3 posts tagged with "playcover"

View All Tags

DetectedSideload (PlayCover)

Cross-operator: iOS PlayCover sideloading blocked at Bet365 MI, Fanatics TN, Bet Saracen AR ✓

Radar

Xpoint

OpenBetbet365Fanatics SportsbookBetSaracen

radarxpointopenbetplaycoversideload

Source. May 11, 2026 weekly sync — "Unsuccessful Spoofing Methods" section.

What we tested

PlayCover-based sideloading of iOS apps onto ARM-based macOS, attempted against three operators in three jurisdictions:

Operator	Geo provider	Result
Bet365 MI	Xpoint (web)	✓ Neutralized at authentication
Fanatics TN	OpenBet Locator	✓ Neutralized at authentication
Bet Saracen AR	Radar	✓ Identified at the betting stage

What happened

No successful exploitations across the three tested jurisdictions. All three platforms have robust defense against this hardware- abstraction method.

Why it matters

PlayCover is the most credible iOS-on-Mac sideload tool. Three different geo vendors blocking it on three different operators is a clean "compliant tier" signal — worth recording as parity context against the FD WV PlayCover bypass on the same day, which is the outlier.

FD WV PlayCover bypass (failure) → · May 11 weekly sync →

MissedResigned / tampered appDevice farmSideload (PlayCover)★ Pinned

Radar / FanDuel WV: three exploitation methods bypass restrictions from Tennessee

RadarFanDuel

radarfanduel-wvios-resigningvmosplaycover

Source. May 11, 2026 weekly sync.
Test evidence (internal Drive): PlayCover videos · FD WV: Spoofing Tests

What we tested

Three distinct exploitation methods against the FanDuel WV (Radar) deployment, from Tennessee:

iOS app resigning — re-signed FanDuel iOS app with security controls bypassed.
Virtualised environment emulation via VMOS — Android device-farm environment running a cloned profile.
Sideloading via PlayCover on ARM-based macOS — iOS app loaded on Apple Silicon Mac via PlayCover.

What happened

All three succeeded. Each technique facilitated out-of-state betting on the WV app. Critical and persistent failure to prevent unauthorized access or potential multi-accounting activities.

Cross-reference — same vectors, different results elsewhere

iOS app resigning was detected at Bet Saracen AR on April 7 — see Radar / Saracen AR: resigned iOS app detected. The gap is FD-WV-specific or build-specific.
PlayCover was detected at Bet365 MI, Fanatics TN, and Bet Saracen AR on the same day — see cross-operator PlayCover blocked. FD WV is the outlier.
VMOS is also undetected at Bet Saracen AR — see Bet Saracen AR: VMOS not detected. The Android device-farm gap is wider than just FD WV.

Radar profile → · May 11 weekly sync →

PartialDevice farm

Radar / Bet Saracen AR: VMOS not detected — but PlayCover + resigned iOS blocked ✓

RadarBetSaracen

radarsaracenvmosplaycoverresigned-ios

Source. May 11, 2026 weekly sync. Test video: BetSaracen VMOS Test.mov (internal Drive).

What we tested

Three spoof vectors against Bet Saracen AR (Radar): VMOS Android device-farm, PlayCover sideloading on ARM-based macOS, resigned iOS app.

What happened

VMOS (Android) — NOT detected. Out-of-state bet placed from Tennessee.
PlayCover (ARM macOS) — detected and restricted ✓
Resigned iOS app — detected and blocked ✓

Why it matters

The mixed result confirms Radar's posture is per-vector-uneven: catches the ARM-macOS hardware-abstraction vector and resigned iOS app integrity, but the Android VMOS device-farm slips through. This is also the second operator (after FanDuel WV) where the same VMOS gap shows up — a structural Android detector issue.

Radar profile → · FD WV three-method bypass → · May 11 weekly sync →

What we tested​

What happened​

Why it matters​

What we tested​

What happened​

Cross-reference — same vectors, different results elsewhere​

What we tested​

What happened​

Why it matters​

What we tested

What happened

Why it matters

What we tested

What happened

Cross-reference — same vectors, different results elsewhere

What we tested

What happened

Why it matters