One day after work, Motherboard security reporter Lorenzo Franceschi-Bicchierai and I took the phone to Trail of Bits, a security research and consulting firm in New York City, to try to figure out exactly what was running under the hood of what—at first glance—looks like a real iPhone running real iOS.





The researchers were initially wowed with the device, and were surprised that it used a Lightning port and a software notch. They assumed that the device was likely insecure, and kept it in a faraday bag, which blocks all incoming and outgoing wireless signals, to keep it from potentially causing any trouble at their office. A few weeks later, Trail of Bits researcher Chris Evans wrote up an initial security report for us.





According to Evans, the phone runs a version of Android with a patchwork of code taken from several different sources. The phone is also loaded with backdoors and malicious apps.





“If it isn’t outright malicious its overall security is pretty much non-existent,” Evans told us.



