Criticism of Qihoo 360

The criticism of Qihoo 360 refers to various controversies, disputes and similar incidents involving the Chinese Qihoo 360 company.

2010 backdoor scandal
On February 2, 2010, published an article titled "Rising Exposes the Scandal: Qihoo 360 Installs Backdoor on Users' Computers." The article revealed that 360 products secretly opened a "backdoor" when installed on users' computers, leading to potential data leaks. Qihoo 360 responded by claiming that the vulnerability had been fixed. However, Rising updated its official page, stating that according to their security experts, the "backdoor" still existed in subsequent versions of 360 (6.1.5.1009). The lawsuit related to this controversy concluded in November 2011, with Qihoo 360 winning the case.

2012 fake patch incident
On August 1, 2012, some users reported that the "Vulnerability Repair" feature in 360 Safeguard included a "high-risk vulnerability patch" labeled KB360018, which was not issued by Microsoft. This patch would forcibly install the 360 Secure Browser on users' computers. 360 officially responded, acknowledging that KB360018 was indeed not an official Microsoft patch but rather a "fake patch" released by 360. The intention behind this was to provide an upgrade solution for the IE6 engine.

2013 dispute with "National Business Daily"
On February 26, 2013, "National Business Daily" (NBD) published articles titled "The Mystery of the 360 Black Box: Qihoo 360's 'Cancerous' Genes Exposed" and "360's Winning Secret: The Mysterious V3 Upgrade Mechanism." These articles claimed that when Qihoo 360 wanted to wage war against its competitors, it activated the "V3 mechanism," which involved using "360 Safeguard" and "360 Secure Browser" to secretly uninstall competitors' products from users' computers and install its own products, thereby capturing the market most conveniently. NBD also covered this in a special report on their website.

On July 4, 2013, National Business Daily published another article claiming that 360 was uploading large amounts of sensitive user information, such as financial usernames and passwords, without the users' knowledge. The article also stated that this issue had caught the attention of a securities company, referred to as Company A.

On December 30, 2013, 360 sued NBD for alleged false reporting and damage to its reputation, and the case was heard in the. 360 claimed that NBD had published anonymous, defamatory, and false reports that severely misrepresented facts, citing various rumors fabricated by 360's competitors, which misled and frightened readers. As a result, NBD's false news significantly harmed the reputation of 360 and its products. 360 requested the court to rule that NBD had severely infringed on their corporate reputation and sought 50 million yuan in damages. During subsequent hearings, the Xuhui District People's Court ordered the two defendants (Chengdu National Business Daily Newspaper Co., Ltd. and Shanghai Jingwen Cultural Communication Co., Ltd.) to stop publishing any reports or comments related to 360's corporate or product image during the litigation period.

On September 19, 2014, NBD published articles such as "The Mystery of the 360 Black Box: Qihoo 360's 'Cancerous' Genes Exposed," which were found to be false and defamatory, misleading and frightening readers, and significantly damaging 360's reputation. The court ultimately ruled that NBD must compensate 360 for economic losses of 1.5 million yuan and publicly apologize to 360 for ten consecutive days.

2015 AV-Comparatives (AV-C) testing awards revokation
On April 30, 2015, the international antivirus software testing organization AV-Comparatives (AV-C) raised concerns about Chinese antivirus software manufacturers. Tencent and Baidu were accused of submitting versions with special markings for evaluation, while 360, which performed the best, had its 2015 awards revoked. AV-Comparatives, AV-TEST, and Virus Bulletin collectively revoked all certifications and ratings awarded to 360 products since 2015. In their joint announcement, they alleged that Qihoo 360 used the Bitdefender engine (BD engine) during testing, while their proprietary QVM engine had never been activated. However, in the market versions of Qihoo 360, the BD engine was disabled, using only the QVM engine, which compromised security levels. This led to allegations that Qihoo 360 falsified results for competitive purposes.

Qihoo 360 Vice President Qu Xiaodong stated that the core issue in this incident is the debate between traditional antivirus and cloud security evaluation standards. He emphasized that the version of 360 submitted for evaluation did not involve any cheating or falsification. Due to the outdated nature of these evaluation standards, 360 decided to withdraw from AV-C testing.

Malicious promotion
360 Security Guard completes malicious installation on Android phones and then prompts users. 360 uses software such as Security Guard, 360 Antivirus, and 360 Secure Browser to induce or forcibly promote the installation of the Qihoo 360 software suite ("360 Toolbox") through optimization, cleaning, repairing, and other pop-ups or buttons without clearly notifying or obtaining user consent, and modifies default software such as browsers to 360 series software.

