Current location - Quotes Website - Personality signature - How does Android APP comply with the requirements of the Ministry of Industry and Information Technology for listing in the app store?
How does Android APP comply with the requirements of the Ministry of Industry and Information Technology for listing in the app store?

In recent months, the Ministry of Industry and Information Technology has issued notifications and rectifications to many APPs.

Our company’s products have also received delisting risk warnings from the App Store, and we will then tell you where there may be problems, including several APPs with successful cases listed.

Now summarize the following points:

Self-examination and rectification measures:

1. Do not collect permissions unrelated to the APP usage scenarios and when there are no reasonable scenarios or related services. Apply for permission from the user, for example, in a music APP, after the user clicks the button to agree to the privacy policy agreement, enter the APP and immediately apply for positioning permission from the user. At this time, no positioning-related functions or scenarios are used. It is unreasonable to apply for positioning permission. Only the user can use it. Positioning permissions can be applied to users only if they have positioning-related functions. (Map-type APPs can apply for positioning permission immediately after entering the APP, because the current functional scenarios of the APP require the use of positioning permissions)

2. There must not be a situation where the user automatically closes or exits the APP after refusing to apply for permission, and the user is forced to apply for permission. After rejection, the APP automatically closes or exits. For example, an information APP applies to the user for microphone permission. After the user clicks to reject the request, the APP automatically exits and closes. Microphone permission is not necessary for normal use of the APP. If the user does not agree to the authorization, the APP does not need to provide functions related to the microphone permission, but it cannot exit the APP directly.

3. There must be no repeated application for permission after being rejected. , Frequent pop-ups to apply for APP application permissions. After the user rejects the application, repeated and frequent pop-ups continue to apply. For example, after the user rejects the APP application permission, pop-up windows continue to apply, interfering with the normal use of the user. After the APP applies for permission and the user rejects it, the APP may not provide the function corresponding to the permission. If the user actively triggers the function, the APP can pop up a window to explain the relationship between the permission and the function, and explain to the user how to open this permission. If a non-user If this function is actively triggered, the APP shall not actively apply for this permission from the user again within 48 hours

4. The APP shall not collect unused permissions in advance. The APP shall apply for permissions from the user in advance. This is similar to Article 1. , mainly to check whether the APP has applied for permission in advance. For example, while applying for positioning permission, it continues to apply for microphone permission from the user. Although the microphone permission does have corresponding functional modules, the user cannot apply in advance before using it.

According to the third point, paragraph 1, paragraph 1, of the Ministry of Industry and Information Technology Document No. 2020164: Focus on rectifying APPs and SDKs that do not inform users of the purpose, method, and scope of collecting personal information and collect users’ personal information privately without the user’s consent. behavior.

Possible problem description:

The APP clearly states the collection and usage rules to users in the form of a privacy policy pop-up window. Without the user’s consent, the APP collects IMEI, device MAC address and software installation list. , address book and text message behavior.

The APP clearly states the collection and use rules to users in the form of a privacy policy pop-up window, but does not clearly state the purpose and scope of the APP’s collection of device MAC addresses, software installation lists, etc. After the user agrees to the privacy policy, there is collection Device MAC address, software installation list behavior.

The APP clearly states the collection and use rules of the SDK to users. Without the user’s consent, the SDK collects IMEI, device MAC address, software installation list, address book and text messages.

The APP clearly states the collection and use rules of the SDK to the user, but does not clearly state the purpose and scope of the SDK’s collection of device MAC addresses, software installation lists, etc. After the user agrees to the privacy policy, the SDK collects device MAC addresses, software installation lists, etc. The behavior of software installation lists.

When the App asks for user consent, it is set to be checked by default.

According to the third point of the Ministry of Industry and Information Technology Document No. 2020164, Article 1, Paragraph 2: APP and SDK are not necessary for the service or have no reasonable application scenarios, especially when running in a silent state or in the background, out-of-range mobile phones Personal Information Conduct.

Possible problem description:

The APP has not notified the user and without the user’s consent, there is a behavior of collecting installation list, MAC and other information in the business function, which is not required by the service. Necessary and without reasonable application scenarios, beyond the scope that is directly or reasonably related to the stated purpose when collecting personal information.

The APP has not clearly stated to users the collection and use rules of the SDK. Without the user’s consent, the SDK has collected information such as installation lists, MACs, etc., which is not necessary for the service and has no reasonable application scenarios. It exceeds the collection of personal information. The purpose stated at the time of the information is directly or reasonably related to the scope.

The APP does not inform the user and does not obtain the user’s consent. When acting before authorization, there is a behavior of collecting installation list, MAC and other information. It is not necessary for the service and has no reasonable application scenarios. It exceeds the collection of personal information. The purpose stated at the time of the information is directly or reasonably related to the scope.

The APP does not clearly indicate the collection and use rules of the SDK to the user. Without the user's consent, the SDK collects installation list, MAC and other information before authorization, which is not necessary for the service and has no reasonable application scenarios. , beyond the scope that is directly or reasonably related to the stated purpose when collecting the personal information.

According to the third point of the Ministry of Industry and Information Technology Document No. 2020164, Article 2, Paragraph 5: Focus on rectifying the installation, operation and use of relevant functions of APPs, users refuse relevant authorization applications when they are not necessary for the service or have no reasonable application scenarios. Afterwards, the application automatically exits or closes. Focus on rectifying short-term, high-frequency behaviors that frequently pop up windows and repeatedly apply for permissions unrelated to the current service scenario after the user explicitly rejects the permission application. Focus on rectifying the behavior of failing to clearly inform users of the purpose and use of requesting permissions in a timely manner, and applying in advance for permissions that exceed their business functions and other functions.

Possible problem description:

After the user explicitly rejects the application for permissions such as address book/location/text messages/recording/camera/XXX, etc., the APP still pops up a window to the user when it is re-run. Applying to enable permissions that are unrelated to the current service scenario will affect the normal use of the user.

When the APP is opened for the first time (or at other times) and no related products or services corresponding to the usage permissions are found, a pop-up window will be requested to the user in advance to enable address book/location/text messages/recording/camera/XXX and other permissions.

"Notice of the Ministry of Industry and Information Technology on launching in-depth special rectification actions for APP infringement of user rights (Ministry of Industry and Information Technology Information Management Letter [2020] No. 164)" link

/zhengce/zhengceku/ 2020-08/02/content_5531975.htm

Notice of the Cyberspace Administration of China on Issuing the "Regulations on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications" (State Information Office Secret Word [2021] No. 14) link< /p>

/2021-03/22/c_1617990997054277.htm