ZTE

Overview

ZTE Corporation is a Chinese multinational telecommunications equipment and systems company headquartered in Shenzhen, China. ZTE manufactures smartphones, telecommunications equipment, and enterprise networking products, serving telecom operators and consumers in over 160 countries. The company is listed on the Hong Kong and Shenzhen stock exchanges.

ZTE''s privacy and security significance parallels Huawei''s — as a Chinese telecommunications equipment manufacturer, ZTE faces concerns about potential backdoors, obligations to Chinese intelligence services under China''s National Intelligence Law, and documented sanctions violations that demonstrated willingness to circumvent international regulations.

In 2018, the U.S. Commerce Department activated a denial order against ZTE for violating U.S. sanctions by selling telecommunications equipment to Iran and North Korea, then lying to U.S. investigators about disciplining the employees responsible. The order was later lifted after ZTE paid $1.4 billion in penalties, replaced its board and management, and accepted an unprecedented U.S.-appointed compliance monitor embedded within the company.

Data Collection Practices

Smartphone telemetry from ZTE devices collects device usage data, application data, and potentially location and communications metadata. ZTE''s Android smartphones ship with pre-installed applications and system services that may collect and transmit user data.

Telecommunications infrastructure including base stations, network switches, and core network equipment manufactured by ZTE processes all communications traversing the networks where it is deployed. Concerns focus on whether ZTE equipment contains backdoors or vulnerabilities exploitable by Chinese intelligence services.

Enterprise networking products deployed in corporate and government environments process network traffic and communications data.

Known Clients & Government Contracts

ZTE serves global telecommunications operators as an equipment supplier, consumers as a smartphone manufacturer, and enterprise clients for networking solutions. The company''s sale of telecommunications equipment to Iran in violation of U.S. sanctions demonstrated its willingness to serve sanctioned governments.

Privacy Incidents & Litigation

Iran/North Korea Sanctions Violations (2016-2018): ZTE was found to have violated U.S. sanctions by selling telecommunications equipment to Iran and North Korea, then attempting to obstruct the investigation by filing false statements with U.S. authorities and failing to discipline employees involved. The resulting $1.4 billion penalty was the largest sanctions-related fine in U.S. history at the time.

FCC National Security Threat Designation (2020): The FCC designated ZTE as a national security threat, prohibiting the use of Universal Service Fund dollars to purchase ZTE equipment and requiring U.S. carriers to "rip and replace" ZTE equipment from their networks.

Adups Firmware Incident (2016): Software made by Shanghai Adups Technology, found pre-installed on ZTE and other Chinese smartphone brands, was discovered transmitting the full body of text messages, contact lists, call logs, and location data to Chinese servers every 72 hours. While Adups was the software developer, the incident highlighted the risks of pre-installed software on Chinese-manufactured smartphones.

Threat Score Analysis

ZTE receives a composite threat score of 72/100:

• Data Collection (75/100): Smartphone telemetry, telecommunications infrastructure data processing, and enterprise networking create multiple data collection channels.

• Third-Party Sharing (78/100): Chinese National Intelligence Law obligations. Documented sanctions violations demonstrating willingness to work with sanctioned regimes.

• Breach History (55/100): Adups firmware incident, sanctions violations, and FCC national security designation.

• Government Contracts (82/100): Chinese state-influenced enterprise with significant government telecommunications contracts. Subject to Chinese intelligence law requirements.

• Transparency (12/100): Limited transparency about data collection practices, government cooperation, and security auditing of equipment.

Transparency & Accountability

ZTE''s sanctions violations and subsequent U.S.-imposed compliance monitor represent an unusual form of externally imposed accountability. The embedded compliance team provided unprecedented visibility into ZTE''s operations — more transparency than any comparable Chinese technology company has been subjected to. However, this monitoring was imposed as punishment rather than adopted voluntarily, and its duration was limited.

The FCC''s national security threat designation effectively communicates to U.S. telecommunications operators and consumers that ZTE equipment should not be trusted for sensitive applications. The "rip and replace" program, funded by the FCC, provides financial support for rural carriers to remove ZTE and Huawei equipment from their networks.