Competitor
Operator
Threat
- GeoComply / FanDuel NJ: Mac-to-Mac Tailscale remote screen sharing blocked immediately — Blocked Software rule ✓GeoComply's desktop solution (PLC) blocked the same Mac-to-Mac remote screen-sharing technique that went undetected on BetRivers PA / XPoint last week. Remote Mac screen sharing via Tailscale on FanDuel NJ triggered the Blocked Software rule immediately — no bets were possible. A direct, same-method, same-week comparison against the competitor gap.
- XPoint / BetRivers PA: CIV-88 retest — FaceTime RDP sustained for 1 hour; Tailscale Mac-to-Mac RDP undetectedFollow-up to last week's CIV-88 advanced spoofing review on BetRivers Pennsylvania (XPoint): FaceTime screen sharing sustained a full hour of remote wagering from New Jersey onto an in-state iPhone in PA — sportsbook and casino bets placed continuously with no block. Tailscale Mac-to-Mac RDP via Finder screen sharing also failed detection — unattended full control of the in-state host, geolocation check passes against the host's PA position.
- Radar / Wind Creek Casino Online PA: iOS RDP, DroidVNC + Tailscale, and Android VPN undetected (results June 19)Full integration validation of Wind Creek Casino Online PA (Radar), results delivered June 19: iOS FaceTime and iPhone Mirroring undetected (TN operator controlling in-state iPhone after local login), Android DroidVNC + Tailscale undetected, Android Turbo VPN undetected. iOS VPN blocked at login and mid-session. TeamViewer, AnyDesk, HopToDesk, Android FLA, and ~90 m cross-border buffer compliant. Rooted Android mock location caught; root itself undetected.
- XPoint / BetRivers PA: Tailscale macOS RDP (unattended), Magisk mock-flag suppression, and FaceTime handoff undetectedAdvanced spoofing review of BetRivers Pennsylvania (XPoint): two Macs on the same Tailscale account — Mac1 (out of state) gets full unattended control of Mac2 (in PA) via Finder screen sharing. Rooted Android with Magisk + a low-level module suppresses the mock-location flag before BetRivers reads it. FaceTime RDP requires local login + 2FA, then full remote control with no further local presence.
- XPoint / BetRivers PA: iOS RDP, Tailscale macOS RDP, and rooted Android mock location undetected; standard RDP + FLA blockedCompliance analysis of BetRivers Pennsylvania (XPoint) surfaced three undetected attack paths: native iOS remote control via FaceTime and iPhone Mirroring (bets placed from an out-of-state operator on an in-state device), Tailscale combined with macOS native screen sharing, and rooted Android with concealed mock-location telemetry. TeamViewer, AnyDesk, HopToDesk, IP-change checks, Android fake-location apps, and a resigned iOS app were all compliant.
- GeoComply / Bally Bet NJ: remote screen control via Tailscale blocked at login and mid-session ✓GeoComply's geolocation product blocked a remote-screen-control attack on Bally Bet NJ — macOS Native Screen Sharing driven over a Tailscale tunnel, with one Mac handing full screen control to a second Mac in a different location. Detection fired both at login and mid-session with a Blocked_software error. A direct compliance advantage over the three competitor integrations that missed the same attack this week.
- Radar / Underdog DFS: remote screen control via Tailscale undetected for 20+ minutesA remote operator took full control of a device inside the permitted state over a Tailscale-tunnelled screen-sharing session and placed bets on Underdog DFS. Radar did not detect or block the remote-control session, which stayed active for more than 20 minutes. Part of the expanded remote-control campaign that began with the Bet365 NJ (XPoint) finding.
- Bet365 MI (Radar / XPoint): full competitive validation — near-border lag, FaceTime + Windows RDP undetected, UX recovery brokenFull Bet365 MI integration validation surfaced five distinct issues in a single test cycle: unreliable behaviour at 200–1,000 m from the Canadian border, an incorrect 'NJ-residents-only' jurisdiction prompt when crossing Detroit↔Canada, iOS FaceTime RDP undetected (MA → MI), Windows RDP undetected (MA → MI), and persistent app glitches after VPN detection that force a full restart. Multiple compliance and UX gaps across mobile + web layers.
