CompanyGraph
360 Security Technology Inc.
601360 · SSE · China
Embeds free antivirus software on Chinese Android smartphones at the manufacturer level, capturing a captive user base through in-app advertising within a regulatory-licensed security layer.
Chinese cybersecurity law restricts system-level device access to licensed domestic operators, which forces 360 Security Technology to secure manufacturer pre-installation agreements as its only viable distribution path — placing the entire installed base under the control of OEM partnership decisions rather than user choice. Once embedded, removal requires manual device reconfiguration rather than a simple uninstall, keeping users captive to the in-app advertising layer that sits inside the licensed security function. Threat detection databases and algorithms replicate across that installed base at near-zero marginal cost, but the regulatory compliance work required to onboard each new device model or manufacturer partner cannot be automated or accelerated through capital, making government relationship capacity the ceiling on how fast distribution can grow. Because both the distribution mechanism and the license itself depend on that same non-scalable compliance process, any regulatory shift mandating a government-designated security layer — or manufacturer consolidation into a single OEM that builds its own security stack — eliminates the pre-installation slot and leaves the license with no alternative route to users.
How does this company make money?
Display advertising shown within the free security application to users who cannot easily remove it generates the base income stream. Premium enterprise security services sold on a subscription basis provide a separate income layer. Pre-installation partnerships with Chinese smartphone manufacturers may also include a share of the value exchanged for securing those default placement slots.
What makes this company hard to replace?
Deep system-level integration with Android and Windows operating systems means removal requires the user to manually reconfigure their device rather than simply uninstalling an app. Pre-installation agreements with Chinese smartphone manufacturers establish the software as the default security layer before a device reaches its owner. Users who do switch to an alternative provider lose the accumulated malware signature databases built up on their device.
What limits this company?
Chinese regulatory approval for cybersecurity software cannot be automated or purchased with capital — it requires demonstrated domestic data processing, ongoing government relationship management, and legal expertise specific to evolving data sovereignty law. This non-automatable compliance process is the throughput ceiling on how quickly new device models, manufacturer partners, or enterprise contracts can be onboarded.
What does this company depend on?
Chinese telecommunications infrastructure for software distribution and updates, Android and Windows operating system APIs for deep system-level integration, global threat intelligence feeds from cybersecurity research networks, Chinese advertising networks for ad delivery inside the security application, and Chinese regulatory licenses specifically authorizing cybersecurity software operation.
Who depends on this company?
Chinese Android smartphone users who would lose real-time malware protection and face increased exposure to mobile security breaches if the software were removed; Chinese enterprise customers whose network security monitoring would degrade without the threat detection services; and Chinese advertising partners whose access to security-conscious user segments would diminish if the installed base contracted.
How does this company scale?
Malware signature databases and threat detection algorithms replicate at near-zero marginal cost across additional users and devices. Regulatory compliance with Chinese cybersecurity laws, however, requires specialized legal expertise and government relationship management that cannot be automated or expanded through capital investment alone, keeping that function as a persistent bottleneck regardless of how large the installed base grows.
What external forces can significantly affect this company?
Chinese government cybersecurity regulations that increasingly require domestic data processing and restrict foreign technology integration, global trade tensions that affect access to international threat intelligence sharing networks, and the negotiating behavior of Chinese mobile device manufacturers whose pre-installation decisions directly control distribution.
Where is this company structurally vulnerable?
If Chinese regulatory policy shifts to mandate a government-designated security layer — or if manufacturer consolidation reduces the number of partnership counterparties to one OEM that internalizes its own security stack — the pre-installation slot that constitutes the entire distribution mechanism is eliminated, and the license alone provides no alternative path to the installed base.