Release Date: 07-22-2020
Source: Ministry of Industry and Information Technology site
Chinese Title: 工业和信息化部纵深推进APP侵犯用户权益专项整治行动
Gong Xin Bu Xin Guan Han  No. 164
Communications administrations of all provinces, autonomous regions and municipalities directly under the Central Government, the China Academy of Information and Communications Technology, the Internet Society of China, and all relevant entities,
In accordance with the deployments on the development of industry discipline in the information communications industry and the rectification of malpractice in 2020, the Ministry of Industry and Information Technology (“MIIT”) has decided to launch and deeply promote special rectification actions against the infringement upon users’ rights and interests by Apps, in order to effectively strengthen the protection of users’ personal information and provide a safer, healthier and cleaner information environment for the masses. The period for special rectification is from the promulgation date of this Notice to December 10, 2020. Specific matters are notified as follows:
I. Rectification Objectives
In accordance with the Cybersecurity Law, the Telecommunications Regulation, the Several Provisions on Regulating the Order of the Internet Information Service Market (Decree No.20 of the Ministry of Industry and Information Technology), the Provisions on the Protection of Personal Information of Telecommunications and Internet Users (Decree No.24 of the Ministry of Industry and Information Technology), the Interim Administrative Provisions on the Pre-installation and Distribution of Mobile Smart Terminal Application Software (Gong Xin Bu Xin Guan  No.407) and other regulations, we should further promote the combination of technology and management, strengthen supervision and inspection, urge the relevant enterprises to strengthen the protection of personal information of Apps, timely rectify and eliminate prominent problems such as illegal collection and use of personal information of users, harassment of users, deception and misleading of users and poor implementation of management responsibilities of the application distribution platforms and purify the application space. By the end of August 2020, the management system for the national APP technical testing platform shall be put into use, and by December 10, the testing of 400,000 mainstream APPs shall be completed.
II. Rectification Objects
(I) APP service providers, namely the application software provided by the ISP that may be downloaded, installed and upgraded, including fast applications, applets and other new forms of application.
(II) Software development kit (“SDK”) providers, i.e., the third-party tool suite integrated into the mobile APP.
(III) Application distribution platforms, including various platforms for downloading, installation, upgrading and other distribution services as undertaken by websites, application stores, and APPs.
III. Rectification Tasks
(I) Illegally processing personal information of users by the App and the SDK
1. collecting personal information in violation of regulations. We should primarily rectify the unauthorized collection of users’ personal information by the App and SDK without informing the users of the purpose, method and scope of collecting such information and without their consent.
2. collecting personal information beyond the scope. We should focus on addressing the collection of personal information beyond the scope by the APP or SDK which is not required by services or has no reasonable application scenarios, especially in silent or running in the background.
3. illegal use of personal information. We should focus on rectifying APP and SDK’s unauthorized use of personal information for purposes other than providing services without informing users, especially sending and sharing personal information of users to other applications or servers without authorization.
4. forcing users to use the directional push function. We should primarily rectify the acts of failing to indicate the relevant information (such as users’ search results, browsing records and use habits) in a noticeable way by any APP or SDK without consent of users and using such information for targeted push or precision advertising, and failing to provide the option to turn off such function.
(II) Setting up obstacles and frequently harassing users
5. forced, frequent and excessive solicitation of authorization by App. We should focus on the rectification of the circumstance in which an application automatically exits or closes down after the user rejects the relevant authorization application when the application is not necessary for the services or there is no reasonable application scenario during the installation, operation and use of the relevant functions of the application. We should also focus on the rectification of malpractices of short-duration and high-frequency frequent pop-up window and repeated application for authorization irrelevant to current service scenarios after users explicitly refuse applications for authorization. Moreover, double efforts shall be made to rectify the acts of failure to timely and clearly inform users of the purpose and use of the authorization claimed and of application for authorization beyond business functions in advance.
