The market of counterfeit Apple products has been well documented in the past, with offerings ranging from knockoff AirPods to deceivingly well-designed Apple Watch clones. Now, a new report from Motherboard examines a counterfeit iPhone X purchased for $100…
Sylvania HomeKit Light Strip
Right off the bat, in terms of design, the counterfeit iPhone X largely resembles one you’d buy from an Apple Store:
The phone looks like an iPhone X. It has the same form factor, most of the same detailing, no home button, the same volume rockers and side buttons, a working Lightning port, and the same speaker holes on the bottom of the phone. It also has pentalobe screws on the bottom of the device, just like an iPhone.
The packaging is also eerily similar, with the same “Designed by Apple in California” branding and a paper insert explaining how to use Face ID. There’s even an IMEI number printed on the side of the box that corresponds to a legitimate iPhone X.
Once you turn the device on, however, it becomes abundantly clear that this is not the real deal. The notch along the top is purely software-created, while the display doesn’t actually extend all the way to the bottom of the chassis.
Perhaps one of the most humorous parts of the setup process on this “iPhone X” was setting up Face ID:
I clicked over to Face ID in the settings menu, clicked “Add a Face ID,” and was hilariously bounced over to the camera, which did manage to draw a green box around my face. It said “Face Added,” and closed. I was then able to unlock the phone with my face. So was literally anyone else who put their face in front of the phone.
Elsewhere throughout the OS, it’s abundantly clear the device runs a skinned version of Android. The so-called App Store crashes regularly, displaying a popup that reads “Google Play Store” has crashed. Opening “Apple Maps” actually just opens Google Maps, “Podcasts” opens the YouTube app, and more.
Most importantly of all, however, are the grave security concerns that come with using a device like this. Motherboard worked with Trail of Bits researcher Chris Evans to break down just how insecure this counterfeit iPhone X really is:
According to Evans, the phone runs a version of Android with a patchwork of code taken from several different sources. The phone is also loaded with backdoors and malicious apps.
The apps, which appear to come from several different online sources, is where it “gets really bad,” as Evans put it in the report shared with Motherboard. Security features such as permissions, regulation, or sandboxing (which keep a vulnerability in one app from affecting other parts of the phone) are “almost non-existent.”
Several of the stock fake Apple apps such as Compass, Stocks, Clock ask for “invasive permissions,” such as reading text messages. It’s unclear if this is a sign that the developers were mediocre or malicious, Evans wrote.
While you might not ever be in the position of accidentally (or purposefully) buying a counterfeit iPhone X, it’s incredibly clear there is a market for such a device. The one highlighted by Motherboard was purchased in Shenzhen, China, and that $100 price tag makes it an enticing, but unwise purchase, for someone looking to get an iPhone X-esque design on a budget.