I did some research on zzhc.vnet.cn and what its purpose might be. Zzhc is probably an abbreviation of 自注册, meaning self-registration. There is plenty of documentation (in Chinese) on how to implement it (e.g. [1]), but so far I haven't been able to figure out what it's actually good for.
You can find implementations by Qualcomm and Mediatek on GitHub, the Mediatek one even comes with a minimal README [2]. That seems to indicate that it's gated by a feature flag "MTK_CT4GREG_APP" and is only supposed to be active when explicitly selected while the phone is in developer mode. That makes it likely that sending the data was only due to a misconfiguration.
Considering the long list of manufacturers starting at page 10 of [1], it's also possible that others are leaking data in the same way.
I assume the android implementation was done in China, then many requirements are related with "补贴", it is just part of them to submit some data to zzhc.vnet.cn. But didn't get deleted when they are making EU variants.
Thanks for the links. Actually, I had seen one of those articles before, but didn't understand it well enough.
My understanding now is that some 4G deployments are subsidized, and to correctly compute the amounts to be paid, China Telecom needs to collect more data than is usually available, so they came up with the idea of sending the data to zzhc.vnet.cn.
Still pretty hacky, but it kind of makes sense from a perspective of doing the minimum necessary to fulfill the requirements.
In this thread on V2EX (the closest thing to Chinese HN), someone says that registration is intended for phones sold with a China Telecom contract: https://www.v2ex.com/t/547150#r_7062149
Though that doesn't explain why CT wants that data.
You can find implementations by Qualcomm and Mediatek on GitHub, the Mediatek one even comes with a minimal README [2]. That seems to indicate that it's gated by a feature flag "MTK_CT4GREG_APP" and is only supposed to be active when explicitly selected while the phone is in developer mode. That makes it likely that sending the data was only due to a misconfiguration.
Considering the long list of manufacturers starting at page 10 of [1], it's also possible that others are leaking data in the same way.
[1] https://wenku.baidu.com/view/c2eaa9fc5022aaea998f0f7f.html
[2] https://github.com/griffins-testing-ground/android_vendor_mt...