Our blog.

January 27, 2018
By: Simon Cousins

Android’s new trouble in the alien town

The mainland China has always been an alien land to practically any business related to IT. For one, being used to piracy, Chinese users are extremely reluctant to pay for anything that is “not real” (software). You will frequently see Chinese consumers buying high-end PC and refuse to pay for a legal copy of OS. The second reason is that since it’s so hard to make money in the ordinary way, and there are so many loopholes in the administration system, competitors on the playground tend to fight dirty.

Recently Android users in China found them falling prey to dirty fights on the mobile apps battlefront. Users are increasingly finding their phone bills growing excessively long at the end of each billing cycle. Detailed spending lists showed that they’ve been bleeding their wallets to death over apps or services they never bought or subscribed, or at least not aware of it. Some lost several dozen kuai, while some hundreds. All of these are the doing of such a role called “SP”.

To explain what is SP, we should start from the business model of Chinese mobile value-added services, which in plain language mostly stands for apps, games, ringtones, video clips, and services that requires a user to pay for them. For the unpopularity of credit card and the absent of other quick payment methods, the whole telecommunication industry of China is working on a rather primitive model: carriers charge for every service, keep their own shares, and kick the rest back to whoever provided the services. The model has three layers:

Content Providers (CP): Called “developers” elsewhere. Any developing team could be a CP. It doesn’t take any licensing to claim one’s self a CP. However, a CP is not allowed to SELL anything through a cellular carrier. It could develop gigantic games, fancy apps, complete service platforms, but never to sell them, except to groups called “SP” which is to be introduced next.

Service Providers (SP): In short, a SP is a CP certificated as a partner by a carrier. SPs could develop things in-house, or simply acquire property from CP. Then they submit them to partner carrier, apply for a payment gateway number. The relationship of SP and CP is not unlike developers and publishers in gaming industry.

Carriers: The top of the food chain, and the one ultimately charges users for whatever they buy. Typically a carrier inspects apps or services submitted by SPs, to make sure they are legal in content and free from critical bugs. After that process, a payment gateway number is assigned. Sending a SMS to that number means a user is trying to subscribe/buy the stuff, and money is automatically removed from the user’s phone account. This has been proved to be the ultimate working model to sell things because you may not have credit card, or bank account, but you always have a phone account now that you are trying to get a mobile app or cellular service, and you can’t avoid the bill.

In theory the solution should work just fine, but two major loopholes rendered it a joke:

  • Carriers do not care WHERE the user sends a message to the payment gateway. Be it in-app, on WAP page, or just sending random things to random numbers. Once you hit the jackpot, you get charged, and there more often than not will be no refunding.
  • Carriers check submitted apps and services for once, with no routine checkup unless there are user complaints. SPs could submit fully legal items, get the gateway number, and change them to whatever they like later.

In the late days of J2ME, when the system allowed app control over SMS function of the phone, many SPs have done the sneaky job of embedding SMS billing code into their games. Certain key press would trigger the function, and a subscription SMS was sent to a gateway number. Transaction done on the spot. Countless users were charged by accident. It was almost safe to say that every single SP in China has made some grey money this way.

To counter such cheating, carriers later offered a quick patch to the whole mechanism: spending via SMS requires double check. You send the SMS to a gateway number, you get a notification message. Only replying to that message seals the whole deal.

The patch wasn’t working in practice either, since carriers allowed SPs to fully customize their notification messages, and users replying ANYTHING at all will trigger a billing process. Thus came this case a friend of mine encountered. It was about 2:00am in the morning when his phone sounded a incoming message alarm. The message was from a weird number, saying “Hey, you still up this late?” Out of habit he replied with “Yup. Who are you though?” Then the mysterious folk delivered the big surprise saying “Congratulations you’ve subscribed to xxxxx service. The cost is 10 yuan monthly.”

Sometimes carriers punish SPs per user complaints. However, most times it’s a hide & seek game between millions of users and thousands of SPs. The conflict has been brought to a new high with the popularity of Android phones.

What blessed Chinese SPs is a FULLY OPEN smartphone OS, the kind as open-open, where the OS provider has more than necessary mercy on apps in the official app market, as well as officially allows side-load apps. Chinese Android market quickly become under jungle rule. The openness of the OS and the reliance on piracy quickly shaped users into large groups around BBS sites where apps are efficiently being purchased, dumped, cracked, localized, uploaded and downloaded en mass. Major Android BBS sites have developed their own answers to the official app market to facilitate the circulation of warez.

