Four sentenced to prison for planting malware on 20 million Gionee smartphones

Chinese quartet conspired to plant a malicious SDK inside an app that came preinstalled on Gionee devices.

Gionee

Image: Gionee

Four Chinese nationals were sentenced last week to prison sentences for participating in a scheme that planted malware on devices sold by Chinese smartphone maker Gionee.

The scheme involved Xu Li, the legal representative of Shenzhen Zhipu Technology, a Gionee subsidiary tasked with selling the company's phones, and the trio of Zhu YingJia Zhengqiang, and Pan Qi, the deputy general manager and software engineers for software firm Beijing Baice Technology.

According to court documents published last week by Chinese authorities, the two companies entered into a hidden agreement in late 2018 to create a powerful software development kit (SDK) that would allow the two parties to take control of Gionee smartphones after they were sold to customers.

The SDK was inserted on Gionee smartphones by Shenzhen Zhipu Technology in the form of an update to Story Lock Screen, a screen-locker app that came preinstalled with Gionee devices.

But Chinese officials said the SDK acted like a trojan horse and converted infected devices into bots, allowing the two companies to control customers' phones.

The two companies used the SDK to deliver ads through a so-called "live pulling" function.

The two companies made $4.26 million from ads

Court documents say that between December 2018 to October 2019, more than 20 million Gionee devices across the world received more than 2.88 billion "pull functions" (ads), generating more than 27.85 million Chinese yuan ($4.26 million) in profit for the two companies.

The entire scheme appears to have come crashing down after a suspected bug started blocking access to some Gionee phone screens, which led the parent company's support staff to start an investigation, which then led to an official complaint with Chinese authorities.

The four suspects were arrested in November 2019. According to reports from local media, the four didn't dispute the investigators' findings and pleaded guilty for reduced sentences.

The quartet received prison sentences ranging from 3 to 3.5 years in prison and fines of 200,000 Chinese yuan ($30,500) each.

Shenzhen Zhipu Technology also received a separate fine of 400,000 Chinese yuan ($61,000).

A Gionee spokesperson did not return emails or phone calls seeking comment on the countries where the malware-laced smartphones were sold.