Hear this story and other latest updates on our Let's Talk Security Podcast Episode here:

Listen on Apple Podcasts

A Chinese court has found phone manufacturer Gionee guilty of intentionally implanting malware into more than 21.75 million smartphones for additional revenue from users.

Shenzhen Zhipu Technology, a subsidiary of Gionee, and its partner, Beijing Baice, implanted a trojan horse program in Gionee smartphones through an update to the Story Lock Screen app in 2018, in keeping with an official document released by the People’s Court of Yiwu City, Zhejiang Province.

Through a hot code push functionality, the software was installed on the affected phones without users’ knowledge. This allows automatic update to mobile apps when the server is updated, without a need for any app reviews.
A hot update plugin called “Dark Horse Platform” was proposed by Baice in December 2018 to extend the efficiency of the “pull method”, which is used to launch the app and boost daily active user count.
Trojan plugins were used to update the SDK version of the Story Lock Screen app and the “Living Trojan Horse” was used to install and update the Dark Horse Platform, without the user’s knowledge, court documents revealed.
The “pull method” was then activated 2.88 billion times between December 2018 and October 2019, generating a revenue of 27.85 million yuan ($4.2 million) for the 2 companies through unsolicited ads and other illegitimate means, the court added.

Shenzhen Zhipu was given a fine of 400,000 yuan ($61,000) for “illegally controlling computer information systems”.
Gionee owns 85% of shares in Zhipu, a software technology company operating in advertising operations and gaming products. Beijing Baice was Zhipu’s partner within the update scheduler.

Four of Zhipu’s employees — Xu Li, Zhu Ying, Jia Zhengqiang and Pan Qi — were sentenced to 3 years and 6 months in jail and fined 200,000 ($30,000) each.
The court also noted that Baice worked with other companies in developing this illegal pull function, and named Microfountain, a mobile internet research and operations startup and Flyme, a smartphone brand.

But the phone manufacturer replied to the allegations in a Weibo statement last night: “Flyme’s operations has always adhered to the law and didn't participate in related illegal incidents. in the future, we will continue to strengthen our mobile phone security business to ensure information security.”