According to the official micro-news of the Ministry of Industry and Information Technology, on February 27, the Ministry of Industry and Information Technology issued a notice on further improving the service capabilities of mobile Internet applications.
In recent years, the Ministry of Industry and Information Technology has vigorously promoted the improvement of mobile Internet application service quality, effectively protected the legitimate rights and interests of users, and achieved positive social results, but problems such as irregular service behavior of some enterprises and inadequate implementation of relevant responsibilities still occur from time to time. In order to optimize service supply, improve user experience, maintain a good information consumption environment, and promote the high-quality development of the industry, in accordance with the Personal Information Protection Law, Telecommunications Regulations, Several Provisions on Regulating the Order of the Internet Information Service Market, and Provisions on the Protection of Personal Information of Telecommunications and Internet Users, we hereby notify the following relevant matters on relevant laws, regulations and rules:
1. Improve the awareness of the whole process of service and protect the legitimate rights and interests of users
(1) Standardize installation and uninstallation behavior
1. Ensure informed consent for installation. The recommendation to users to download the APP shall follow the principle of openness and transparency, truthfully, accurately and completely indicate the necessary information such as the developer operator, product functions, privacy policy, permission list, etc., and simultaneously provide obvious cancellation options, and download and install only after the user's confirmation and consent, effectively protecting the user's right to know and choice. Do not deceive and mislead users into downloading and installing through methods such as "stealing beams and changing columns", "forced bundling", "silent download", etc.
2. Standardize the recommended download behavior of web pages. When the user browses the page content, without the user's consent or active choice, the APP shall not be automatically or forced, or the user shall be forced to download or open the APP by means of folding display, active pop-up windows, frequent prompts, etc., affecting the user's normal browsing information. Without justifiable reasons, the download of the APP shall not be bound to the content of the reading page.
3. Realize convenient uninstallation. In addition to basic function software, the APP shall be easily uninstalled, and shall not maliciously obstruct the user's uninstallation by means such as blank names, transparent icons, background hiding, etc.
(2) Optimize the service experience
4. The window closes and the user is selectable. The opening screen and pop-up information windows provide clear and effective close buttons to ensure that users can close conveniently; Do not frequently pop up windows to interfere with the normal use of users, or use "full-screen heat map", high-sensitivity "shake" and other methods that are easy to cause false triggering to induce user operation.
5. Advance notification of service matters. Clearly indicate the product functions, rights and fees, etc., and if there are additional conditions such as opening membership and fees, they shall be conspicuously prompted. Without express indication, it is not allowed to add restrictive conditions in the process of providing products and services, and terminate the normal use of product functions and services by users or reduce the service experience on this ground.
6. The startup and operation scenario is reasonable. In scenarios that are not necessary for the service or are not reasonable, it is not allowed to start or associate other apps, or wake up, call, update, etc.
7. Timely reminder of service renewal. Where services are provided by means of automatic renewal or automatic renewal, the consent of the user shall be obtained, and the default check box or compulsory bundle shall not be opened. Remind users 5 days before automatic renewal and automatic renewal by SMS, message push and other conspicuous methods, and provide convenient unsubscribe methods and automatic renewal and automatic renewal cancellation channels during the service period.
(3) Strengthen personal information protections
8. Adhere to the principles of legality, justification and necessity. Engaging in personal information processing activities shall have a clear and reasonable purpose, and must not compel users to consent to personal information processing that exceeds the scope or is unrelated to the service scenario solely on the grounds of service experience, product research and development, algorithm recommendation, risk control, and so forth. When the user refuses to provide personal information that is not necessary for the current service, it shall not affect the basic functions of the user's use of the service.
9. Clearly indicate the rules for handling personal information. Inform users of personal information processing rules in a concise, clear, and easy-to-understand manner, and promptly inform users of the latest situation if there are changes. Highlight the purpose, method, and scope of handling sensitive personal information, establish a list of collected personal information, and must not use methods such as default checks, reduced text, or lengthy text to induce users to agree to personal information processing rules.
10. Reasonable application for use rights. When the corresponding business function is started, dynamically apply for the required permissions, and shall not require the user to agree to multiple necessary permissions that are not the necessary functions of the business function. When calling permissions such as terminal albums, address books, and locations, the user is simultaneously informed of the purpose of applying for the permission. The user's unauthorized permission status cannot be changed without the user's consent.
(4) Respond to user demands
11. Set up a customer service hotline. Encourage Internet enterprises to establish customer service hotlines, and major Internet enterprises shall publish customer service hotline telephone numbers in conspicuous positions on websites and apps, simplifying manual service transfer procedures. Encourage the improvement of customer service hotline response capabilities, with an average monthly response time of up to 30 seconds and a manual service response rate of more than 85%.
12. Properly handle user complaints. Publish effective contact information and accept user complaints. Respond to complaints on the Internet information service complaint platform in accordance with the requirements of the norms, ensure that the handling is completed within 15 days, and increase the satisfaction rate of complaint handling. Encourage setting up user satisfaction assessment links in the APP to guide users to participate in the assessment.
Second, improve the management ability of the whole chain and create a health service ecology
(1) Implement the main responsibility of app developers and operators
1. Improve the internal management mechanism. Clarify the lead management departments and responsible persons for user services and rights protection, establish a full-life cycle personal information protection mechanism, improve the assessment and accountability system, implement relevant laws and policies and requirements in all aspects of product development, promotion and operation, and continuously improve the level of compliance. Conduct regular compliance audits of personal information protection measures and implementation to effectively prevent potential risks.
