It’s no surprise to anyone that there is a burgeoning market for counterfeit Apple hardware and the iPhone leads the way in this regard. The iPhone X is the hot ticket right now and as a result there is no shortage of fake iPhones to peruse online and while some of them are undeniably bad, there are some that at first blush could catch plenty of people out.
The folks over at Motherboard managed to get their hands on one such phone, and having purchased it for just 1/10th of the price of a real iPhone X, they set about putting the $100 handset through its paces.
Things start off fairly well with the packaging being distinctly Apple-like, and the handset inside the box does have a feel of the iPhone X about it. There’s a notch or sorts, and the overall look and feel of the device would certainly have the uninitiated fooled. It may not look identical to an iPhone X, but it’s not far off.
The phone looks like an iPhone X. It has the same form factor, most of the same detailing, no home button, the same volume rockers and side buttons, a working Lightning port, and the same speaker holes on the bottom of the phone. It also has pentalobe screws on the bottom of the device, just like an iPhone.
However, turning the “iPhone” on is where things start to go wrong. The software is clearly a heavily skinned version of Android rather than iOS, as you might expect, and it has all the problems you might anticipate. Apps that would live on an iPhone have icons here, but they do not necessarily do what you would expect. That means that the Podcasts app launches YouTube, Apple Maps launches Google Maps and so on. That’s mildly amusing, but where things get scary is on the security front.
Motherboard spoke with Trail of Bits researcher Chris Evans who was able to lay out just how dangerous such a phone can be, particularly for an unsuspecting user.
According to Evans, the phone runs a version of Android with a patchwork of code taken from several different sources. The phone is also loaded with backdoors and malicious apps.
The apps, which appear to come from several different online sources, is where it “gets really bad,” as Evans put it in the report shared with Motherboard. Security features such as permissions, regulation, or sandboxing (which keep a vulnerability in one app from affecting other parts of the phone) are “almost non-existent.”
Several of the stock fake Apple apps such as Compass, Stocks, Clock ask for “invasive permissions,” such as reading text messages. It’s unclear if this is a sign that the developers were mediocre or malicious, Evans wrote.
Thankfully, if you buy your iPhone X from a reputable seller you are very unlikely to end up with a counterfeit device, but if someone offers you a deal that is just too good to be true, it’s probably a fair bet that it is. Stay safe out there, and don’t buy anything you’re not 100% sure about.