A Chinese court has found phone manufacturer Gionee guilty of intentionally implanting malware in more than 21.75 million smartphones to generate revenue from users.
Shenzhen Zhipu Technology, a subsidiary of Gionee, together with its partner, Beijing Baice, implanted a Trojan Horse program in Gionee smartphones via an update to the Story Lock Screen app in 2018, according to an official document released by the People’s Court of Yiwu City, Zhejiang Province.
The software is installed on the affected phones without users’ knowledge through a hot code push functionality, which allows an automatic update to mobile apps when the server is updated, without going through any app reviews.
A hot update plugin called “Dark Horse Platform” was proposed by Baice in December 2018 to increase the efficiency of the “pull method”, which is used to launch the app and boost daily active user count.
The SDK version of the Story Lock Screen app was upgraded with Trojan plugins while the Dark Horse Platform was used to install and update the “Living Trojan Horse” without the user’s knowledge, court documents revealed.
The “pull method” was then activated 2.88 billion times between December 2018 and October 2019, generating a revenue of 27.85 million yuan ($4.2 million) for the two companies through unsolicited ads and other illegitimate means, the court added.
Shenzhen Zhipu was given a fine of 400,000 yuan ($61,000) for “illegally controlling computer information systems”.
Zhipu is a software technology company specializing in advertising operations and gaming products, and Gionee owns 85% of its shares. Beijing Baice was Zhipu’s partner in the update scheduler.
Four of Zhipu’s employees — Xu Li, Zhu Ying, Jia Zhengqiang and Pan Qi — were sentenced to three to three years and six months in jail and fined 200,000 ($30,000) each.
The court also said Baice worked with other companies in developing this illegal pull function, naming Microfountain, a mobile internet research and operations startup and Flyme, a smartphone brand. Both companies are based in Zhuhai, Guangdong.
The phone manufacturer responded to the allegations in a Weibo statement last night: “Flyme’s operations has always adhered to the law and did not participate in related illegal incidents. In the future, we will continue to strengthen our mobile phone security business to ensure information security.”
In August, two Chinese phone manufacturers — Tecno and Infinix — were accused of stealing money from users. The devices from the brand came with preinstalled malware that would sign users up to subscription services without their permission.
Shenzhen-based Gionee, founded by Liu Lirong in 2002, used to be one of China’s largest mobile phone manufacturers and was ranked No. 1 in domestic mobile phone sales at its peak in 2010.
However, sales declined rapidly after the launch of Apple’s iPhones and in December 2018, the Shenzhen Intermediate People’s Court accepted a bankruptcy liquidation application filed by Huaxing Bank against Gionee. The company was subsequently acquired by India-based Jaina Group.