Apple products have always been the top choice of counterfeiters in China, who now are selling a fake iPhone X for $100 that looks almost identical to the original both inside and out. According to Motherboard, the counterfeit version of Apple’s $1000 flagship is designed in the most sophisticated way possible using the iOS skin for the Android and a chassis that mimics the iPhone X perfectly.
Fake iPhone X almost identical to original
From design to packaging, everything about the fake iPhone X looks identical to the original. The packaging reads “Designed by Apple in California” and a paper insert talks about how to use the Face ID. There is also an IMEI number printed on the side of the box that is similar to the legitimate iPhone X.
The fake iPhone X does not look anything like a cheap knockoff, instead it appears almost original with a working lightning port for data and charging and both front and rear cameras. However, the advanced features such TrueDepth 3D sensing and the Haptic Engine are missing.
Further, the fake iPhone X has the same interface elements in the camera app and the calculator has the same circular button and numbers. The processor inside the phone is MediaTek MT6580, a chip popularly used in the inexpensive Chinese Android phones. Apple is reportedly in talks with the same company for the 5G modem for iPhones, as well as integrated wireless chips for the HomePod speakers.
Closer look reveals the truth
At first glance, the User Interface and apps appear to be from Apple, but a closer look reveals Android 6 Marshmallow. Once the phone is switched on, it becomes abundantly clear that it is not the original iPhone X. The App Store also looks identical, but according to Motherboard, many apps don’t run properly while others open third-party alternatives.
Once the Face ID settings are open it becomes crystal clear that the phone is nothing more than a cheap knockoff. In the settings menu, when the “Add a Face ID” option is clicked, the phone opens the camera and draws a green box around the face of the user stating “Face Added” and then closes. “I was then able to unlock the phone with my face. So was literally anyone else who put their face in front of the phone,” read the report from Motherboard.
The keyboard feels every bit like an Android, but when the App Store crashed, a message popped up reading “Google Play Store” had malfunctioned. While the Weather App is Yahoo! Weather, the Health App is a third-party app asking to click cartoon avatars for selecting if the user is a boy or a girl.
On clicking the Podcast app, the user is redirected to YouTube, while clicking Apple Maps opens Google Maps. So, it can be said that though the device looks just like an iPhone, it is actually an Android that has been reskinned from top-to-bottom to appear as close to an iPhone as is possible.
Serious security concerns
Despite bearing very close resemblance to the iPhone X, using the fake iPhone poses serious security concerns for the users. Motherboard collaborated with researcher Chris Evans to estimate the security threat that comes along with the fake phone. According to Evans, the phone runs on a version of Android that includes a patchwork of code taken from several different sources. The fake phone is also full of backdoors and malicious apps.
According to Evans, the apps appear to come from various online sources, and security features such as permission, regulation or sandboxing are nowhere to be found. Also, the phone is loaded with various fake stock Apple apps such as Compass and Clock that demand “invasive permission” like reading text messages. Evans noted that it is not clear what such security hazards mean – either developers were just mediocre or have malicious intent.
The fake Safari apps deploy the custom library that gives way to a backdoor allowing hackers to remotely run code on the phone. Just last year, Google weeded out about 500 apps (with over 100 million downloads combined) from the Play Store because they included libraries.
The backdoors do not end here as the researchers also found ADUPS. For the uninitiated, ADUPS is a service by a Chinese company that offers over-the-air firmware updates that are considered to be a backdoor. Another backdoor app is LovelyFont that seems like “invasive backdoor” and has almost all the permissions. The app is suspected to leak data such as phone’s IMEI, MAC, and serial number to a remote server.
When more advanced features were tested such as Siri’s graphical interface, the fake iPhone X went off the rails. It “seems to be a legitimate, albeit poor attempt at integrating a voice application launcher,” Evans wrote. All the queries are sent through Siri, but are routed through a Chinese voice command library called iFlyTek, and weather checking and translation are directed to a Baidu server.