- Radar / FanDuel WV: iOS betting app runs undetected on Mac via PlayCover (real-money bet placed)Using PlayCover to run the FanDuel iOS app directly on a Mac, the tester logged in and completed a real-money bet on FanDuel West Virginia. Radar did not detect that the app was running in a non-standard environment. Both the standard and an advanced variant of the technique produced the same result. Confirms FanDuel WV as the standing outlier on a vector that other Radar-protected operators block.
- XPoint / Bet365 NJ: macOS↔macOS RDP via Tailscale + Screen Sharing undetectedUsing Tailscale to put two Macs on the same private network and macOS's built-in Screen Sharing to drive one from the other, the tester accessed Bet365 NJ from a different physical location and placed wagers. XPoint did not detect the remote session. Follow-up testing across Radar, OpenBet, and GeoComply-integrated clients has been requested.
- OpenBet / Fanatics TN: WV casino-game session maintained 10m inside Virginia border (iOS)Close-to-border testing on iOS: an active West Virginia casino game session on Fanatics was maintained consistently while standing 10 meters inside the Virginia border. Not reproduced on Android. Meaningful compliance risk in areas where homes or businesses sit directly on the state line.
- Radar / Bet365 MI: GPS simulator accessory bypass, restriction not re-applied on re-entryA hardware GPS simulator accessory was used to spoof the tester's physical location into Michigan from Tennessee. After an initial login error, a second login attempt succeeded with no further location checks enforced. Real-money bets placed on the MI casino. The restriction that appeared on first login was not re-applied on re-entry — repeatable compliance gap.
- Radar / Bet365 NJ: Tailscale + RealVNC RDP undetected for 25+ minutes of continuous bettingA Mac remotely controlled an Android device on a separate network via Tailscale + RealVNC. The tester placed bets continuously for over 25 minutes on Bet365 NJ (Radar) with no interruptions, timeouts, or restrictions triggered. Radar's geolocation checks did not detect the remote session at any point.
- Radar / DraftKings DFS NJ: full integration validation — RDP inconsistent, cross-border lag, generic UXFull integration validation of the post-migration DraftKings DFS NJ deployment on Radar. RDP detection is inconsistent (Zoom + AnyDesk undetected; TeamViewer blocked May 8 but undetected on May 13–14). Cross-border session lag of ~100–150m past the PA→NJ line vs GeoComply's 2–5m. Generic Account-Locked error messaging with no user guidance.
- Radar / Bet Saracen AR: modified ("resigned") iOS app placed bets from MichiganA modified version of the Bet Saracen iOS app — altered to remove Apple's integrity protections — was used to place bets remotely from Michigan with no issues. The same account on the unmodified app was correctly blocked. Direct fraud and compliance risk: bad actors can use modified apps to bet from any location.
- XPoint / RSI BetRivers NJ: Tailscale RDP fails detection in most cases, bypass-by-logoutXPoint fails to detect Tailscale-based remote access in most cases against RSI BetRivers NJ, allowing bets from a physically separate location. When detection did trigger it was inconsistent and easily bypassed by logging out and back in. Two attack methods confirmed — one requiring brief one-time approval, one fully unattended.
- XPoint / RSI BetRivers TN: GPS simulator fully undetected, MI casino bets from TennesseeHardware GPS simulator accessory went fully undetected on RSI BetRivers Tennessee (XPoint). Tester logged into the Michigan app from Tennessee and played a casino game with no errors or restrictions triggered.
- DraftKings DFS NJ migrated from GeoComply to Radar (web only)Confirmed provider transition: DraftKings has moved its New Jersey DFS web product from GeoComply to Radar. Sportsbook and mobile apps stay on GeoComply. Dual-vendor compliance testing underway.
- Radar / FanDuel WV: three exploitation methods bypass restrictions from TennesseeConfirmed compliance vulnerabilities at FanDuel WV: users can bypass geographical restrictions from Tennessee via iOS app resigning, virtualised environment emulation via VMOS, and sideloading via PlayCover on ARM-based macOS. Each technique successfully facilitated out-of-state betting.
- OpenBet / Fanatics TN: HopToDesk + iPhone screen mirroring bypassed detectionFanatics TN flagship deployment: HopToDesk + iPhone screen mirroring both bypassed OpenBet Locator's RDP protocols. Out-of-Tennessee wagering succeeded on both iOS and Android.
