Palo Alto was able to obtain only one Coolpad smartphone -- one of the models sold in the U.S. -- and did not find CoolReaper on the device. Olson suspected that only the Chinese models were fitted with the backdoor.
But he was certain this was more than an oversight, more than the usual Android malware that has been planted on some smartphones at some point in the supply chain.
"This would be a very amazing infiltration of Coolpad's systems by a rogue insider," said Olson. "And it's been going on for over a year, since October 2013." Other clues, he said, included CoolReaper's surreptitious behavior -- it hides itself from the operating system -- and the use of the word "backdoor" in its source code.
Coolpad did not immediately reply to a request for comment.
Palo Alto's CoolReaper research paper can be downloaded from the firm's website (registration required).
Sign up for CIO Asia eNewsletters.