Jason Koebler and Lorenzo Franceschi-Bicchierai received a $100 iPhone X from China and marveled at how convincing the top-to-bottom, software-to-hardware bootleggery is. iOS is recreated down to the pixel as an Android skin; only the sluggish performance, on-screen keyboard give the game away. Even many of the apps are nearly perfect, though once they run into the bad ones, it's immediately clear what is at hand. And how very bad some of them are…
Evans also found “plenty of evidence” of a “wide range of backdoors,” perhaps written by several developers. The fake Safari app uses custom libraries that open a backdoor and allow hackers to run code on the phone remotely. Last year, Google removed 500 apps that had more than 100 million downloads combined from the Play Store because they included one of those libraries.
The fake iPhone also includes two more potential backdoors. One is the notorious ADUPS, a service made by a Chinese company that provides over-the-air firmware updates that is widely considered to be a backdoor. The other is an app called LovelyFont that looks like an “invasive backdoor” that has almost all permissions and potentially leaks data, such as the phone’s IMEI, MAC, and serial number, to a remote server, according to Evans.
Do not log into anything on a bootleg smartphone.