MissedResigned / tampered appDevice farmSideload (PlayCover)★ Pinned
Radar / FanDuel WV: three exploitation methods bypass restrictions from Tennessee
radarfanduel-wvios-resigningvmosplaycover
Source. May 11, 2026 weekly sync.
Test evidence (internal Drive): PlayCover videos · FD WV: Spoofing Tests
What we tested
Three distinct exploitation methods against the FanDuel WV (Radar) deployment, from Tennessee:
- iOS app resigning — re-signed FanDuel iOS app with security controls bypassed.
- Virtualised environment emulation via VMOS — Android device-farm environment running a cloned profile.
- Sideloading via PlayCover on ARM-based macOS — iOS app loaded on Apple Silicon Mac via PlayCover.
What happened
All three succeeded. Each technique facilitated out-of-state betting on the WV app. Critical and persistent failure to prevent unauthorized access or potential multi-accounting activities.
Cross-reference — same vectors, different results elsewhere
- iOS app resigning was detected at Bet Saracen AR on April 7 — see Radar / Saracen AR: resigned iOS app detected. The gap is FD-WV-specific or build-specific.
- PlayCover was detected at Bet365 MI, Fanatics TN, and Bet Saracen AR on the same day — see cross-operator PlayCover blocked. FD WV is the outlier.
- VMOS is also undetected at Bet Saracen AR — see Bet Saracen AR: VMOS not detected. The Android device-farm gap is wider than just FD WV.