Hello,
As we enter a new week, we wanted to reiterate our commitment to our customers, partners, employees and shareholders. Many of the absurd allegations in the short-seller report from Oct 24th have conclusively been addressed already. However, we have received some questions that we will again address today. Importantly, the Company has moved swiftly and without hesitation in forming a special committee who in turn wasted no time in bringing in Shearman & Sterling LLP and Deloitte & Touche who will put the final, independent and third-party validation on our business, our accounting, our cash and liquidity, our revenues, and our customers and products. We remain confident and our swift and transparent action is indicative of this position.
As clearly stated in our recent news announcements, we have demonstrated the liquidity and availability of our cash position and strength of our balance sheet; reaffirmed our customer relationships; and continued to launch new products and expand new customers/partners. We are confident in the strength and integrity of our underlying business and our business practices which is clearly evidenced by the increased transparency and willingness to provide access to Yidatong management, Standard Chartered representatives, and other key third parties directly or under NDA if required for competitive or contractual reasons.
With respect to our cash, we have demonstrated the cash is real and liquid, and also demonstrated that our core business provides ample cash flow without the need to tap these term deposits to fund our day-to-day operations which include more than 900 employees in both the US and China. We will continue to transfer these term deposits in a swift and orderly fashion.
As previously disclosed in each of our audited 20F's, the amount of revenues that flow from carriers through Yidatong to NQ has been provided in complete detail. Yidatong is an important payment processing service provider for NQ, and one of several that play an essential role for billing processing for both NQ and others across the industry. We have already disclosed that Yidatong is an independent operating company and provided information to verify that NQ has never had an ownership interest in Yidatong. The business interaction and payment flows have been vetted, audited, and continually verified. We have the bank transfer receipts detailing all of the actual cash transfers from YDT to NQ in 2012 and we are making verification available to our third party auditor. Additionally, we have also made available the monthly reports that YDT delivers to NQ detailing the payments collected on behalf of NQ with carrier partners. These reports, along with the cash transfer receipts are the kind of thing that auditors and our independent third party auditor use to verify and then cross check with actual cash flows.
Ms. Xu Rong indeed worked as a consultant at NQ from the spring of 2007 until the end of that year. She then worked actively part-time as NQ's director of marketing from the end of December 2007 until August 2008. There is nothing revelatory or earth-shattering about a company working closely with and partnering with individuals who previously worked together. In fact, it is quite normal, expected and often optimal to work with partners that you have come to trust and appreciate. Further, and to restate, the relationship with Yidatong and NQ has been fully disclosed, fully vetted, and fully verified every step of the way. We have had many third parties, investors, and even reporters visit the Yidatong office in Beijing – which they share with Ms. Rong's other business 9Hcom (a PC gaming company she also owns).
This is how the payment flows work from end user at the carrier to the SP (Yidatong in this case) and then to the content provider (NQ in this case):
(Photo: http://photos.prnewswire.com/prnh/20131104/CN09543-a )
Now, lets discuss customers. There is some confusion regarding what a customer is and what a partner is, with some reports confusing the two. Customers are enterprises and individual end users that pay for our products through partners. Partners are the key channels to our end users. The consumer business is where there seems to be the most confusion. Lets clarify this confusion once and for all:
In the consumer segment, our customers are end users. End users buy and use our product. Our company utilizes many different channels to acquire these end users. We also utilize many methods for the end users to pay for our products and services. This is where the confusion stems from.
Our most significant user acquisition channels include preinstall and preload relationships; distribution and retail; carrier channels; direct via app stores; advertising networks; and the Internet. Additionally, NQ also powers many of our partners' products for them in a "white label" relationship. We enable our handset/OEM partners to provide their customers with great products in their own branding while we run the underlying technology and security of those products.
Our end users pay for our products in many different ways as well. The payment channel that has garnered the most questions relates to the service provider (SP) relationship with carriers. End users subscribe to NQ's premium services and the carrier receives confirmation of the subscription and then adds the charges to the end-user's phone bill. The SP confirms the subscription and aggregated payments with the carrier and then receives the payment from the carrier after 60 days. A report is generated by the SP to NQ detailing the payment from the carrier and then based on the records of NQ's BOSS system, NQ invoices the service providers and receives payment after 30 days. This is detailed in the flow chart above. These monthly reports from the SP to NQ and then the payments from the SP to NQ have been made available to third parties with respect to NQ's largest SP relationship, Yidatong.
The service provider (SP) channel is one of our biggest channels of payments for our security products in China as is customary and required. As required by our auditors and in our annual 20F, we report the largest sources of revenues and provide details on the revenue concentration in these different sources. Yidatong is our largest source of revenue in this category and therefore often is confused as a customer. Remember, the customer is our end user. Yidatong is the payment channel that the customer pays the carrier and the carrier ultimately shares with us our portion. As we already disclosed, our three largest service providers include: Yidatong, China UMPay, and Info2Cell. Though, you can now understand that these are not the 3 largest customers.