- Radar / Saracen AR: 100m from border — Mac 44% pass rate, Windows persistent lockoutSaracen AR proximity testing: success rates remained high beyond 350m from the state line, but at 100m Mac devices only cleared 44% of verifications. Windows users experienced a persistent lockout after a single failure, complicated by an atypical 'fraud_jumped_single_device' flag during betting attempts.
- Monthly social brief: location verification failures = 38% of all complaintsMay 5 monthly brief: location verification failures dominate end-user complaints (38% of all findings), with DraftKings (11) and FanDuel (9) generating the highest complaint volumes across March 30 – April 27.
- Radar / Underdog DFS: Chrome extension (Location Guard) undetectedUnderdog DFS browser-based Radar deployment: location-spoofing via the free Location Guard Chrome extension was not detected. Free, no technical skill required.
- Radar: jailbroken root-hidden iOS not detected at Sleeper, PrizePicks, FliffThree operators, one structural gap: jailbroken root-hidden iOS devices bypass geolocation controls on Sleeper Sports, PrizePicks, and Fliff. Users can wager from prohibited locations without detection.
- Reddit: two users publicly offer to spoof Bet365 XPoint Verify via MagiskFlorida user asked on Reddit how to spoof XPoint Verify. Two other users confirmed it is possible and offered help via Magisk. Worth investigating Magisk + XPoint Verify vulnerability.
- Splash Sports planning to offload XPoint in June 2026 — multi-state DFS gapSplash Sports is aiming to offload XPoint in June 2026. They have DFS game modes available in different states which XPoint requires them to handle themselves — XPoint has no Multipass equivalent and no Dynamic Boundaries equivalent.
- TQJ 'Todos Querem Jogar' switched OpenBet off — now running IP-onlyBrazil operator Todos Querem Jogar (Bet do Milhão) switched OpenBet off — described as 'worked poorly and caused UX issues'. Now using IP only as primary geolocation, with no proper geo-enforcement.
- XPoint / RSI DE: FaceTime RDP undetected — MI user wagered on DE iOS deviceMichigan-based user placed remote wagers on a Delaware-localised iOS device via FaceTime RDP — both casino and sportsbook. Same gap previously confirmed in AZ. Cross-region structural failure, not an operator-specific bug.
- Radar / FanDuel WV: tampered iOS app placed bets from TennesseeResigned iOS FanDuel app — modified to bypass security controls — successfully placed bets from TN on the WV platform. Radar failed to detect the modification.
- Xpoint: unsigned iOS SDK + findable SDK = client-side coordinate injectionSource analysis of the raw iOS + Mac Xpoint SDKs obtained in March: the iOS SDK is unsigned and findable. An attacker can patch the app to inject coordinates before every compliance check.
- Radar / FanDuel WV bypassed by GPS simulator device from VietnamFD WV testing: location verification was bypassed using a GPS simulator device, with the tester apparently located in Vietnam. Radar accepted the spoofed coordinates.
- Social signals (June 30): XPoint desktop/WiFi geo friction on BetRivers; GGPoker freeze flagged; DE boundary complaintJune 30 weekly social brief: since the XPoint migration, a recurring pattern of desktop/WiFi geolocation failures on BetRivers that do not appear on mobile — users blocked on home WiFi while cellular works. GGPoker/WSOP (former 888, XPoint) player reports location-related game freeze. App Store and Twitter complaints reinforce inconsistent geo UX; a Delaware user flagged invalid-location while physically in-state.
- GeoLocs / mkodo — Casumo Casino (QC/ON border): KYC bypass with fake Quebec address; Ontario licence suspended May 14Full mkodo Geolocs validation via Casumo Casino from the Quebec side of the Ontario–Quebec border (Casumo's Ontario licence suspended May 14): KYC bypassed with a fake Quebec address while Ontario ID and Ontario billing address were both accepted and a $10 deposit completed. Ontario in-province registration correctly blocked; DevTools intermittently detected on Mac; Canadian-market iPhone shown maintenance page. Games failed to load across all platforms in QC.
- OpenBet / Fanatics MI: VMOS virtual Android environment blocked — generic error, no wager path ✓VMOS virtual Android environment tested on Fanatics Michigan (OpenBet Locator): access blocked immediately after login with a generic error and no path to place a bet.