2. Enhance technical support capabilities. Adopt security technical measures such as access control, technical encryption, and de-identification to strengthen front-end and back-end security protection. Actively monitor and discover risk threats such as leakage, theft, alteration, damage, loss, and illegal use of personal information, and promptly respond to disposal requirements.
3. Strengthen the use and management of software development tools (SDKs). Before using the SDK, evaluate its personal information protection capabilities, and clearly stipulate the rights and obligations of all parties through contracts and other forms to ensure that personal information processing complies with laws and regulations. Centrally display and update embedded SDK names, functions, and rules for handling personal information. Where joint processing of users' personal information infringes upon users' rights and interests and causes damage, bear corresponding responsibility in accordance with law.
(2) Strengthen platform distribution management
5. Strengthen on-shelf APP inspection. Strengthen dynamic inspections of apps to ensure that the publicized information is true and accurate. For apps that are inconsistent with the publicized information, or use methods such as "hot update, hot switching" or other methods to change the main functions of the app, the permissions requested, the scenarios and scope of personal information collection and use without authorization, etc., the service shall be stopped.
6. Improve distribution management mechanisms. Establish mechanisms such as credit evaluation and risk warnings for app developers and operators, encourage electronic signature authentication of distributed apps, and realize traceability of the entire process of listing applications and distribution behaviors. Strengthen linkage with public service platforms for testing and certification of mobile Internet applications, and do a good job of information reporting, monitoring and tracing, information sharing, and response and disposal.
(3) Standardize SDK application services
7. Establish information disclosure mechanisms. Publicly display basic information such as SDK name, developer, version number, main functions, and usage instructions, as well as personal information processing rules. Where SDKs independently collect, transmit, or store personal information, they shall make separate explanations. Encourage the use of SDK management service platforms, and guide app developers and operators to use compliant SDKs.
8. Optimize function configuration. Follow the principle of minimum necessity, clarify SDK functions and corresponding personal information collection scope according to different application scenarios or uses, and provide APP developers and operators with functional modules and configuration options for personal information collection, and must not collect excessive personal information in a blanket manner.
9. Strengthen service coordination. In the whole life cycle of product use, actively provide compliance use guidelines to APP developers and operators in a clear and easy-to-understand manner, guide APP developers and operators to use correctly and reasonably, and jointly improve the level of compliance. When personal information processing rules are changed or risks are discovered, they will be updated in a timely manner and notified to the APP developer and operator.
(4) Build a strong line of defense for terminal security
10. Strengthen APP operation management. Provide users with the shutdown function of APP self-start and associated startup, as well as convenient related device identification code reset options, strengthen the monitoring of APP silent download and hot update, and prevent unauthorized starting, downloading, and installation without the user's consent.
11. Strengthen APP behavior record reminders. Enhance the ability to record permission call behavior, and facilitate users to query permission calls. Establish a clear mechanism for prompting the status of permissions in use such as address books, microphones, cameras, locations, and clipboards, to ensure that users are aware of the status of personal information collection in a timely and accurate manner.
12. Improve the ability of APP risk early warning. Promote the development of electronic signature authentication of apps, and provide early warning prompts to users to improve the ability to identify risk apps such as counterfeiting, bad products, and violations.
(5) Consolidate the responsibility of access enterprises
13. Accurate registration information. When providing network access services for apps and SDKs, register and verify the real identity, contact information and other information of the APP and SDK developers and operators to improve traceability capabilities.
14. Ensure effective disposal. In accordance with the requirements of the telecommunications regulatory authorities, take necessary measures such as stopping access to illegal apps and SDKs in accordance with the law, and effectively prevent violations that infringe on users' rights and interests.
3. Work requirements
(1) Do a good job in organizational implementation. All units should adhere to the people-centered development thinking, improve their political standing, strengthen their responsibility, refine and break down tasks, and earnestly grasp the implementation of this circular to ensure that practical results are achieved. Relevant enterprises should implement entity responsibility, carry out self-examination and self-correction in accordance with the requirements of this notice, and truly protect the legitimate rights and interests of users. At the same time, we will improve the long-term mechanism, innovate models and methods, continuously improve the service level of mobile Internet applications, and continuously enhance users' sense of gain, happiness and security.
(2) Strengthen guidance and oversight. The Ministry of Industry and Information Technology has completed and improved the evaluation, notification, ranking, and publicity mechanisms, promoted the solid and orderly development of work, and timely summarized and popularized excellent cases and experience and practices. Local communications administration bureaus should strengthen supervision and inspection, and guide and urge local enterprises to implement the requirements of this circular. Where implementation is not in place or violations occur, take measures such as ordering rectification within a time limit, making announcements to the public, and organizing takedowns in accordance with law, and strictly investigate and deal with accountability.
(3) Strengthen the use of technology. The China Academy of Information and Communications Technology should organize industrial forces, comprehensively use artificial intelligence, big data and other new technologies and new means, upgrade and build a national testing and certification public service platform for mobile Internet applications, continue to improve the platform functions, and do a good job in technical testing, monitoring services and regulatory support. Actively promote the application of traceable technical means such as electronic signature authentication to promote the improvement of service management capabilities.
(4) Promote industry self-discipline. Industry associations and relevant institutions are encouraged to formulate industry self-discipline conventions, technical standards, and service specifications, and strengthen assessment and certification and talent training. Further unblock channels to listen to the opinions of the masses, promote exchanges and interactions among all parties, guide enterprises to operate in accordance with laws and regulations, continuously optimize and improve services, create a good environment for striving for excellence and mutual promotion, and promote high-quality development with high-quality services.
Edited by Liu Jiani
![In April, the new forces of car manufacturing delivery fell across the board! Ideal executive: Supply chain, logistics, and production are all disrupted[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)