If there’s a cautionary tale, it’s this.
Vice’s Jason Koebler and Lorenzo Franceschi-Bicchierai have written a full review of a $100 iPhone X knock off from China. The piece centers on how convincing the top-to-bottom, software-to-hardware bootleggery is. iOS is recreated down to the pixel as an Android skin and only the sluggish performance, on-screen keyboard give the game away.
Even many of the apps are nearly perfect, which shows the level of detail that’s gone into the creation of the handset.
Even so, reviewers found “plenty of evidence” of a “wide range of backdoors,” perhaps written by several developers. The fake Safari app uses custom libraries that open a backdoor and allow hackers to run code on the phone remotely. Last year, Google removed 500 apps that had more than 100 million downloads combined from the Play Store because they included one of those libraries.
The knock off device also include two additional potential backdoors:
– ADUPS: A service made by a Chinese company that provides over-the-air firmware updates that is widely considered to be a backdoor.
– LovelyFont: This opens what might be considered an “invasive backdoor” that has almost all permissions and potentially leaks data, such as the phone’s IMEI, MAC, and serial number, to a remote server.
Of course, do not log into anything on a bootleg smartphone.
Via Boing Boing and Vice