- Radar Web 5.0.0 / 5.1.0: fraud detection moved to opt-in JS — emulators, screen sharing, IP check every 30 sRadar released Web version 5.0.0 and 5.1.0: fraud detection moved to a separate easy-to-use JS module so clients can opt in and out of fraud signals. Also adds emulator detection, screen sharing detection, and a hardcoded IP check every 30 seconds.
- Social signals (June 23): BetRivers XPoint geo friction on Reddit; KYC and support overload spikingJune 23 weekly social brief: no Reddit volume spike, but clear XPoint disapproval on BetRivers — PC geo failures, home WiFi blocked while cellular works. KYC verification failures (~every third r/betrivers post) and overloaded support (no email replies for days, multi-hour phone waits) are spiking. Full BetRivers report in progress.
- XPoint / bet365 MI + BetRivers MI: commercial RDP blocked pre-wager; RustDesk blocked at ~290 s interval check (install alone silent)Remote desktop retest on bet365 Michigan and BetRivers Michigan (XPoint): HopToDesk, AnyDesk, and TeamViewer all detected and blocked before a bet could be placed — a measurable improvement. RustDesk was blocked at the first interval check (~290 seconds / ~4.5 minutes) on both operators; prior launch-order lag was not reproduced. RustDesk is only flagged while actively running — not when merely installed.
- Locance (LocationSmart) / Luxury Casino Ontario: cross-border play, RDP, and Android VPN gaps; Mac VPN blockedFull Locance (LocationSmart) integration validation on Luxury Casino Ontario found cross-border wagering possible for multiple kilometres between Ontario and Quebec, remote control via TeamViewer / AnyDesk / HopToDesk undetected on desktop and Android, and Android VPN usage completely unblocked. Mac VPN was detected; iOS blocked VPN access but surfaced no error messaging. Near-border iOS behaviour mis-located users 100–150 m from the Quebec boundary.
- ACT — emerging geo competitor surfaced at G2E 2025; website and press coverage just appearingNew competitor ACT announced at G2E end of 2025 but only launched their website and started appearing in trade press in the last week or two. GLI-tested but not certified; no confirmed gaming clients in any jurisdiction. Product details are not listed or hinted publicly — monitoring only for now.
- Social signals (June 16): World Cup flat; Bet365 geo volume down but same friction themes; KYC complaints +63%June 16 weekly social brief: FIFA World Cup has not increased overall feedback volume. Bet365 geolocation complaints dropped from 12 (older period) to 4 (recent period) but the BrowserGuard / plugin friction themes persist — mandatory third-party download, geo check wiping the betslip, location dropout during live betting. KYC complaints rose from 0.8 to 1.3 per day (+63%); KYC share of total signals jumped from 14% to 33%.
- Locance (LocationSmart) / Luxury Casino Ontario: remote-access block fails on a single retry; iAnyGo GPS spoof undetectedA remote-access retest of Locance (LocationSmart) on Luxury Casino Ontario, run from Tennessee. Remote access via TeamViewer & AnyDesk: an initial geolocation check errored, but after a single retry access was granted and bets were placed — the block did not hold on the second attempt. GPS location spoofing (iAnyGo): blocked only indirectly — Luxury Casino requires a Canadian VPN to load and that VPN was flagged as a proxy; the GPS spoof itself triggered no detection.
- OpenBet / Fanatics MI: GPS simulator + TeamViewer iOS screen mirroring undetected, bets placed from Tennessee (iOS resigned app detected)Follow-up testing extended the Fanatics remote-access findings to more methods and states. On Fanatics MI (OpenBet), a GPS simulator and, separately, full TeamViewer screen-mirror control of the iOS device both went undetected — the tester logged into the Michigan app, placed real-money bets, and played casino games from Tennessee. The iOS resigned app was detected (geolocation failed as expected), but the returned error message was blank, making the specific detection trigger hard to identify.
- OpenBet / Fanatics TN: HopToDesk remote session connects, but the Place Bet button is hidden from the remote operatorContinuing the Fanatics remote-access retest in Tennessee, a HopToDesk remote-control session was established on Android — the remote operator had full control of the device. The Place Bet button, however, was hidden from the remote operator, so bets could not be placed remotely without local interaction. A partial mitigation: the remote-access tool itself was not blocked, but the wagering action was withheld from the remote session — inconsistent with the Michigan result, where TeamViewer screen mirroring allowed full remote betting.
