Qihoo 360 (Chinese: 奇虎 360; pinyin: Qíhǔ Sānliùlíng; approximate pronunciation CHEE-hoo), full name 360 Security Technology Inc., is a Chinese internet security company[2] that has developed the antivirus software programs 360 Safeguard and 360 Mobile Safe, the Web browser 360 Secure Browser, and the mobile application store 360 Mobile Assistant. It was founded by Zhou Hongyi and Qi Xiangdong in June 2005.[3][4] The company's head office is in Chaoyang District, Beijing.[5]
In the summer of 2012, Qihoo 360 entered the smartphone market by launching the Battleship phone together with the large Chinese electronics company Haier.[6] Qihoo 360 stated that Haier will provide the hardware while Qihoo 360 will focus on customising the software, albeit the main operating system will be Android. Qihoo 360 received over 220,000 pre-orders for the phone the first day.[7]
Later in 2012, Qihoo 360 launched the search engine so.com, thereby directly competing with Baidu, the most prominent search engine in China. Qihoo's share of unique visitors grew to 10.52% of the total search engine market in China.[8] At the end of July 2013, Qihoo was in early talks to acquire Sohu.com’s Sogou.com search engine for around $1.4 billion.[9] In early 2015, Qihoo rebranded its so.com search engine as haosou.com. "Hao" in Chinese means good; Haosou directly translated to English means "good search engine".[10]
In December 2013, the company increased its stake in the Brazilian tech company PSafe.[11][12]
On December 18, 2015, Qihoo 360 agreed to be acquired by a group of investors in a deal valued at about $9.3 billion.[14] On July 18, 2016, Qihoo 360 bought most of Opera Software for US$600 million.[15] In 2018, Qihoo 360 invested in Shanghai-based i-Soon.[16]
In May 2020, Qihoo 360 and other Chinese companies were placed on the Bureau of Industry and Security's Entity List due to U.S. national security concerns.[17][18] The U.S. accused Qihoo 360 and others of playing roles in the crackdown in Xinjiang by "enabling China’s high-technology surveillance" in Xinjiang. On 25 May, Chinese Foreign Ministry spokesman Zhao Lijian strongly criticized the step, asking the US to "revoke the relevant decision and stop interfering in China’s internal affairs".[19] In October 2022, the United States Department of Defense added Qihoo 360 to a list of "Chinese military companies" operating in the U.S.[20]
The antivirus testing companies AV-Comparatives of Austria, Germany's AV-Test, and Virus Bulletin of the UK have accused Qihoo of providing for testing its anti-virus equipped with a Bitdefender engine, while the consumer version uses Qihoo's own QVM engine.[27][28]
According to documents released by the Mozilla Corporation in 2016, Qihoo appears to have acquired a controlling interest in the previously Israeli-run Certificate Authority "StartCom", through a chain of acquisitions, including the Chinese-owned company WoSign. WoSign also has a certificate authority business; WoSign has been accused of poor control and of misissuing certificates.[29] Furthermore, Mozilla alleges that WoSign and StartCom violate their obligations as Certificate Authorities in respect of their failure to disclose the change in ownership of StartCom; Mozilla is threatening to take action, to protect their users.[30]
Google have stated that their Chrome product will no longer trust by default any certificates signed by StartCom or Wosign roots, starting with Chrome 61.[31] Mozilla have stated that their Firefox product will no longer trust by default any certificates signed by StartCom or WoSign roots, starting with Firefox version 58.[32]
In 2012, a whistleblower reported a hidden backdoor in 360 Secure Browser. The Product Director of 360 Secure Browser, Tao Weihua, responded that "Whoever has a mind to beat a dog will always be able to find a stick" and accused the whistleblower of "smearing 360 on behalf of Baidu", which the whistleblower said was "the worst professional response in history". Independent analysis of the claim showed that the browser has an "undeclared mechanism (i.e., via ExtSmartWiz.dll) which regularly connects to the server (e.g., every 5 minutes), and allows it to download files of any type (including executables) from the server."[33]
In October 2020, Mnemonic reported the existence of a backdoor affecting a line of children's watches under the Xplora brand manufactured by Qihoo.[34]
Widespread streaming webcasts of security footage in China
In December 2017, the Chinese Government acted to curtail the widespread webcasting of live security-company-cameras, private webcams, and IP camera footage, voicing concerns of violations of privacy and portrait rights, sanctioning Qihoo.[35][36][37]
In January 2020, a Reddit user reported Qihoo's presence in Samsung mobile phones as a pre-installed storage cleaner in the device settings, from where it sends data packages to Chinese servers. The user could not identify which information is sent specifically.[38] Later, Samsung representative declared that the only data sent back to Qihoo is generic information needed to optimize storage — specifically naming OS version, phone model, and storage capacity, among other data. Qihoo's main contribution is a reference library for identifying junk files, but that library is stored locally in the utility, and Qihoo never receives data that would allow it to identify a particular file on a user's device.[39]