Android phone users have found that when USB debugging is enabled, simply connecting their phone to a computer with 360 Security Guard installed automatically installs "360 Mobile Security Suite" (typically 360 Mobile Guard, 360 Mobile Assistant, 360 Mobile Browser) for the user's phone. The entire installation process proceeds without any prompts or user permission confirmation, and users are only informed via pop-up notifications after all software is installed. Many phone users have also encountered issues where installing 360 Mobile Assistant forcibly bundles other malicious software, making it impossible to uninstall or use other similar software. The Beijing Administration for Industry and Commerce has previously issued administrative warnings against 360 Security Guard software for engaging in unfair competition practices by inducing users to use 360 browsers and preventing the installation and use of other security software through incompatibility and difficult uninstallation methods.

The "3Q War"
Qihoo 360, Kingsoft, and Maxthon Corporation have conflicting issues, with their most well-known and scrutinized dispute being with Tencent. The conflict between the two companies in early November 2010 even led to a severe commercial competition incident.

2012 criticism of involvement in the Great Firewall
On July 2, 2012, according to Qianlong Network, Qihoo 360 joined China's GFW (Great Firewall) project in 2005. Qihoo 360's two executives, Qi Xiangdong and Shi Xiaohong, participated in the development of a secure management system for search engines. Online records also show technological achievements involving Fang Binxing,, and Shi Xiaohong.

However, Qihoo 360's chairman, Zhou Hongyi, denied these claims, attributing them to malicious slander by competitors. Qihoo's Chief Security Officer, Tan Xiaosheng, also stated in Mozilla's security mailing list that the project was established for Yahoo and was completed before Qihoo 360 was founded.

2012 3B Incident
In August 2012, Qihoo 360 and Baidu clashed over the introduction of Qihoo 360's comprehensive search engine. This led to a severe. Qihoo 360 set its own comprehensive search engine as the default on its homepage, 360 Navigation. Essentially, this comprehensive search engine was developed by Qihoo 360 itself. Subsequently, Baidu announced legal action against Qihoo 360, which resulted in Baidu's success in the lawsuit.

Misreporting Issues

 * In 2008, Rising claimed that 360 antivirus software intercepted and deleted Rising Personal Firewall.


 * In 2008, 360 antivirus mistakenly flagged issues with QQ Game Center.

Vulnerability Dispute
On August 1, 2012, users reported that the "Vulnerability Fix" feature in 360 Security Guard, labeled as KB360018, was not actually issued by Microsoft as claimed. This patch purportedly upgraded Internet Explorer 6 browsers to Internet Explorer 8 and optionally installed 360 Secure Browser. 360 officials responded formally, acknowledging that KB360018 was indeed not an official Microsoft patch but a self-issued "pseudo-patch" intended to provide an upgrade solution for the IE6 engine.

Security Dispute
On October 20, 2014, according to a report by GreatFire.org, the Great Firewall of China (GFW) was conducting a man-in-the-middle attack against Apple's iCloud using a fake security certificate. Users Man-in-the-middle attack or Mozilla Firefox were warned about the certificate's security, but 360 Browser did not provide such protection.

360's official response disputed this report, stating that 360 Browser can identify fake certificates and display warning messages in the address bar and information bar. However, it was pointed out that despite displaying warnings, 360 Browser still allowed the page to load, potentially leading to cookie leakage.

Privacy and Cybersecurity Concerns
As early as 2010, 360's browser products were exposed for allegedly collecting sensitive user information without user consent, including usernames and passwords for websites. Subsequently, 360's desktop browser products were again found by Baidu employees to be secretly gathering user data without user knowledge. In the third quarter of 2017, 360's mobile browser product, Action Browser, was specifically criticized by the Ministry of Industry and Information Technology of the People's Republic of China for infringing on personal privacy, stating that it collected personal information without user permission. This led to its inclusion in the ministry's app blacklist for that year. However, concurrently, 360 Browser is also listed as a data source for the "Malicious Website Blacklist" maintained by the China Internet Emergency Response Center (CNCERT).

First App Store Removal
On the afternoon of February 6, 2012, all iOS applications from Qihoo 360 were removed from the App Store by Apple, without disclosing the reason for the removal.

On February 7, 2012, Qihoo 360 issued a statement on Sina Weibo:

"We have received a reply from Apple: 360 products do not need to make any modifications and will be reinstated on the Apple App Store within the next 48 to 72 hours. The reason for this removal is that Apple found some products had manipulated reviews, resulting in abnormal user ratings and reviews. Apple conducted an investigation as usual. Due to all wireless products from 360 being under the same Apple account, this led to the removal of all products."

On the morning of February 8, 2012, all Qihoo 360 products were reinstated on the App Store.

Second App Store Removal
On the evening of January 25, 2013, most applications from Qihoo 360 on the Apple App Store were once again removed, leaving only 360 Cloud Drive available for download.