- Locance (LocationSmart) Ontario: real-money deposit with no identity check + detection rules exposed in APITesting of Locance in Ontario surfaced two issues: a tester completed account registration and a real-money Interac deposit without any identity or location verification — a step that should be mandatory under Ontario iGaming rules — and, when connecting from a Singapore IP, the API response named the exact detection rules that fired (e.g. 'IP proxy detected', 'IP hosting provider'), handing an attacker a map of what to evade.
- OpenBet / Fanatics: Mac-to-Android remote control undetected, bets placedA tool that lets a Mac laptop remotely control an Android phone from a different network was used to place bets on Fanatics. OpenBet did not detect the remote-control session during a sustained test — extending the remote-control gap confirmed this campaign across Radar (Underdog) and XPoint (Bet365 NJ) from macOS↔macOS to cross-platform desktop→mobile.
- OpenBet / Fanatics MI: HopToDesk remote control undetected on Android (TeamViewer + AnyDesk blocked)During Michigan–Canada border advanced-spoofing retests, HopToDesk — a remote-access tool — was not detected at install or during an active remote session on the Fanatics MI Android app (OpenBet); bets were placed while a remote user was in control. TeamViewer and AnyDesk were both detected and blocked, and iOS FaceTime screen sharing was detected near the border. A specific tool gap, not a blanket miss.
- XPoint / bet365 MI: RustDesk evades detection when launched after the geolocation client (launch-order flaw)XPoint fails to detect RustDesk on Windows and macOS if the remote-access tool is opened after the geolocation client is already running. Launching RustDesk first triggers an immediate flag; opening it mid-session let 50+ consecutive location checks pass, and detection only resumed after a manual client reboot — evidence of a one-time startup scan rather than real-time monitoring.
- GeoLocs / mkodo at OLG iOS: session terminated immediately when device location services are disabled ✓On the OLG iOS app (GeoLocs / mkodo), the session was immediately terminated when device location services were disabled. The vendor correctly refuses to play in a no-signal condition — a clean compliance baseline that contrasts with the same vendor's VPN-handling gap in the same week.
- GeoLocs / mkodo at OLG (Ontario): VPN-from-Ontario allowed when location services are on; Netherlands VPN only blocked on re-entry, no user-facing errorOn the OLG (Ontario Lottery and Gaming) web app, an Ontario-based VPN was authorised for unrestricted gameplay and wagering as long as device location services remained active. A Netherlands-based VPN did not trigger any immediate session termination — the system only blocked access on a re-entry attempt after exiting a game, and provided no user-facing error explaining why. Detection is delayed and silent, not real-time and informative.
- High Flyer Casino TN: location spoofing succeeds on iOS + Android — bets placed from outside Tennessee, blocks only enforced at game levelLocation spoofing was successful on both iOS (Safari + iAnyGo + VPN) and Android, allowing bets to be placed on High Flyer Casino TN from outside Tennessee without any blocks at the website / platform level. Some individual games surfaced location errors, but that enforcement comes from the game providers themselves rather than the sportsbook. The iOS Emulator test produced identical results to Android. High Flyer's geolocation controls are bypassable; protection is inconsistently applied at the game level only.
- OpenBet / Fanatics MI: GPS spoofing hardware detected — new market confirms the TN result ✓First test of OpenBet Locator at Fanatics Michigan against a hardware GPS-spoofing accessory: detection fired in real time with a location-anomaly warning and the session was prevented from continuing. Replicates the outcome previously confirmed on Fanatics TN — OpenBet's GPS-simulator detection holds across at least two distinct markets.
- OpenBet / Fanatics WV: FaceTime screen sharing detected at session start — account / device blocked ✓When FaceTime screen sharing was initiated at the start of a Fanatics West Virginia (OpenBet) session, OpenBet detected the screen-sharing condition and either blocked the account or blocked the device — wagering prevented. Direct contrast with the Bet365 MI iOS-FaceTime-RDP gap recorded in the same week.
