Competitive Intelligence โ Weekly Sync
๐ Week 9 โ May 26, 2026 ยท โฑ 30 minutes ยท ๐ฅ Weekly cadence
Agendaโ
| # | Topic |
|---|---|
| 1 | Competitive and Client Testing โ Key Findings |
| 2 | Competitive Research โ Key Findings |
| 3 | Win/Loss โ Competitive Win-Backs (Salesforce) |
| 4 | Social Media โ Key Findings |
| 5 | What's Next โ Open Planning |
1 ยท Competitive and Client Testing (Julia) โ Key Findingsโ
Confirmed compliance vulnerability โ iOS-on-Mac sideloadingโ
- โ FanDuel WV (Radar) โ iOS betting app runs undetected on Mac via PlayCover, real-money bet placed
PlayCover allows the iPhone / iPad app to run on a Mac while spoofing location. Radar did not detect the non-standard environment; both the standard and an advanced variant of the technique produced the same result. PlayCover was confirmed blocked the prior week on Bet365 MI and Fanatics TN โ FanDuel WV is the standing outlier.
๐ซ CIV-61 โ iOS spoofing testing with PlayCover tool
Confirmed compliance vulnerabilities โ Remote Desktop undetectedโ
- โ Bet365 NJ (XPoint) โ macOSโmacOS RDP via Tailscale + Screen Sharing undetected
Tailscale put two Macs on the same private network; macOS Screen Sharing drove one from the other. Tester accessed Bet365 NJ from a different physical location and placed bets. Follow-up testing across Radar, OpenBet, and GeoComply-integrated clients has been requested.
๐ซ CIV-73 โ Bet365 NJ: Remote Desktop via macOS Screen Sharing (XPoint)
Bet365 MI โ full integration validation (Radar / XPoint)โ
- โ Bet365 MI (Radar / XPoint) โ five issues in one cycle: near-border lag, FaceTime + Windows RDP undetected, jurisdiction error, UX recovery broken
Full validation of the Bet365 MI integration:- Near the Canadian border (Belle Isle): unreliable behaviour 200โ1,000 m from the border; insufficient buffer-zone enforcement.
- Detroit โ Canada cross-border: erroneous jurisdiction alert on the betting slip incorrectly stating wagering is restricted to NJ residents.
- iOS FaceTime RDP: undetected. Tester in MA placed bets remotely on a device in MI.
- Windows RDP: undetected. Tester in MA placed sportsbook and casino wagers on a device in MI.
- UX recovery flow: persistent app glitches after any location failure, such as a VPN-detection event โ forced restart required to resume.
๐ซ CIV-63 โ Bet365 MI: full Radar / XPoint integration research
Ontario โ mkodo / GeoLocs โ multiple compliance failuresโ
- โ High Flyer Casino TN (GeoLocs / mkodo) โ iOS + Android spoofing, blocks only at game-provider level
Safari + iAnyGo + VPN succeeded on iOS; Android succeeded too. iOS Emulator path produced identical results to native Android. Some individual games surfaced location errors โ enforcement comes from the game providers themselves, not from the operator.
๐ซ CIV-52 โ Ontario: mkodo / GeoLocs โ Compliance Failures & Retest - โ OLG Ontario (GeoLocs / mkodo) โ Ontario VPN allowed; Netherlands VPN only blocked on re-entry, no user-facing error
Ontario-based VPN was authorised when location services remained active โ unrestricted wagering. Netherlands VPN did not trigger immediate session termination; only blocked on re-entry after a game exit, with no explanatory error.
๐ซ CIV-52
Bet Saracen AR (Radar)โ
- โ Saracen AR (Radar) โ pre-installed Windows RDC no longer prevents app access; block fires without UX guidance
Retest since May 19 contradicts the April 19 finding: simply having RDC installed on Windows 10/11 is no longer enough to block the app. Block does fire on launch even with no remote session running, but with no explanatory error or recovery guidance.
๐ซ CIV-75 โ Saracen AR: Radar Verify app retest, full competitor validation
Attacks successfully stopped (negative results)โ
- โ Fanatics MI (OpenBet) โ GPS spoofing hardware detected (new market)
Real-time location-anomaly warning; session prevented from continuing. Replicates the Fanatics TN outcome from the prior cycle โ second-market confirmation of OpenBet's GPS-simulator handling.
๐ซ CIV-48 - โ Fanatics WV (OpenBet) โ FaceTime screen sharing detected at session start, account / device blocked
FaceTime screen-sharing initiated at the start of a Fanatics WV session was detected immediately. Direct contrast to the Bet365 MI iOS-FaceTime-RDP gap this same week.
๐ซ CIV-59 - โ OLG iOS (GeoLocs / mkodo) โ session terminated immediately when location services disabled
The basic compliance pre-condition (no location signal โ no wager) works. Pair with the same week's OLG VPN gap โ the vendor enforces on missing signal but trusts a present-but-spoofed one too uncritically.
๐ซ CIV-52
2 ยท Competitive Research (Valeria) โ Key Findingsโ
Placeholder โ Valeria to add.
3 ยท End-user Feedback (Valeria) โ Key Findingsโ
๐ Full dataset: Social Media Competitive Signals ยท Reddit + X/Twitter public posts. Monitoring initiated March 2026.
Placeholder โ Valeria to add.
4 ยท What's Next โ Plan for Next Weekโ
Field Testing โ Active & Upcomingโ
- CIV-64 โ MI Advanced Spoofing
- Fanatics MI โ jailbroken iOS
- BetRivers MI, Bet365 MI โ VMOS device setup in progress before BH team training
- CIV-78 โ GeoComply: Remote Control of Jailbroken iOS via TeamViewer
- CIV-74 โ RDP via macOS Screen Sharing โ extend Bet365 NJ findings to Radar, OpenBet, GeoComply clients
- CIV-45 โ Alberta launch: GeoLocs / mkodo competitor testing
Betting Hero โ Upcoming Tasksโ
- CIV-63 โ Bet365 MI: full Radar / XPoint integration research โ retest RDP detection
- CIV-67 โ Michigan โ Wisconsin IP verification
- CIV-55 โ mkodo / GeoLocs: full validation
- CIV-54 โ Locance (LocationSmart): full validation
- CIV-42 โ RSI (BetRivers) in DE: CPU usage on macOS
Integrations teamโ
- TBD
All findings this weekโ
- FanDuel WV (Radar): iOS-on-Mac PlayCover bypass (FAIL)
- Bet365 NJ (XPoint): macOSโmacOS RDP via Tailscale + Screen Sharing (FAIL)
- Bet365 MI (Radar / XPoint): full validation โ 5 issues in one cycle (FAIL)
- High Flyer Casino TN (GeoLocs / mkodo): iOS + Android spoofing (FAIL)
- OLG Ontario (GeoLocs / mkodo): VPN allowed + Netherlands VPN late detection (FAIL)
- Saracen AR (Radar): pre-installed Windows RDC no longer prevents access (FAIL)
- Fanatics MI (OpenBet): GPS spoofing hardware detected (PASS)
- Fanatics WV (OpenBet): FaceTime screen sharing detected at session start (PASS)
- OLG iOS (GeoLocs / mkodo): session terminated when location services off (PASS)
Competitor profilesโ
Radar โ ยท Xpoint โ ยท OpenBet โ ยท GeoLocs โ ยท Locance โ