Click to Skip Ad
Closing in...

Why buying an iPhone X knockoff can be a security nightmare

Published Jul 22nd, 2018 1:03PM EDT
iPhone X Fake
Image: Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

A couple of years ago, a friend of mine travelling through China sent me an email and asked if I’d be interested in a knockoff iPhone 5. “How much is it?” I asked. “About $50,” my friend answered. I decided to pass. Though I was intrigued about what it was like to use a mythical iPhone knockoff, $50 seemed a little steep to satiate what was nothing more than mild curiosity.

My friend ended up picking up an iPhone knockoff for himself, and when I used it briefly, it was entertaining though clearly not a bonafide Apple product from both a hardware and software perspective. Years later, iPhone knockoffs have gotten markedly better at mimicking iOS. More worrisome, though, is that some iPhone knockoffs can be downright dangerous. While a cheap iPhone knockoff can be fun to play around with for a few mins, Jason Koebler of Motherboard recently discovered that such knockoffs can be brimming with malware.

After a colleague of Koebler’s picked up an alleged iPhone X for $100, Koebler was immediately struck by how sophisticated the software looked. While a deeper dive revealed some glaring holes and obvious references to Android, the device at first glance was rather remarkable. It even boasts a working Lightning port! As far as impostor devices are concerned, this one certainly seems top-notch.

So what’s the problem here? Why not have a little bit of fun with an Android posing an iPhone? Well, Koebler eventually sent the device to security researcher Chris Evans who quickly discovered that the device was nothing short of a security nightmare, complete with backdoors and apps designed to spy on user behavior and run code remotely.

“If it isn’t outright malicious its overall security is pretty much non-existent,” Evans told us.

Several of the stock fake Apple apps such as Compass, Stocks, Clock ask for “invasive permissions,” such as reading text messages. It’s unclear if this is a sign that the developers were mediocre or malicious, Evans wrote.

“The mismash of default apps preinstalled on the phone I was given are horribly insecure (if not outright malware),” Evans said.

Put simply, if you’re ever inclined to pick up a knockoff iPhone just for kicks, you’d be well advised to err on the side of caution. And if you simply can’t help yourself, the last thing you want to do is actually enter in any of your credentials for services like email and iCloud.

Yoni Heisler Contributing Writer

Yoni Heisler has been writing about Apple and the tech industry at large with over 15 years of experience. A life long expert Mac user and Apple expert, his writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and TUAW.

When not analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions.