Review of a disarmingly convincing $100 counterfeit iPhone X

Jason Koebler and Lorenzo Franceschi-Bicchierai received a $100 iPhone X from China and marveled at how convincing the top-to-bottom, software-to-hardware bootleggery is. iOS is recreated down to the pixel as an Android skin; only the sluggish performance, on-screen keyboard give the game away. Even many of the apps are nearly perfect, though once they run into the bad ones, it's immediately clear what is at hand. And how very bad some of them are...

Evans also found “plenty of evidence” of a “wide range of backdoors,” perhaps written by several developers. The fake Safari app uses custom libraries that open a backdoor and allow hackers to run code on the phone remotely. Last year, Google removed 500 apps that had more than 100 million downloads combined from the Play Store because they included one of those libraries.

The fake iPhone also includes two more potential backdoors. One is the notorious ADUPS, a service made by a Chinese company that provides over-the-air firmware updates that is widely considered to be a backdoor. The other is an app called LovelyFont that looks like an “invasive backdoor” that has almost all permissions and potentially leaks data, such as the phone’s IMEI, MAC, and serial number, to a remote server, according to Evans.

Do not log into anything on a bootleg smartphone. Read the rest

Want to review Comey's book on Amazon? You gotta buy it

Amazon has long had a problem with shill reviews and quiet removal of negative reviews, but the flood of questionable anti-Comey book reviews by non-purchasers finally prompted them to require a verified purchase in order to rate the book. Read the rest

Amazon is suing its own retailers over fake reviews

If you're an Amazon seller and you pay people to review your products on Amazon, the company may sue you. The online commerce giant sued three sellers today for using sockpuppet accounts to post glowing but phony product reviews. Read the rest

8 habits of highly effective fraudsters

Scientists aren't always right. In fact, individual research papers turn out to be wrong pretty often and scientists are the first people to tell you that they don't know everything there is to know. They're just working on it with more rigor than most of us.

But scientists are also people. And sometimes, they lie. At Ars Technica, John Timmer looks at some of the most famous cases of scientific fraud and comes away with 8 key lessons that show us how science's biggest scam artists got away with faking their data—sometimes for years.

1) Fake data nobody ever expects to see. If you're going to make things up, you won't have any original data to produce when someone asks to see it. The simplest way to avoid this awkward situation is to make sure that nobody ever asks. You can do this in several ways, but the easiest is to work only with humans. Most institutions require a long and painful approval process before anyone gets to work directly with human subjects. To protect patient privacy, any records are usually completely anonymized, so no one can ever trace them back to individual patients. Adding to the potential for confusion, many medical studies are done double-blind and use patient populations spread across multiple research centers. All of these factors make it quite difficult for anyone to keep track of the original data, and they mean that most people will be satisfied with using a heavily processed version of your results.

3) Tell people what they already know.

Read the rest

Down and out in the tragic kingdom

Reuters' David Gray explored Wonderland, an unfinished Disneyland clone outside of Beijing. Here, a farmer tends crops in a field now encompassing the abandoned Cinderella Castle-style building that was to be a centerpiece. Construction work at the park, promoted by developers as "the largest amusement park in Asia", stopped around 1998; disagreements over property prices with the local government and farmers are cited as factors. Read the rest