By March 5, 2014, Qihoo 360's products were reinstated on the App Store.

Xiaomi App Store

 * On April 28, 2013, Xiaomi removed 360 Mobile Security from the MIUI App Store because the app, without Xiaomi's knowledge, displayed phrases like "MIUI Warm Prompt" when prompting users to modify permissions, potentially causing user confusion.


 * On September 27, 2013, Xiaomi delisted all 360 products from its app store. The reason cited was that 360 Mobile Assistant recommended users uninstall apps from other companies, including Xiaomi App Store and Baidu Maps, without providing any justification.


 * On January 8, 2016, Xiaomi again removed all 360 products from its app store. This action was due to reports that some Xiaomi users were deceived by 360 Security Guard PC Edition through pop-ups and similar tactics into installing a software called "Thunder OS." This software altered MIUI system signatures without user consent, preventing Xiaomi phones from undergoing normal system upgrades. It also tampered with phone recovery, hindering users from uninstalling it, and causing system crashes that prevented startup.

Other App Stores

 * In September 2013, besides Xiaomi, 360 Mobile Assistant also prompted users to uninstall built-in applications like official stores from Huawei, Samsung, BBK (Step High), Lenovo, and other mobile companies. Subsequently, Huawei, Lenovo, Coolpad, OPPO, and several other companies confirmed that they would completely delist all 360 products from their respective app stores.

Waterdrop Live suspected privacy infringement
In April 2017, Waterdrop Live, under its platform, broadcast real-time classroom scenes from numerous schools across China, ranging from kindergarten to high school. Parents' reactions varied: some believed the platform "witnessed every moment of their children," while others expressed concerns over security risks. Students strongly opposed it, feeling their privacy was violated. Some schools found the public broadcast inappropriate and shut down the live streams. Waterdrop Live responded by stating that camera "Waterdrop Live" functions were default off, and activation was entirely up to users. However, further reports by Southern Metropolis Daily revealed that Waterdrop Live not only targeted schools but also streamed from swimming pools, blind massage parlors, hotel lobbies, lingerie shops, and private spaces like short-term rental apartments. Later that year on December 13, post-90s female blogger Chen Feifei published an article titled "A Post-90s Girl's Message to Zhou Hongyi: Stop Staring at Us," alleging further privacy infringements by Waterdrop Live in various locations such as vegetarian restaurants, diners, snack shops, cybercafes, and other establishments equipped with "Little Waterdrop" cameras. In response via his personal WeChat account, chairman Zhou Hongyi accused Chen Feifei's article of misleading readers and engaging in black PR tactics, claiming it disrupted others' livelihoods. Chen Feifei clarified she was not involved in black PR, received no money, and spent none on promotion, asserting her intention to take legal action. On December 20, 2017, 360 announced the permanent closure of Waterdrop Live.

Video application suspected of widespread video theft
In the early morning of February 20, 2018, a Bilibili content creator discovered that the video app "Kuaishou" had extensively stolen Bilibili videos without permission, including the creators' IDs and comments directly copied without alteration. Bilibili accounts linked with phone numbers and passwords were able to log in directly to Kuaishou. On the same day, Bilibili issued a public announcement through their certified account "Chief Steward of Up Main" calling for rights protection.

At 12:55, Kuaishou responded, denying any behavior of database breaches or accessing users' personal privacy. They accused some bloggers of spreading malicious defamation and damaging Kuaishou's reputation, stating they had reported these allegations to the police and would pursue legal actions accordingly.

At 14:17, Quick Video responded that, after investigation, they found some Quick Video accounts did indeed use content without authorization from the original creators, even going as far as using their avatars and IDs without permission. However, they denied any actions involving stealing user account passwords. Additionally, there were accusations of extensively stealing user information from Sina Weibo and its MiaoPai video resources.

At 0:17 on February 20, Bilibili released their investigation results regarding rumors that Bilibili accounts could log in directly to 360 Kuaishou with their passwords, refuting these claims. They stated on Zhihu, "So far, we have found no evidence of Bilibili user account information being leaked. Account security is our utmost priority, and we continue to investigate all possibilities."

On February 21, Bilibili formally sent a legal letter to Kuaishou demanding that they cease infringement and publicly apologize to all Bilibili content creators and users.

Sanctioned by the U.S. Department of Commerce
In May 2020, the U.S. Department of Commerce announced the inclusion of 33 companies and organizations, including 360, headquartered in China and the Cayman Islands, on the Entity List. The company's leadership responded by firmly opposing what they described as irresponsible accusations and criticized the Department of Commerce for politicizing commercial activities and technological research and development. They stated that while being listed on the Entity List would pose certain challenges to 360's operations, it would not significantly impact their daily business or interrupt their ability to continue providing security services to customers.