Not so long ago, Gionee was one of the top phone manufacturers in China with a nearly five percent market share. The company expanded its business in Asia, Middle East, Africa, Europe and the U.S. before filing for bankruptcy and eventually was acquired by India-based Jaina group in late 2018. Now, the company has been found guilty of infecting over 21 million cellphones with malware intentionally to make money.

A Chinese court found the company guilty of implanting Trojan horse programs in the phones without the users' knowledge. Shenzhen Zhipu Technology, Gionee's subsidiary, and its partner Beijing Baice were slapped with a 200,000 yuan fine ($30,600 approximately) for "illegally controlling computer information system."

Three of its employees — Xu Li, Zhu Ying and Jia Zhengqiang — were sentenced to prison for three years while another employee Pan Qi received six months jail term. Gionee owns 85 percent of Shenzhen Zhipu's shares. As per commercial filings, Shenzhen Zhipu deals in software technology, advertising and operating gaming products. Beijing Baice was Zhipu's partner in the update scheduler (also known as Pull).

android malware attacks
Gionee phones are laced with malware to bombard ads (representational image) Dado Ruvic/Illustration/Reuters

Secretly Installed Malware

Like many other smartphone manufacturers from China, Gionee's USP was to sell cheap smartphones with a low-profit margin. With bloatware and bombarding the users with ads in the custom Android-based operating system, the companies generate revenue. But it seems, to drive up revenue, Gionee turned to illicit ways. If ads were not enough, Gionee secretly installed a Trojan horse program into the "Story Lock Screen" app through an automatic update in 2018.

According to a report by GizmoChina, a hot update plugin "Dark Horse Platform" was proposed in December 2018 due to the existing update scheduler's (pull method) inefficiency. The SDK version of the app was upgraded with Trojan plugins while Dark Horse Platform made the Pull job efficient. However, the platform was exploited to plant a "living Trojan horse" as per court documents.

While the documents didn't reveal how the malware functioned or what its role was, Shenzhen Zhipu through another company, named Beijing Baice, utilized the "pull activities" nearly 3 billion times between December 2018 and October 2019. During this period, over 21.75 million phones were covered by the hot updates monthly with the majority of them were Gionee phones. The pulling activity helped the two companies generate 27.85 million yuan (approximately $4.3 million).

Gionee Phone
Over 20 million Gionee phones were intentionally infected with malware to make money Wikimedia Commons

Not First Time

Gionee sells smartphones in the U.S. rebranding them as BLU. But is not known if BLU phones are also affected by the malware. However, this is not the first time Gionee phones have come under the scanner for factory uploaded malware. In 2014, a data privacy firm Lookout revealed that several Gionee phones came preinstalled with malware named DeathRing.

The malware could download WAP and SMS content from the Command and Control (C2C) server while could also download other malicious APK files that could track and steal users' personal information by reading text messages.

In August this year, two more Chinese phone manufacturers — Tecno and Infinix — were accused of stealing money from users. The phones came with preinstalled apps that were laced with xHelper and Triada malware. It would bombard users with ads and drain data in the background without the users knowing, forcing the user to purchase a data pack.

Apart from that many Chinese mobile apps including popular short video app TikTok have also been accused of collecting data and share it with the Chinese government. In India, the country has banned hundreds of Chinese-owned apps due to data privacy breaches while the U.S. also tried to ban TikTok and WeChat, albeit, unsuccessfully.