TL;DR: Deepfake and synthetic identity fraud is a top concern for 96.4% of fintech professionals, while nearly 30% encountered such incidents in the past year, according to Incode. The article links iPhone jailbreaking and Android rooting to camera injection, device spoofing, and multi-angle fraud, and the governing problem is that identity checks relying on a trusted device and live camera feed can be subverted at the same time.
NHIMG editorial — based on content published by Incode: How iPhone Jailbreaking Is Used to Commit Deepfake Fraud
By the numbers:
- 96.4% of fintech professionals consider deepfake and synthetic identity fraud a top-of-mind concern.
- Almost 30% reported that they had either occasionally or frequently encountered incidents of deepfake or synthetic identity fraud in the past year.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes.
Questions worth separating out
Q: How should security teams detect deepfake fraud when devices may be jailbroken or rooted?
A: Use correlated signals rather than any single indicator.
Q: Why do jailbroken and rooted devices increase identity fraud risk?
A: They give attackers control over the operating environment, which lets them bypass device checks, spoof location, tamper with camera feeds, and run automation that looks like a legitimate user session.
Q: What breaks when liveness checks rely on the camera feed alone?
A: They break when the attacker can intercept or replace the feed before the verification logic sees it.
Practitioner guidance
- Correlate device, camera, and behaviour signals Require onboarding decisions to combine device posture, camera integrity, and interaction pattern telemetry before trust is granted.
- Tighten liveness controls against camera injection Validate camera feed provenance, not only liveness motion or image response.
- Score tamper risk as part of identity assurance Create a risk score that weights jailbreak or root indicators alongside behavioural anomalies and geolocation inconsistencies.
What's in the full article
Incode's full blog post covers the operational detail this post intentionally leaves for the source:
- Step-by-step examples of how jailbroken iPhone and rooted Android devices are used in deepfake fraud flows
- Specific device, camera, and behaviour signals the vendor uses to detect tampering during onboarding
- How multi-frame video liveness is applied to spot spoofing attempts in real sessions
- Operational examples of escalating or blocking high-risk verification attempts after signal correlation
👉 Read Incode's analysis of how jailbroken devices are used in deepfake fraud →
Jailbroken devices and deepfake fraud: are your controls keeping up?
Explore further
Device integrity has become an identity control, not a mobile security side issue. The article shows that jailbreaks and rooting are used to weaken the trust foundation beneath KYC and KYE flows, not just to alter the phone. That shifts the control discussion from device hardening alone to identity assurance across endpoint, camera, and behaviour signals. Practitioners should treat endpoint integrity as part of the identity decision, not a separate security domain.
A few things that frame the scale:
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
A question worth separating out:
Q: Who is accountable when compromised devices are used to bypass KYC or KYE?
A: Accountability sits with the identity programme owner, fraud operations, and the teams responsible for endpoint and verification policy. The control failure is usually a governance gap, not a single tool failure. If the workflow can approve synthetic input, the programme must own that risk explicitly.
👉 Read our full editorial: Jailbroken devices are amplifying deepfake fraud in identity checks