XPoint / RSI BetRivers TN: GPS simulator fully undetected, MI casino bets from Tennessee
Source. May 19, 2026 weekly sync.
Ticket. CIV-48: Test Fake Location using GPS Simulator Accessory on Competitor Apps.
What we tested
A hardware GPS simulator accessory was used against the RSI BetRivers Tennessee (XPoint) deployment.
What happened
The GPS simulator went fully undetected — no first-login error, no session-mid restriction. The tester logged into the Michigan app from Tennessee and played a casino game with no errors or restrictions triggered at any point.
Why it matters
This is the cleaner-cut version of the Bet365 MI Radar gap on the same vector this week. Where Bet365 (Radar) flagged the simulator on first login and then forgot about it, RSI BetRivers (XPoint) never flagged it at all.
This is also consistent with our standing position on XPoint's unsigned iOS SDK (March 24): the SDK ships with a public GPS injection method and can be patched to inject coordinates before every compliance check. A hardware GPS-simulator accessory is a more expensive way to achieve the same outcome — and it still works.
Cross-reference
- Bet365 MI (Radar) — GPS simulator re-entry bypass — Radar caught it once then let it through.
- Fanatics TN (OpenBet) — GPS simulator detected — clean detection with a specific error message.
- XPoint capability
spoof.gps-hwis verifiednosince March 24 — this finding reinforces it on a fresh operator.