There are other channels whereby the end user actually pays for our products, including distributors (our largest distributors in China include Huahui and Lixingjing) and retail relationships. In some cases, we also get paid directly from carriers, but this is mostly outside of China. Other channels include App Stores payment, Google Play payment, and Direct to our own payment sites (contrary to the report's claims, our payment site does work and is operating). We also have big mobile gaming revenue that comes from using third-party payment channels like Alipay.
In terms of how the end user actually pays for our products, our largest partners include Service Providers (the largest are Yidatong, China UMPay and Info2Cell), Carriers (we have strong relationships with all of the carriers in China and many of the largest around the world including China Mobile), Distributors (like Huahui and Lixingjing) and Retailers (we have third parties and others under NDA verifying these), and Direct. In addition, we have a growing Gaming and Advertising business. The top 5 provinces where our end users and partners reside in China include: Guangdong, Jiangsu, Hebei, Zhejiang, Fujian.
Our Enterprise business is more direct in how it reaches customers and then gets paid by them. We have highlighted many of these enterprise customers before, but they include the largest financial, insurance, health care, and other organizations in China. This customer list includes Anbang Insurance and GE Healthcare who is bringing our NQSky solutions into hospitals. We also extended our customer lists to include ICBC, PICC, and others.
There are ample ways to verify these partners, customers and carrier relationships around the world. Below are just a few links that show our product pre-loaded/pre-installed, or white-labeled, or offered as part of carrier solutions. We stand by our partners. In addition, we would like to highlight one of the largest preload deals in the history of NQ that was announced just last week. Even in the face of the short seller report and subsequent market reaction, we announced an exciting new and expansive way that we are working with the largest carrier in the world. China Mobile is going to be preloading their music player app – Migu (also sometimes referenced in the Internet world as Mi-Cu) – with NQ Mobile's audio-based search technology. This licensing deal is a tremendous validation of our technology, but also the single most important customer and partner validation. This was announced during this attack on our business. China Mobile's validation in spite of these egregious allegations is a strong endorsement of our relationship with them and many others. Furthermore, Lenovo also confirmed the partnership with NQ Mobile with a strong statement.
Links to a number of partners verifying our relationships and product collaborations:
https://play.google.com/store/apps/details?id=com.nqmobile.antivirus20.telcel&hl=en
https://play.google.com/store/apps/details?id=com.nq.familyprotector
https://play.google.com/store/apps/details?id=com.nqmobile.antivirus20.uscc
https://play.google.com/store/apps/details?id=com.nq.uscc.ps
https://play.google.com/store/apps/details?id=com.nqmobile.antivirus20.cricket&hl=en
http://www.abs-cbnnews.com/business/11/03/13/new-smartphone-competes-business-market
We just want to make a few more points about some other topics that have arisen. Given the questions about cash being real, or Yidatong's existence, or even our customer relationships as described above have been answered – there is a tendency to now try and shift attention to other questions including our DSOs or the quality of our product. This is a tactic that we expect to see more often as the facts around the initial report's claims continue to fall down as false.
Let us address the topic of DSOs as it has been erroneously reported. The false reports suggest a much higher DSO then is actually the case. The elevated DSO topic has been addressed by the Company repeatedly since the beginning of the year. This has been an area of emphasis. We are committed to improving this going forward. We showed improvement in Q2 relative to Q1 as our DSOs came down to 145 days from 158 days. There has been a tremendous amount of effort put in place to work on this in the areas of the world with the highest collection times (The Middle East and Southeast Asia). As we have said before and repeated many times, we will show improvement. We are excited to share the results on this topic when we report our Q3.
There are 2 other important points about DSOs. Most importantly - and we keep coming back to the cash. DSOs are an issue if the cash flows don't show up – which isn't the case with our Company. We have strong cash flows and a strong history with many collection cycles with our partners. Please note the growth in revenues relative to the growth in our receivables. Revenues are outpacing receivables. Stay tuned for another update with our Q3 results.
As for the quality of our product, we already addressed this. NQ has always made it our priority to constantly improve the capability, features, value, and security of our products. We have been doing exactly that for the last 8 years and were the pioneers in the mobile security space. We will never stop learning, innovating, and creating for our partners and end-users. The bottom line is we are confident in the quality and value of our core security products and solutions. Below are the details to any questions related to this product topic:
NQ participates in regular benchmark testing through independent labs like West Coast Labs and AV Test. Both labs are premier software testing houses that have reviewed NQ's software performance and technology.
- Earlier this year NQ Mobile's products were included in the AV-TEST public Certification Program.
