Skip to main content

4 posts tagged with "ios"

View All Tags
DetectedCompliance

GeoLocs / mkodo at OLG iOS: session terminated immediately when device location services are disabled ✓

GeoLocsOLG (Ontario Lottery & Gaming)
geolocsmkodoolgioslocation-services

Source. May 26, 2026 weekly sync.
Ticket. CIV-52: Ontario — mkodo / GeoLocs — Compliance Failures & Retest.

What we tested

Whether the OLG iOS app (GeoLocs / mkodo geolocation) would correctly refuse to operate when device location services were turned off — i.e. the most basic compliance pre-condition (no location signal → no wager).

What happened

  • Session was terminated immediately on detection of disabled location services.

Why it matters

The baseline check works. A platform that allows wagering with no location data is unambiguously non-compliant; this vendor correctly refuses, on iOS, at session start.

That said — pair this with the OLG / GeoLocs VPN gap recorded the same week: the vendor does enforce when the device claims to be unable to locate, but falls down when the device claims to be located somewhere it isn't. The two findings together describe the shape of the gap: GeoLocs trusts the device's location signal too uncritically when that signal is present.

Cross-reference

GeoLocs profile → · May 26 weekly sync →

MissedVPNFake GPS appEmulator

High Flyer Casino TN: location spoofing succeeds on iOS + Android — bets placed from outside Tennessee, blocks only enforced at game level

GeoLocsHigh Flyer Casino
geolocsmkodohighflyer-tniosandroid

Source. May 26, 2026 weekly sync.
Ticket. CIV-52: Ontario — mkodo / GeoLocs — Compliance Failures & Retest (Casumo, High Flyer, OLG).

What we tested

Whether High Flyer Casino (Tennessee) could be accessed and wagered on from outside the licensed state using common consumer-grade spoofing combinations:

  • iOS — Safari + iAnyGo location-spoofing tool + VPN.
  • Android — equivalent setup.
  • iOS Emulator — for comparison against the native iOS path.

What happened

  • iOS path succeeded. Bets placed from outside Tennessee with no website-level block.
  • Android path succeeded. Same outcome.
  • iOS Emulator test produced identical results to native Android — the platform does not differentiate the emulated environment.
  • Some individual games returned location errors — but this enforcement comes from the game providers themselves, not from the sportsbook integration. Coverage is therefore inconsistent and per-title rather than per-jurisdiction.

Why it matters

The geolocation controls at the platform level are effectively absent for this operator on the most common consumer spoofing toolchain (VPN + commodity iOS spoofer). When detection does fire, it fires from game providers rather than from the operator's compliance layer — meaning enforcement depends on which game the user happens to open, not on a coherent jurisdictional decision.

Cross-reference

GeoLocs profile → · May 26 weekly sync →

MissedNear borderBoundary crossing★ Pinned

OpenBet / Fanatics TN: WV casino-game session maintained 10m inside Virginia border (iOS)

OpenBetFanatics Sportsbook
openbetfanatics-tnnear-borderiosciV-59

Source. May 19, 2026 weekly sync.
Ticket. CIV-59: Fanatics — OpenBet Locator | adv spoofing.

What we tested

Close-to-border testing of the Fanatics (OpenBet Locator) deployment on iOS. The tester opened a West Virginia casino game session inside WV, then physically crossed into Virginia while keeping the session active.

What happened

  • Session maintained. The active WV casino-game session was held open consistently while the tester stood 10 meters inside the Virginia border — a state where the operator is not licensed.
  • iOS only. The issue was not reproduced on Android in the same conditions.

Why it matters

A 10m post-border allowance is meaningful in real-world geographies where homes, hotels, parking lots, and businesses sit directly on the state line. A player who lives or works on the line can sustain an active gaming session while physically on the wrong side of it. This is the exact compliance scenario near-border buffer zones exist to prevent.

The iOS/Android asymmetry suggests the regression is in the iOS-side boundary handling specifically, not in the underlying geofence geometry.

Cross-reference

OpenBet profile → · May 19 weekly sync →

MissedJailbreak / Root★ Pinned

Radar: jailbroken root-hidden iOS not detected at Sleeper, PrizePicks, Fliff

RadarSleeperPrizePicksFliff
radarjailbreakiossleeperprizepicks

Source. April 7, 2026 weekly sync — Field Testing section.

What we tested. Jailbroken iOS device with root hiding enabled. Attempted to wager from a prohibited location on three operators in sequence: Sleeper Sports, PrizePicks, Fliff.

What happened. All three allowed the wager through. Radar did not detect the jailbroken / root-hidden state on any of the three.

Why it matters. This is a structural Radar SDK gap that surfaces at every operator, not an operator-specific bug. The same compliance hole appears in three different deployments (DFS, sweepstakes, social gaming) within a single week of testing.

Radar profile → · April 7 weekly sync →