This is a god-send to ill-intended SPs because:

  • Android app downloads are quite high through BBS sites.
  • The Java-ish programming and wrapping of Android apps are apparently easy to crack and modify. Many BBS sites have built their own localization team. The makers of internationally well-selling apps might be surprised to find their offspring having some never-intended Chinese counsins.
  • Full control over SMS function has enabled apps to decide what and where to send, as well as what to accept. Now it’s perfectly possible to charge users in the dark while blocking incoming billing messages. The user won’t find out until it’s too late.

There is already a BBS moderator found a SP approaching him, offering a deal of promoting two localized apps, giving 0.7 yuan to the BBS for each download. Irony was that the moderator realized that the to-be-promoted apps were localized by nobody other than his own localization team. “Why the hell is someone paying us for promoting our own works?” With uncertainty in mind, his team cracked the apps open to find billing backdoors embedded.

As to how many pirated apps are infected by billing backdoors, the number may vary. According to QQ Tech’s interview with the CEO of bbs.gfan.com (a major Android warez BBS), the percentage is around 10%. However, when talking with 163 Teck, the CEO of nduoa.com (another major Android BBS) said “about 4 out of 10 apps we inspected are infected”. The majority of Chinese Android users are now left to defend themselves with Google and OEMs not doing much about the problem. Forums posts are composed and frequently updated warning people which apps are infected. Some user came up with the ultimate fail-proof but not much help solution that “if your phone stops getting billing SMS of any kind from your carrier, it’s very likely got a backdoor.”

Aforementioned Gfan BBS is in negotiation with Kingsoft to combine the latter’s anti-virus engine into its own version of unofficial app market. With currently 8 million users a full legion of SPs with bad credit history, this may turn out to be a very heavy blow on Chinese Android development. There are reports already saying certain developer groups have tainted themselves in the pool, building new apps born with backdoors planted. And SPs are reaching out into customized phone ROMs, which is something Android users frequently deal with. Backdoor burnt into the ROM is even harder to be detected.

User exposing his mysterious purchasing record (2 items, 30 yuan), without any notification

Another user exposing his detailed history of repeatedly paying to a SP’s gateway without him knowing it.

TAGS: sport
RETURN TO THE ALLEGRAVITA BLOG HOME PAGE

Recent posts.

Can a website encapsulate an entire neighborhood? MidtownBrandywine.org proves that it can.

Allegravita is proud to announce the launch of MidtownBrandywine.org, the first-ever website dedicated to the historic neighborhood of Midtown Brandywine in Wilmington, Delaware. The project was a substantial one, as we aimed to encapsulate the beauty and uniqueness...
Read More

Massive website consolidation project successfully delivered for non-profit CouldYou?

At Allegravita, we are passionate about digital marketing and PR, especially when it involves working with organizations that are committed to making a positive impact in the world (we do, in fact, have two decades of proud marketing and communications support for...
Read More

New year, new website!

With 2023 comes a new refresh of the Allegravita website! We're celebrating our 20th anniversary this year, and as the focus of our work has continued to shift away from China to the United States and Europe (our ratio is now about 90% towards the latter), we felt it...
Read More

Allegravita’s digital marketing services

In today's fast-paced and ever-evolving digital landscape, companies must have a strong online presence to succeed. At Allegravita, we are expert digital marketers, offering a range of services to help companies reach their target audience and achieve their...
Read More

Content marketing is storytelling

In today's digital age, content marketing has become an essential tool for organizations to reach their target audience and achieve their communications goals. But what exactly is content marketing? Some might say it's just a fancy term for storytelling. And in many...
Read More

Time to step up your marketing collateral game

The COVID-19 pandemic has taken a toll on in-person events and conferences, but as the world slowly recovers, companies are looking to make their mark in the new normal. To stand out in the crowd, it's crucial to have top-notch marketing materials that effectively...
Read More

Proactive or reactive PR? We say, both.

Public relations (PR) is an effective tool for organizations to communicate with their stakeholders, build brand reputation, and manage their image. PR can be proactive or reactive, and understanding the difference between the two is crucial for effective...
Read More

Events are returning. The new, new normal.

As the world continues to recover from the COVID-19 pandemic, companies are finally starting to return to hosting and attending events. With the increasing availability of vaccinations, it's becoming safer to gather again, and businesses are looking for ways to...
Read More

Your brand is the face of your company

Your brand is the face of your company in the marketplace, and it's crucial to make a positive first impression. At Allegravita, we understand the importance of a strong brand identity and we have the tools and expertise to help you create one. Our accomplished...
Read More

The pandemic has radically changed your business. Understand your customer’s changed needs.

The COVID-19 pandemic has brought about significant changes to the way businesses operate, and it has also had a profound impact on consumer behavior. In order to stay ahead of the curve and continue delivering results for your clients, it's crucial to understand the...
Read More

Twitter Facebook LinkedIn