4 posts tagged with "vmos"

Source. May 11, 2026 weekly sync.
Test evidence (internal Drive): PlayCover videos · FD WV: Spoofing Tests

What we tested​

Three distinct exploitation methods against the FanDuel WV (Radar) deployment, from Tennessee:

1. iOS app resigning — re-signed FanDuel iOS app with security controls bypassed.
2. Virtualised environment emulation via VMOS — Android device-farm environment running a cloned profile.
3. Sideloading via PlayCover on ARM-based macOS — iOS app loaded on Apple Silicon Mac via PlayCover.

What happened​

All three succeeded. Each technique facilitated out-of-state betting on the WV app. Critical and persistent failure to prevent unauthorized access or potential multi-accounting activities.

Cross-reference — same vectors, different results elsewhere​

• iOS app resigning was detected at Bet Saracen AR on April 7 — see Radar / Saracen AR: resigned iOS app detected. The gap is FD-WV-specific or build-specific.
• PlayCover was detected at Bet365 MI, Fanatics TN, and Bet Saracen AR on the same day — see cross-operator PlayCover blocked. FD WV is the outlier.
• VMOS is also undetected at Bet Saracen AR — see Bet Saracen AR: VMOS not detected. The Android device-farm gap is wider than just FD WV.

Radar profile → · May 11 weekly sync →

Source. May 11, 2026 weekly sync. Test video: BetSaracen VMOS Test.mov (internal Drive).

What we tested​

Three spoof vectors against Bet Saracen AR (Radar): VMOS Android device-farm, PlayCover sideloading on ARM-based macOS, resigned iOS app.

What happened​

• VMOS (Android) — NOT detected. Out-of-state bet placed from Tennessee.
• PlayCover (ARM macOS) — detected and restricted ✓
• Resigned iOS app — detected and blocked ✓

Why it matters​

The mixed result confirms Radar's posture is per-vector-uneven: catches the ARM-macOS hardware-abstraction vector and resigned iOS app integrity, but the Android VMOS device-farm slips through. This is also the second operator (after FanDuel WV) where the same VMOS gap shows up — a structural Android detector issue.

Radar profile → · FD WV three-method bypass → · May 11 weekly sync →

Source. April 7, 2026 weekly sync.

What we tested. Repeat of the March 31 VMOS Android device-farm test on FanDuel WV.

What happened. VMOS usage was not detected this time. The tester placed bets from Tennessee on the West Virginia app.

Why it matters. Two consecutive weeks, opposite results on the same vector + operator combination. Either:

• Radar's device-farm detector has regressed between the two Android build releases the tests targeted, or
• The detector is flaky / instrumentation-sensitive — which is worse, because operators can't rely on what'll happen on any given session.

Cross-reference: VMOS also went undetected at Bet Saracen AR on May 11. The pattern is "VMOS Android catches some sessions, misses others" — not a stable detection posture.

Radar profile → · March 31 positive result → · April 7 weekly sync →

Source. March 31, 2026 weekly sync — Field Testing section.

What we tested. VMOS (virtual Android OS) device-farm scenario on the FanDuel WV Android app (Radar-instrumented). Spun up a virtualised device profile and attempted to wager.

What happened. Radar successfully identified the virtual OS environment used to manipulate device integrity. Detection fired.

Why it matters. This is a genuine positive Radar result — worth recording for parity. The sales narrative is honest: Radar catches some device-farm attacks but not all of them. Cross-reference the April 7 weekly: on the second attempt, VMOS was not detected, allowing bets from TN on the WV app — pointing to either a regression or a flaky/instrumentation-sensitive detector. Follow-up validation is scheduled pending the next Android app release.

Radar profile → · March 31 weekly sync → · April 7 weekly sync (regression) →