Skip to main content

2 posts tagged with "ios-resigning"

View All Tags
MissedResigned / tampered app★ Pinned

Radar / Bet Saracen AR: modified ("resigned") iOS app placed bets from Michigan

RadarBetSaracen
radarbetsaracenios-resigningciV-44

Source. May 19, 2026 weekly sync.
Ticket. CIV-44: Saracen Arkansas — Radar: verify the wagering experience for static connection closer to the border.

What we tested

A resigned Bet Saracen iOS app — re-signed with a developer certificate to remove Apple's app integrity / attestation protections — installed on a device in Michigan and used to attempt real-money betting against the Bet Saracen AR (Radar) deployment.

The same player account was also tested on the unmodified App Store build, as a control.

What happened

  • Resigned app: bets placed from Michigan with no issues. No geolocation challenge, no error message, no session interruption.
  • Unmodified app: correctly blocked on the same account, from the same location. The control behaved as expected.

This isolates the gap to the tampered build — Radar's checks at Bet Saracen do not detect that the iOS app has been resigned.

Why it matters

This is a direct fraud + compliance risk. With a freely-available resigning workflow, a bad actor can:

  1. Re-sign the Saracen iOS app once.
  2. Distribute or use the modified build from any state.
  3. Place real-money bets that bypass Radar's location enforcement.

This finding contradicts the May 11 result where resigned iOS at Bet Saracen + Fanatics was reportedly blocked — the gap may have evolved, the prior detection may have been build-specific, or the integrity check may be running inconsistently. Either way, the May 19 result is the current, verified state.

Cross-reference

Radar profile → · May 19 weekly sync →

MissedResigned / tampered appDevice farmSideload (PlayCover)★ Pinned

Radar / FanDuel WV: three exploitation methods bypass restrictions from Tennessee

RadarFanDuel
radarfanduel-wvios-resigningvmosplaycover

Source. May 11, 2026 weekly sync.
Test evidence (internal Drive): PlayCover videos · FD WV: Spoofing Tests

What we tested

Three distinct exploitation methods against the FanDuel WV (Radar) deployment, from Tennessee:

  1. iOS app resigning — re-signed FanDuel iOS app with security controls bypassed.
  2. Virtualised environment emulation via VMOS — Android device-farm environment running a cloned profile.
  3. Sideloading via PlayCover on ARM-based macOS — iOS app loaded on Apple Silicon Mac via PlayCover.

What happened

All three succeeded. Each technique facilitated out-of-state betting on the WV app. Critical and persistent failure to prevent unauthorized access or potential multi-accounting activities.

Cross-reference — same vectors, different results elsewhere

Radar profile → · May 11 weekly sync →