One correction - TechCrunch claim Big Fish would be "the first time a real-money gambling game will be available on the app store". That's simply not true: there are several real-money games already available in jurisdictions where online gambling is legal. The large betting exchange BetFair, for example, have a casino games app with real money: http://itunes.apple.com/gb/app/betfair-casino/id505191581?mt...
Correct, this is not the first real-money gambling app on iOS. However, it is the first existing iOS game wholly owned by a third party that has implemented Betable to facilitate real-money bets. So that's pretty big news for us :)
One issue that a service like this is going to run into relates to security. The fact that this application needs to be secure from local tampering and unauthorized betting is obvious -- what may not be as obvious to some readers is the location-based access control that needs to be built into legal gambling applications.
Several casinos in the United States (Nevada, from what I've seen) have already built and released apps to allow, for example, poker or sports betting from within the associated casino. Some of these also allow betting from wireless connections within the state of Nevada.
This is where the idea starts to get really sticky.
If you're allowed to gamble from certain geographic locations, but not entire regions, how do you enforce access control? GeoIP is somewhat reliable, but border towns can fall on either side of the coin.
Wireless networking is generally not super long-range, but the DEFCON wireless shootout proved that it's possible to sustain a wireless signal from hundreds of miles away, given the correct (in this case, desert) conditions.
And that's not even mentioning transport layer issues. Could I set up a VPN in England to use this Big Fish app and gamble pseudo-legally from my phone in the States? If I do so, who's liable? What about simple SOCKS proxies? Dedicated/colocated boxes in the "allowed" region?
I think that this is really cool technology, and I'm excited to see it succeed. That said, as a security guy, I can't help but wonder who would be liable in these edge cases.
And, as I mentioned at the beginning of the post, I'd love to know exactly what security precautions are in place to prevent unauthorized bets and tampering. For example, let's say you're using this phone in a Starbucks. Will an SSL error (I can only hope they're using SSL) prevent the connection occurring at all? Will it give the user a chance to accept the change? Can I just submit a spoofed request to transfer me money, or is there some sort of "two factor" key on the phone itself?
It's an interesting problem, and I'm sure Big Fish has come up with interesting solutions.
While I can't give you a technical answer as I'm just the marketing guy, I can tell you that simply setting up a VPN in England is not going to work. We have a number of state-of-the-art gating techniques for identifying and prohibiting players from using our service illegally. We check for much more than Geo-location and IP. Obviously I can't get into as much detail as I'd like, but that's the gist of it.
Also, as Betable is doing all of the gambling, in the event that an extreme edge case occurs we would be liable, not the game developer working with us.
Unfortunately I can't answer the following questions about security precautions, but I can see if one of our engineers can hop on the thread to respond. I'll get back to you.
"...I can't give you a technical answer as I'm just the marketing guy..."
"Unfortunately I can't answer the following questions about security precautions, but I can see if one of our engineers can hop on the thread to respond."
I don't think he's not explaining it because it would be insecure. He's not explaining it because he doesn't know it well enough.
I love what Betable's doing and I'm excited for their team. I took part in their first hackathon in SF a few weekends ago and built an app on their platform.
The brilliant part of their business is that they're the casino. You give them the inputs, they give you the outputs but all of the actual gambling, for every app, all of the odds - everything - is all handled by them.
This will promote a flood of apps exploring real-money gambling on all platforms. Google and Apple are probably worried on the due diligence on this kind of games, if the odds are respected, if there is no possibility of rigged games, etc etc
We actually take this very seriously at Betable. We do due diligence on all games that go live with our platform. There are two reasons: the legal reasons, and because the long-term health of our ecosystem depends on it. If players get ripped off, they won't come back. We're going to make sure every game is legal, fair and fun for those reasons.
I imagined this was one of the main concerns.. what I learned now from your comment, is that everything runs through Betable, makes a lot of sense, but Apple probably would still want to be extra careful. Are Google, Apple and MS already doing due diligence on Betable to approve the games that would go live with your platform? Will it work like a "Betable seal of approval" ?
Does this include checksums of server-side code, or random interval testing?
I am not sure how deeply you can go into your vetting process publicly, but I'd love to know how you can prevent a shadier company from pulling a bait-and-switch to change the odds of their games after you've approved them as a trusted vendor.
I can't go into more detail about our vetting process, but I can tell you that game companies cannot change the odds of their game without our approval.
It is hard to imagine that a noticable fraction of gamblers would be able to understand if they are being ripped off. Only a small corps of elite poker players and card counters would notice, but the usual hordes of slot machine pullers will dominate the audience.
