Qihoo 360 has been subject to multiple controversies such as adding false popups to trick users into uninstalling software from competing companies (including Samsung), manipulating the testing process for antivirus testing firms by using software from rival Bitdefender, adding backdoors to their own software, and being sued multiple times for infringing the copyright of other companies.
Qihoo 360 software is pre-installed on all Samsung phones and is used in the storage scanner for the Device Care app (it says 'powered by Qihoo 360'). There is no way to uninstall or disable the app. And because it scans your storage every time you access the menu, you have no choice but to use Qihoo software whenever you want to view how much storage your device has.
Recently, a Reddit user (kchaxcer) discovered that your phone communicates with multiple servers in China when Device Care is opened, including domains seemingly unrelated to Qihoo 360 (such as wshifen.com). XDA-Developers has also discovered outgoing connections to Qihoo 360 servers in other pre-installed Samsung apps such as Samsung ApexService, ANT+ HAL Service, Application installer, Assistant Menu, and AirCommandManager. Another Reddit user (jcdang) also discovered that unique identifiers such as your IMEI number, MAC address, AndroidID, and serial number are transmitted for some reason. Some of this data is transmitted through HTTP and not HTTPS, which means that this data can be intercepted during transfer as the connection is not encrypted.
I would like to request that all software on Samsung devices related to Qihoo 360 be removed. Qihoo 360 has garnered a bad reputation, including in China, due to their questionable business practices and we should not be supporting such a company. As consumers who paid for a Samsung product, when such sensitive user data is being handled, we expect Samsung to completely provide the software or not provide any at all. Such a function should not be outsourced to a third-party company, especially when its implementation leaves identifiable user information open to interception during transfer. All these things pose privacy issues.
Samsung, please remove Qihoo 360 from your phones.
Because every time you access the Storage section of the Device Care app, all the data stored on your phone is being scanned and handled by a third-party company. Something as sensitive as this should be handled by Samsung and should not be left to someone else.
The third-party in question is Qihoo 360, which has a history of lawsuits and adding backdoors to their own software, and isn't exactly a company I would trust with all the data stored on my phone. All your unique device identifiers are also being transmitted to third-party servers for some reason, and Qihoo 360's implementation is also rather poor as they transmit all this data unencrypted meaning other people can access it with the right tools.
Even other Samsung apps send data to Qihoo 360, not just Device Care, and there is no way to disable the use of their software even if you wanted to.
I agree that general bloatware is also a problem but this issue is more serious in comparison. It poses serious privacy issues.
The devices are already expensive, but it looks like, that this does not guarantee, that Samsung cares about the privacy of their customers. Are we customers only data to make more money?
If I wanted this sort of behaviour I'd buy a Xiaomi, or Oppo or whatever the cheapeast Chinese rubbish is - these are premium devices, with premium prices, and you outsource basic functions to a notorious Chinese spyware maker!?!?
This is my first Samsung product, it will also be my last if the policy isn't changed going forward.
It appears that they listened and acted upon user requests. I checked Device Care and the Storage Analysis no longer shows "Powered by 360". Plus, ever since I clean installed Android Pie on my Note 8 back in January 2020, Adguard Premium (a system-wide local-VPN AdBlocker) hasn't seen any single network traffic from the Device Care app, as can be seen in the following screenshots:
Also exported and searched my entire AdGuard Premium filtering log for "360", only came across "360nobs.com" URLs, which doesn't match neither the "*.360.cn" nor "*.360safe.com" domains shown in this Redit thread.
Thanks for listening Samsung 👍🏽