The market of counterfeit Apple products has been well documented in the past, with offerings ranging from knockoff AirPods to deceivingly well-designed Apple Watch clones. Now, a new report from Motherboard examines a counterfeit iPhone X purchased for $100…

Right off the bat, in terms of design, the counterfeit iPhone X largely resembles one you’d buy from an Apple Store:

The packaging is also eerily similar, with the same “Designed by Apple in California” branding and a paper insert explaining how to use Face ID. There’s even an IMEI number printed on the side of the box that corresponds to a legitimate iPhone X.

Once you turn the device on, however, it becomes abundantly clear that this is not the real deal. The notch along the top is purely software-created, while the display doesn’t actually extend all the way to the bottom of the chassis.

Perhaps one of the most humorous parts of the setup process on this “iPhone X” was setting up Face ID:

Elsewhere throughout the OS, it’s abundantly clear the device runs a skinned version of Android. The so-called App Store crashes regularly, displaying a popup that reads “Google Play Store” has crashed. Opening “Apple Maps” actually just opens Google Maps, “Podcasts” opens the YouTube app, and more.

Most importantly of all, however, are the grave security concerns that come with using a device like this. Motherboard worked with Trail of Bits researcher Chris Evans to break down just how insecure this counterfeit iPhone X really is:

While you might not ever be in the position of accidentally (or purposefully) buying a counterfeit iPhone X, it’s incredibly clear there is a market for such a device. The one highlighted by Motherboard was purchased in Shenzhen, China, and that $100 price tag makes it an enticing, but unwise purchase, for someone looking to get an iPhone X-esque design on a budget.

The apps, which appear to come from several different online sources, is where it “gets really bad,” as Evans put it in the report shared with Motherboard. Security features such as permissions, regulation, or sandboxing (which keep a vulnerability in one app from affecting other parts of the phone) are “almost non-existent.”

Several of the stock fake Apple apps such as Compass, Stocks, Clock ask for “invasive permissions,” such as reading text messages. It’s unclear if this is a sign that the developers were mediocre or malicious, Evans wrote.

Read Motherboard’s full piece for additional details.