitoring is active.
Other axes of movement:
- IP-triggered re-validation — location re-checked on network/IP change
- Multi-signal decisioning — motion, device context, network alongside GPS
- Indoor / vertical accuracy — floor-level detection on mobile + BLE beacons
- Modular fraud architecture — plugin-based, allows rapid new detection logic
Talking points for displacement deals
- DraftKings DFS NJ moved (May 2026), but only the DFS web product. Sportsbook + mobile stayed on GeoComply. This is a partial-displacement template, not a wholesale loss — sales narrative is "we keep the high-stakes stuff."
- MAU vs per-transaction is not apples-to-apples. Operators with high-engagement players blow past MAU thresholds and lose the price advantage fast.
- Eight verified spoof failures across four operators is not a tier-down — it's a non-starter. Lead the conversation with the Radar matrix row.
- Near-border accuracy is missing. No successful bet within 1km of the AR border in testing (Mar 24); Mac 44% pass rate at 100m (May 5).
- Client-side compliance decisioning and an open-source unobfuscated SDK is the structural problem — even if specific gaps get patched, the architecture exposes detection logic to the player.
- IC360's Geo360 is the harder threat. Operators evaluating IC360 may not realise Radar is the engine — surface this in any account where IC360 is a vendor.
Open testing scope (carry-forward from weekly syncs)
- Bet365 NJ full validation — follow up on the May 19 RDP gap (CIV-69)
- Saracen AR (Radar Verify app) full revalidation — P0 for Betting Hero this week
- Saracen AR — RAT (?), RDP follow-ups — Field Testing
- Bet365 MI — full Radar / XPoint integration research — Betting Hero
- GPS Simulator — Radar + XPoint (continuing)
- PlayCover — FD WV (outlier follow-up)
- Device farm VMOS — FD WV, Fanatics, BetRivers
- Saracen AR: Remote Screen Sharing across Windows laptops, Residential VPN out-of-state, additional RDPs (VNC, MS Teams, RustDesk)