- Radar / Saracen AR: pre-installed Windows RDC no longer prevents app access (retest contradicts April 19); block fires without UX guidanceRetest since May 19, 2026 indicates that simply having the Remote Desktop Connection (RDC) client present on Windows 10 (later upgraded to Windows 11) is no longer sufficient to prevent access to the app — contradicting the April 19 finding. However, the system blocks access whenever the app is launched, even when no remote session is active, and surfaces no explanatory error or recovery guidance — significant UX friction with no path for the user to fix it.
- Cross-operator: iOS PlayCover sideloading blocked at Bet365 MI (Radar) and Fanatics TN (OpenBet) ✓Desktop-based emulation of iOS via PlayCover was blocked at the login stage on both Bet365 MI (Radar) and Fanatics TN (OpenBet). No geolocation bypass possible — both platforms neutralised this vector before any compliance check ran.
- OpenBet / Fanatics NJ: droidVNC-NG RDP immediately blocked, error message names the remote-control app ✓RDP via droidVNC-NG on Android, controlled by RealVNC Viewer over Tailscale, was immediately blocked at Fanatics NJ (OpenBet). The error message explicitly named the remote-control application in use — best-in-class compliance UX this week.
- OpenBet / Fanatics TN: GPS simulator detected with a specific, informative error message ✓Hardware GPS simulator triggered a clear, specific error at Fanatics TN: 'Your location has abruptly changed. Please disable apps that alter your device's location and retry.' Notably more informative than the generic messaging seen at other operators.
- OpenBet / Fanatics TN: TeamViewer screen mirroring undetected — NY tester placed bets on TN platformA tester in New York was able to place bets on the Fanatics Tennessee platform via TeamViewer screen mirroring. FaceTime RDP was detected and blocked correctly — TeamViewer was not.
- Radar / Bet Saracen AR: Oxylabs residential proxy + Location Guard extension combo blocked ✓A residential proxy (Oxylabs) combined with the Location Guard browser extension — both pointing to an in-state Little Rock, AR address — was still detected as out-of-state by Radar at Bet Saracen AR. STATE_NOT_ALLOWED returned. Browser-level spoofing tools are insufficient to bypass the network-level check at this operator.
- RobinHood TN: SSL certificate pinning blocks network interception on iOS + Android ✓ — but still no device-level geolocationMITM testing on RobinHood TN: SSL certificate pinning implemented on both iOS and Android. Charles Proxy cannot capture geolocation traffic on iOS; mitmproxy produces a TLS handshake failure on Android. Network interception attacks are blocked — but RobinHood still relies on IP-only verification with no device-level geolocation SDK.
- Cross-operator: iOS PlayCover sideloading blocked at Bet365 MI, Fanatics TN, Bet Saracen AR ✓Desktop-based emulation of iOS applications via PlayCover is successfully restricted across all three tested operators. Bet365 and Fanatics neutralized the vector during authentication; Bet Saracen identified the unauthorized environment at the betting stage.
- Radar / Bet Saracen AR: VMOS not detected — but PlayCover + resigned iOS blocked ✓Radar was unable to identify virtualized device simulation through VMOS, which permitted a successful out-of-state bet from Tennessee. However, Radar correctly detected and restricted sideloading via PlayCover and the use of resigned iOS apps during the betting process.
- RobinHood (TN, prediction markets): no device-level geolocation — IP-only, trivially bypassedReplay-attack testing on RobinHood TN: no device-level geolocation in place. RobinHood relies solely on IP to verify player location. Basic spoofing tools went undetected — bypass requires zero technical skill.
- Radar / Saracen AR: AnyDesk + TeamViewer correctly restrictedSaracen AR Radar deployment: active sessions via AnyDesk and TeamViewer were effectively restricted. A rare positive Radar result — worth recording for parity.
- Radar / Saracen AR: pre-loaded Windows 'Remote Screen Sharing' silently blocks accountsThe pre-loaded Windows Remote Desktop Connection app ('Remote Screen Sharing') triggers account restrictions without notifying the user. Significant risk for support teams — high ticket volumes and player dissatisfaction with no clear resolution path.
- Radar v3.31.0 (Apr 24, 2026): SDK generates geofence events offline, without serverNotable Radar SDK release: when the backend is unreachable, the SDK generates geofence entry/exit events directly on the device from cached data, tagged as offline. Backend-toggled. Watch point: does this satisfy regulatory requirements?