- As part of this program, NQ Mobile Security was subject to rigorous tests and quality measurements, including mobile malware detection, CPU/Battery performance, false/positive application detection, ease of use and the inclusion of additional value added features.
- "After multiple rounds of testing, in June 2013, NQ Mobile Security was recognized as a top performing product, achieving 99.5% malware detection and was awarded the coveted AV-TEST Certification quality seal."
- Maik Morgenstern, CEO AV-TEST, Oct 28, 2013
As the security space is continually evolving, NQ is committed to ensuring its product capabilities are above benchmark and is constantly reviewing its platform and its capabilities and working with outside experts like ID Theft Protect (http://id-theftprotect.com/), to ensure that NQ is making the appropriate investments in its core technologies.
- NQ has also a long-standing relationship with external mobile security consultancy, IDTP.
- IDTP was brought on in mid-2012 as an external consultant by NQ because of IDTP's expertise in the mobile security space.
IDTP was tasked specifically to help review NQ's security architecture and to execute technology and architecture improvements with our products in order to maintain the security of our products and our customers.
The following security improvements have been made since mid-2012:
- Multi-engine detection - NQ have deployed cloud-side multi-engine detection capability, which is currently supported by several Tier 1 and Tier 2 AV vendors, as well as NQ's proprietary native engine. This is an industry-leading approach to detecting malware.
- NQ user account salting - NQ provides database user account (cloud server) privacy and encryption. This prevents rainbow table attacks that are used for reversing cryptographic hash functions. This approach is used by hackers to crack password hashes.
- NQ Gzips - AES encryption prevents data from being uploaded to servers as near plain text.
- Data Encryption - AES encryption employed to protect SMS, contacts, call logs, IMEI, IMSI, ICCID and ESN.
- Master Key Exploit - refer to Android security bug 8219321. Android cryptographic verifier validates the first version of any duplicate file in an APK archive, but the installer extracts and installs the LAST version (duplicate). NQMS protects users from this exploit.
- 401 Phishing – USSD exploit can brick a device by sending the user to a malicious web page. NQMS prompts you if USSD exploit attempts to open the dialer app and or prompts you to open the browser. Vanilla (stock) Android is unaffected by this exploit.
- SEND_SMS Capability Leak – looks for SMS spam (including URLs) that uses the Send_SMS permission without actually requesting the read & write SMS permissions. This leak is also used by developers to deliver SMS ads.
- Adware detection - AdMob/Flurry - API leakage/permission analysis. NQMS classify "adware", if an app is using AdMob / Flurry, but only if an app uses the INTERNET & ACCESS_NETWORK_STATE permissions when there is no mention of Google mediation networks on the Play Store.
NQ Mobile is also collaborating with global anti-virus bodies on malware definitions as well as leading the anti-virus and mobile security industry on developing a Mobile Malware Sample Sharing Network (MMSSF) to improve real-time mobile malware analysis as well as sharing this data with AV industry partners.
NQ Mobile Security 7.0 maintains strict caution on transportation of non-China consumer private data to China. NQ has always been very clear on this and has gone the extra step to have also sought Truste privacy certification, seeking their expert guidance in this particular area, as the protection of our consumer's private data is important to NQ and to NQ's business.
NQ is and has always been transparent with customers about the data we collect as well as maintain strict controls about where we store that data. Our process is aligned with our privacy policy, and, most importantly, adheres to the standards that NQ expects from its own business and also that of experts in the industry.
The below table outlines what data NQ MS 7.0 uploads, where NQ store it, and what it is used for.
(Photo: http://photos.prnewswire.com/prnh/20131104/CN09543-b )
Data that is specific to a phone number or device (IMEI, IMSI, ICCID, ESN) that we do transport to China is used specifically and only for purposes of billing and are for premium paying customers only and is done only in our NQ Data Center. NQ's Data Center houses NQ's BOSS system (Business Operations Support System), which provides global billing and authorization services.
Lastly, a feature on NQ Mobile Security 7.0 called Virus Broadcast is a free service for consumers to see what the latest viruses are that have been reported in our global virus database. It is NOT specific to any user's device. To be clear, on installation, NQ mobile security 7.0 preinstalls an anti-virus database on the device. With the installation, NQ also prepackages the latest Virus Broadcast Feed as well. Prepackaging this with the installation file avoids a separate download after install. After installation, Virus Broadcast WILL show the user the latest two viruses in the Virus Broadcast at the point of installation. Once the database is updated, the Virus Broadcast will update as well with the latest information from the newly updated AV database.
Finally, we will work hard to transparently and quickly defend any falsehoods or inaccurate analysis that is released. We are focused on running our business. We are confident in our business. We look forward to reporting our Q3 results.
If you have any questions or if we can help with anything, please let us know.
Regards,
Matt
