Radar / Bet Saracen AR: modified ("resigned") iOS app placed bets from Michigan
Source. May 19, 2026 weekly sync.
Ticket. CIV-44: Saracen Arkansas — Radar: verify the wagering experience for static connection closer to the border.
What we tested
A resigned Bet Saracen iOS app — re-signed with a developer certificate to remove Apple's app integrity / attestation protections — installed on a device in Michigan and used to attempt real-money betting against the Bet Saracen AR (Radar) deployment.
The same player account was also tested on the unmodified App Store build, as a control.
What happened
- Resigned app: bets placed from Michigan with no issues. No geolocation challenge, no error message, no session interruption.
- Unmodified app: correctly blocked on the same account, from the same location. The control behaved as expected.
This isolates the gap to the tampered build — Radar's checks at Bet Saracen do not detect that the iOS app has been resigned.
Why it matters
This is a direct fraud + compliance risk. With a freely-available resigning workflow, a bad actor can:
- Re-sign the Saracen iOS app once.
- Distribute or use the modified build from any state.
- Place real-money bets that bypass Radar's location enforcement.
This finding contradicts the May 11 result where resigned iOS at Bet Saracen + Fanatics was reportedly blocked — the gap may have evolved, the prior detection may have been build-specific, or the integrity check may be running inconsistently. Either way, the May 19 result is the current, verified state.
Cross-reference
- Radar / FanDuel WV: resigned iOS bypassed from Tennessee — same vector, second operator.
- Radar / Bet Saracen AR: Oxylabs proxy + Location Guard combo blocked this week — Radar handles network-level spoofing at this operator while missing application-level integrity tampering.