- Fanatics (OpenBet) account suspension immediately after a winning streakApril 28 weekly: Two new KYC entries for Fanatics. Users report selfie/ID scans failing repeatedly on sign-up, and a separate account suspension immediately following a winning streak — funds held, bank statements submitted, no resolution.
- Radar desktop UX issues: auto-launch, hotspot incompatibility, 4% CPU pulses, macOS/Chrome compat gapsApril 14 testing surfaced five distinct desktop UX problems on Radar Verify: persistent install download prompts, auto-launch on system startup without consent, 4% CPU spikes every 10s at 600m from the border, mobile-hotspot incompatibility, and inconsistent behaviour across macOS 26.0.1 vs 26.3.1 and Chrome 146 vs 147.
- Radar near-border: validation fails until 100m (iOS) and 220m (Android) from OK lineProximity Constraints — validation unsuccessful until reaching 100m (iOS) / 220m (Android) from the OK state line. Static desktop verification failed at 1,750m from the border via public Wi-Fi (Mac/Windows). Success threshold remains undetermined.
- Radar SDK release analysis: shifting from 'where is the user?' to 'can we continuously trust this location?'Radar release cadence: every 3 weeks to a couple of months. Strategic direction: continuous-trust location decisioning via IP-triggered re-validation, multi-signal decisioning (motion/device/network alongside GPS), indoor/floor-level accuracy with BLE beacons, and a modular plugin-based fraud architecture.
- FanDuel: $12,000 payout denied due to 'suspicious location' flagApril 14 weekly: FanDuel dominated complaints — one high-impact case: user denied a $12,000 payout due to a 'suspicious location' flag. DraftKings simultaneously hit with 10+ minute location-check delays.
- Bet365 confirmed dual-stack: XPoint web + Radar mobileConfirmed in the April 7 weekly research: Bet365 runs XPoint on the web and Radar on mobile. Even the flagship XPoint reference is split across two geo providers.
- Radar / Saracen AR: resigned iOS app detected with clear error messaging ✓Saracen AR testing confirmed Radar flagged a resigned iOS app with appropriate error messaging, preventing betting activity while ensuring the account was not blocked. This contradicts our FD WV result. Follow-up validation scheduled pending the next iOS app release.
- Radar / FanDuel WV: VMOS not detected on second attempt — regression vs Mar 31VMOS emulator usage not detected on the second attempt. Allowed bets from TN on the WV app. Contradicts the March 31 success — the detector is either regressed or flaky.
- RushStreet (XPoint) Android review: kicked off during tournaments, lost moneyRushStreet (XPoint) Android Play Store review: 'I've been playing poker and lately it's been freezing up, losing location, and I've got kicked off and lost money on tournaments.'
- Radar / FanDuel WV: proxy betting allowed — system just asks user to 'wait additional time'Radar is allowing proxy betting and just asks the user to wait some additional time if someone else used the account in another location. Reactive enforcement with misleading 'account sharing' messaging.
- Radar / FanDuel WV: VMOS Android device-farm successfully detected ✓Device Farm / VMOS (Android) — Radar successfully identified the virtual OS environment used to manipulate device integrity. Follow-up validation scheduled pending the next Android app release.
- Radar / Saracen AR desktop: Chrome-incompatible Verify app + no bet within 1km of AR borderRadar Verify desktop app does not work on Chrome (confirmed Windows + Mac). No successful bet within 1km of the AR border on a Windows laptop with mobile hotspot — Radar kept switching between 'State not Allowed' and 'Buffer Zone' errors.
- Reddit on Bet365 XPoint: wrong-state detection (MD→NJ), endless Verify install loopMarch 24 weekly: Bet365 (XPoint) generating strong negative signal — wrong-state detection (MD placed in NJ), endless XPoint Verify install loop on desktop, multiple posts explicitly naming the provider switch as the root cause.
- Reddit on Fanatics: 'Why they didn't go with GeoComply like everyone else is beyond me'March 24 weekly sync: Fanatics / OpenBet sentiment is highly negative and openly pro-GeoComply across Reddit. Players report multi-week geolocation failures, CS dead ends, inability to withdraw funds without passing geo.
- Xpoint / BetRivers: rooted Android device allowed through to bet placementRooted Android device with hidden root cleared Xpoint geolocation at BetRivers (RSI). An account that had previously been blocked by GeoComply was no longer blocked once Xpoint took over the integration.