MIIT Information Management Letter [ two thousand and twenty 〕 one hundred and sixty-four number
Communications administrations of provinces, autonomous regions and municipalities directly under the Central Government, China Information and Communication Research Institute, China Internet Association, and relevant units:
according to two thousand and twenty The deployment of the construction and rectification work of the information and communication industry in order to effectively strengthen the protection of users' personal information and provide a safer, healthier and cleaner information environment for the people , Our department has decided to carry out a special rectification action to promote in depth the infringement of users' rights and interests by APP. The special rectification time is the date of issuance of the notice to two thousand and twenty year twelve month ten day 。 specific The notice is as follows:
1、 Control objectives
According to the Network Security Law, the Telecommunication Regulations, and the Several Provisions on Regulating the Order of the Internet Information Service Market (Decree No twenty Regulations on the Protection of Personal Information of Telecommunication and Internet Users (Decree No twenty-four No.) and Interim Provisions on the Management of Presetting and Distribution of Mobile Intelligent Terminal Application Software (Information Administration of the Ministry of Industry and Information Technology [ two thousand and sixteen 〕 four hundred and seven No.), etc regulations , deeply promote the combination of technology and management, strengthen supervision and inspection, urge relevant enterprises to strengthen the protection of APP personal information, and timely rectify and eliminate the illegal collection and use of user personal information and Disturb users, cheat and mislead users, and the application distribution platform management responsibilities are not fully implemented, so as to purify the APP application space. two thousand and twenty year eight Go online to run the national APP technology detection platform management system before the end of the month , twelve month ten Complete coverage by the day forty Ten thousand mainstream APPs are tested.
II Treatment object
(I) APP service provider, namely the application software that can be downloaded, installed and upgraded provided by Internet information service provider, Including new application forms such as fast applications and applets.
(II) Software tool development kit (SDK) provider, that is, a collection of third-party tools integrated in mobile APP.
(III) Application distribution platforms, including websites, app stores, APP and other platforms that undertake download, installation, upgrade and other distribution services.
3、 Rectification task
(1) In terms of APP and SDK handling users' personal information in violation of regulations 。
one . Illegal collection of personal information. Focus on the rectification of APP and SDK's failure to inform users of the purpose, method and scope of collecting personal information, and to collect users' personal information without users' consent 。
two . Collect personal information beyond the scope. Focus on the remediation of APP and SDK that are not necessary for services or have no reasonable application scenarios, especially the behavior of collecting personal information beyond the scope in a silent state or when running in the background.
three . Illegal use of personal information. Focus on the rectification of APP and SDK's private use of personal information and use of user's personal information for purposes other than providing services without informing users and consent of users, especially the behavior of sending and sharing user's personal information to other applications or servers.
four . Force users to use the directed push function. Focus on the rectification of APP and SDK's failure to use the collected personal information such as users' search, browsing records and usage habits for targeted push or advertising precision marketing without obvious signs and users' consent, and the failure to provide the option of turning off this function.
(2) Setting obstacles and harassing users frequently 。
five . The APP forces, frequently and excessively requests permission. It is not necessary for services to focus on improving the installation, operation and use of relevant functions of APP need Or in the absence of reasonable application scenarios, the application automatically exits or closes after the user rejects the relevant authorization application. Focus on short-term, long-term and high-frequency actions. After users clearly refuse permission applications, they frequently pop up windows and repeatedly apply for permissions unrelated to the current service scenario. Focus on the rectification of the behavior that users are not informed of the purpose and purpose of asking for permission in time, and apply for permission beyond their business functions in advance.
six . APP is frequently self started and associated. Focus on the rectification of the behavior that APP frequently self starts or launches third-party APP by association without informing users and their consent, or without reasonable use scenarios.
(3) Deceiving and misleading users 。
seven . Deception misleads users to download APP. Focus on rectification and pass "stealing beams and replacing pillars" ”“ Spreading flowers and trees "and other ways to cheat and mislead users to download APP, especially the behavior of mobile applications with distribution function to cheat and mislead users to download APP involuntarily.
eight . Deception misleads users to provide personal information. Focus on the rectification of acts that are not necessary for services or without reasonable scenarios, and deceive and mislead users to provide ID card numbers and personal biometric information by means of points, rewards, discounts, etc.
(4) Inadequate implementation of application distribution platform responsibilities 。
nine . The APP information on the application distribution platform is not clearly stated. Focusing on the rectification of the application distribution platform, the list of permissions required for the operation of APP and its purpose were not clearly stated, and the content, purpose, method and scope of APP collection and use of user personal information were not clearly stated.
ten . The management responsibility of the application distribution platform was not fully implemented. Focus on the rectification of the lax review of APP launch and the delayed handling of illegal software and The identity information of APP providers, operators and developers is not true, and the contact information is false and invalid.
four Work requirements
(1) Carry out inspection 。 Our Ministry will to From now on, a third-party testing agency will be organized to conduct technical testing on APP and SDK, and supervise and inspect the implementation of the main responsibilities of the application distribution platform. For enterprises with problems found in the first inspection, our department will order five The rectification shall be completed within working days. If the rectification is not complete and there are still problems, measures such as public announcement, organization removal, administrative punishment, and inclusion of violators subject to administrative punishment into the list of bad business operation or dishonesty of telecommunications services will be taken; For enterprises that repeatedly have problems in different versions of APP, our department will announce to the public, and carry out follow-up disposal work according to laws and regulations 。
(2) We will implement the policy. various land The Communications Authority shall combination Actual inspection, monthly fifteen Recently, the violation clues were recorded into the management system of the national APP technology detection platform And handle relevant problems according to the work requirements of the department. Relevant enterprises should carry out self-examination and self correction in a timely manner, establish and reform the problems found, draw inferences from other cases, Effective protection personal information. APP enterprises should improve the user rights protection system and strengthen the management of integrated SDKs. The application distribution platform should strengthen the platform management responsibility and actively cooperate with the competent telecommunications department to carry out relevant supervision work.
(3) Promote industry self-discipline. Industry associations are encouraged to organize APP developers and operators, application distribution platforms, third-party service providers, telecommunications equipment manufacturers, security manufacturers and other relevant units to develop industry self-discipline conventions and technical testing standards, improve the third-party evaluation mechanism, and strengthen industry norms.
(4) Strengthen means construction. China Academy of Information and Communication should vigorously promote enter The construction of the management system of the national APP technology testing platform will further consolidate the industrial strength, encourage qualified enterprises to actively participate in the platform construction, and improve the level and ability of automated testing. various land The Communications Administration should access as soon as possible, make good use of relevant technical means, move forward the gateway, find and solve problems in a timely manner, and constantly improve the ability of industry governance And horizontal 。
(5) Smooth complaint channels. During the special rectification work, all enterprises should unblock the complaint channels of users and improve the complaint handling service mechanism and process. Internet Society of China should use the Internet information service complaint platform( https://ts.isc.org.cn/ )Or twelve thousand three hundred and twenty-one The Report Center accepts complaints from the masses and collects and deals with relevant problems reported by users in a timely manner.
Ministry of Industry and Information Technology
two thousand and twenty year seven month twenty-two day