Making Your Mobile App or Game Compliant With Chinese Law
In June 2016, the Chinese government released its first set of rules and guidelines regulating mobile apps and games, effective August 2016. As is common with the legal system in China, these rules can be relatively vague and are subject to interpretation by the enforcement authorities. In general, they are designed to ensure that app providers protect users from privacy violations, fraud, and other illegal activities, as well as respect intellectual property laws.
Android apps and games must be submitted to each Android app store individually, and each app store will examine the app or game to make sure it is compliant with local laws. Some developers are surprised when one app store may accept their app or game, while another will reject the same for compliance issues. Usually this is due to the store’s own interpretation of the law and will require some back-and-forth communication to understand why the app or game was rejected and what can be done to bring it into compliance.
The regulations outline six obligations for app and game creators:
1. Real Name Verification
In general, the government follows the principal of “real name in the back and voluntary in the front.” It means that, although registered users may be allowed to create their own username for the app or game, the real name and identity of the user must always be registered in the system through a verification system.
In China, this is typically accomplished through a phone verification system. During the registration process, the app will send a temporary access code to the user’s registered phone number and require them to enter that code to verify it was received. Some apps use this as their primary login method. Depending on the method used, this can sometimes make it difficult to sign in to some apps on another user’s phone, which may or may not be a desirable feature.
2. Establish Effective Provisions to Protect User Information
Just as in the USA and other countries, China requires you to use industry-standard safeguards to protect Personally Identifiable Information (PII).
3. Establish a System to Audit and Manage User Generated Content
Mobile app and game creators and app stores service providers cannot allow their apps or games to be used to engage in activities prohibited by laws and regulations that endanger national security, disrupt social order, and violate the legitimate rights and interests of others.
The app or game cannot create, copy, publish, and/or disseminate information content prohibited by laws and regulations. This in general includes content that is violent, pornographic, libelous, malicious, deceptive, fraudulent, spreads “rumors”, advocates breaking the law, or harms the legitimate rights or interests of others.
There are many other restrictions for apps and games on the Chinese market. All games must undergo a thorough content review before they are issued a Game License (GRN/ISBN) from the National Press and Publication Administration (NPPA).
Measures such as warning, restriction, suspension and account closure should be taken as appropriate in response to violations. Mobile app and game providers, along with app stores, must consciously accept this kind of supervision, set up convenient methods for reporting and recording complaints, and promptly handle these complaints and reports. Otherwise, apps – and even app stores – can be held liable for content posted and spread by their users, especially if they did not have effective auditing systems in place to help prevent it.
For this reason, many social media, messaging, and other communication apps are difficult to approve in the Chinese mobile market.
4. Protect the User’s Right to Control Their Information
Your app must explicitly ask and receive consent from the user to access geographic functions, contact lists, camera, sound recording, and other such phone functions. Service-independent features cannot be bundled with installation-independent applications.
5. Respect and Protect Intellectual Property Rights
Your app cannot infringe on the intellectual property of others.
6. Record and Save User Log Information
User login information must be recorded and saved for a minimum of 60 days.
In case it seems that the purpose of all these regulations is to “crack down” on mobile apps in general, note that Article 4 adds a glowing stamp of approval to the app market itself by clearly encouraging party and government organs, enterprises and institutions and people’s organizations at all levels to actively use mobile apps to promote open government affairs, provide public services, and promote economic and social development.
Certain types of app contents are also either banned – such as gambling, fake news, pornography, or political dissent – or heavily restricted in China (such as VPNs, which must receive government approval).
How to Handle Personal User Information
In March 2018, China’s National Information Security Standardization Technical Committee (TC260), the country’s main standards body, issued the Personal Information Security Specification, which sets standards for collection, storage, use, sharing, transfer, and disclosure of personal user information. It aims to curb illegal or excessive collection and dissemination of user information.
Since then, the Cyberspace Administration of China (CAC) has released two additional sets of guidelines to further clarify privacy guidelines specifically for mobile app creators. They outline seven situations that constitute the illegal collection and use of personal data and state that customized content using algorithms driven by personal information (such as news feeds and ads), should be explicitly labeled as such. The landscape of PII laws and regulations is still patchy, but generally similar to laws in the USA and Europe. We can help ensure you are compliant with these laws,
App Store Regulations & Responsibilities
Incidentally, the regulations also outline four management responsibilities for app stores:
1. Verify the authenticity, security, and legality of the application provider and establish a credit management system.
2. Urge the application provider to protect user information and provide a complete description of the application to obtain and use the user information (which should also be provided to the user).
3. Urge the application provider to publish the legal information content, establish a sound security review mechanism, and be equipped with professionals who are suitable for the scale of the service.
4. Urge the application provider to publish legitimate apps that respect and protect intellectual property
Overall, these regulations make it clear that app stores can be held liable for the infringements of the apps on their stores. So think of the app store as your partner, making sure you are complying with local laws. They will audit your app for issues and request the appropriate documents to prove your company is legally registered and able to publish an app in China.
Do not, however, expect these app stores to help you with the actual process of applying for the proper permits and forms. You will need to do that yourself and submit these certificates to the app stores as proof.
You will also be required to fill out a Security Assessment Form to describe how you handle. If you are an AppInChina client, you can fill this out on your custom backend, and we will walk you through the process with explanations and sample answers.
Over the past few years, China has issues a series of regulations requiring the storage of data generated by apps operating in China. Unfortunately, the laws remain somewhat unclear on the details and restrictions on cross-border data transmission. As a general rule, in order to safely stay within the law, app developers who collect PII in China must store that information on servers in China. This provides the added benefit of increased speed for local users, and is a major reason why AppInChina provides a hosting solution for our customers. Cross-border data transfer requires a security assessment, government approval, and user consent.
Licensing for China
Depending on the nature of your mobile app, game, or SaaS platform, you may require additional licenses for China. For example, shopping and e-commerce platforms require a Commercial ICP license, and apps that have video chat or video conferencing features require a B22 Domestic Multi-Party Communications Services license. We can help you identify exactly which licenses your venture requires to stay compliant with China law.
The Easiest Way
AppInChina has an international team headquartered in Beijing to provide app creators a simple and easy way to register your company, protect your IP, ensure compliance with Chinese laws, and publish your app to the top Android app stores. And the entire process is facilitated by an easy-to-use online dashboard for submitting your documents and checking on status – though your dedicated account manager is always free to chat by phone, email and messaging.
Once your app is distributed in China, we continue to provide localization, monetization, user acquisition, hosting, and other services to make your app successful. Contact us now or sign into our free dashboard account to see how we can help.