6. frequent self-start and associated start of App. We should focus on rectifying the behavior of frequently self-starting or associating third-party Apps without notification to and consent of users or reasonable application scenario by the relevant App.
(III) Cheating and misleading users
7. deceiving and misleading users to download Apps. We should focus on cracking down on deception and misleading users to download APPs through “perpetrating a fraud” and “substituting in a disguised manner”, especially the mobile application with distribution function deceiving and misleading users to download APPs not voluntarily.
8. deceiving or misleading users into providing personal information. We should primarily rectify the activities of deceiving or misleading users to provide identity card numbers and personal biometric information by means of points, rewards, preferences or otherwise not necessary for services or without reasonable scenarios.
(IV) Inadequate implementation of application distribution platforms’ responsibilities.
9. The APP information on the application distribution platform is not clearly indicated. We should primarily rectify the acts of failure to explicitly indicate on the application distribution platform the permission lists required for the operation of Apps and the purposes thereof, as well as the content, purposes, methods, scope and other behaviors of collecting and using the personal information of users by Apps.
10. The application distribution platform’s management responsibilities have not been implemented effectively. Efforts shall be made to primarily regulate the problems such as lack of strict examination of Apps on shelves, failure to timely deal with illegal or irregular software, unauthentic identity information of app providers, operators and developers, and false and invalid contact information etc.
IV. Work Requirements
(I) Carrying out testing and inspection. The MIIT will organize third-party testing agencies to conduct technical tests on App and the SDK from the date on which this Notice is promulgated and supervise and inspect the fulfillment of primary responsibilities by application distribution platforms. If an enterprise is found to have problems in the first inspection, the MIIT shall order it to complete the rectification within five working days. If it fails to make thorough rectification but still has problems, the MIIT shall take measures such as issuing a public announcement, organizing the removal of the problematic enterprise from the shelves, imposing administrative penalties on the enterprise, and including the enterprise subject to administrative penalties in the list of poorly performing telecom operators or the list of dishonest enterprises. If an enterprise repeatedly has problems in different versions of the APP, the MIIT shall make public the problematic enterprise and carry out the subsequent disposal according to laws and regulations.
(II) Ensuring proper implementation. Communications administrations in all regions shall, in consideration of the actualities of local regions, conduct inspection, input clues to violations into the management system for the national APP technical testing platform before the 15th day of each month, and cope with relevant problems in accordance with the work requirements of the MIIT. Relevant enterprises shall conduct self-examination and self-correction in a timely manner, correct the problems found with quick action, draw inferences about other cases from one instance, and practically and effectively protect personal information. App enterprises shall improve the system for protection of users’ rights and interests and strengthen the management of the integrated SDKs. Application distribution platforms shall reinforce platform’s management responsibilities, and actively cooperate with competent telecommunications authorites in relevant supervision and administration.
(III) Promoting industry self-discipline. Industry associations are encouraged to organize APP developers and operators, application distribution platforms, third-party service providers, telecommunications equipment manufacturers, security manufacturers and other related entities to formulate self-discipline conventions and technical testing standards for the industry, improve the third-party review mechanism, and strengthen industry norms.
(IV) Strengthening the development of means. The China Academy of Information and Communications Technology shall vigorously promote the development of the management system for the national APP technical testing platform, further gather industrial forces, encourage eligible enterprises to actively participate in the building of the platform, and enhance the level and ability of automatic testing. Communications administrations in all regions shall have access as soon as possible, make good use of relevant technical means, shift the focus forward, timely detect and solve problems, and constantly improve the industry governance capacity and level.
(V) Guaranteeing smooth complaint channels. During the period of special rectification, all enterprises shall keep users’ complaint channels unblocked and improve the complaint handling service mechanism and process. The Internet Society of China shall accept the complaints of the masses through the Internet Information Service Complaint Platform (https://ts.isc.org.cn/) or the 12321 Reporting Center, and timely summarize and handle the relevant problems reported by users.
Ministry of Industry and Information Technology July 22, 2020