According to a report released by the National Cybersecurity Information Center, the Public Security Ministry’s Computer Information System Security Product Quality Supervision and Inspection Center has identified 70 mobile applications that are in violation of regulations concerning the collection and usage of personal information. This underscores a persistent issue in the digital ecosystem where user data privacy is often compromised.
The specific violations identified are detailed as follows:
1. Failure to Prompt for Privacy Policy and Provide Clear Usage Rules: Many applications did not clearly inform users about their data collection and usage policies upon first launch. This included not providing conspicuous pop-ups for users to review privacy agreements, making privacy policies difficult to access, or failing to clearly and accurately disclose the identity, contact information, and data retention period of the personal information processor. This practice hinders user awareness and informed consent. This issue was found in 13 mobile applications, including:
“Beidou Companion” (v1.47, 360 Mobile Assistant), “Bianfeng Dou Dizhu” (V1.0.7.140, WeChat Mini Program), “Caineng Network” (6.2.8.3, 360 Mobile Assistant), “Lan Xiangzi Xiangcai Xiaochao” (WeChat Mini Program), “Laowan Hui Order +” (3.30.14, WeChat Mini Program), “Momo Vocabulary” (V5.5.11 (0839) RLC, PP Assistant), “Shanghai Siji_Android_SDK” (2.8.4, Official Website), “Sviden Homestay Apartment Villa Booking” (1, WeChat Mini Program), “Suchongyin” (v1.3.23, vivo App Store), “Xiao Chunniang Huaiyang Cuisine” (WeChat Mini Program), “Yuanqi SDK” (5.7.2, Official Website), “Yunketang SDK” (6.39.4, Official Website), “Chang’an Application Store” (1.0.0.av, Chang’an Qiyuan Q05 Pre-installed Application)
2. Inadequate Privacy Policy Detail: A significant number of apps failed to provide a comprehensive breakdown within their privacy policies, specifically not listing the purposes, methods, and scope of personal information collection and usage by the app itself, as well as any third-party SDKs, plugins, or embedded code. This lack of transparency makes it difficult for users to understand how their data is being processed. This deficiency was noted in 38 mobile applications:
“Baijiayun Android Playback core sdk” (3.22.2, Official Website), “Baoxiao Pitu Emoji DIY” (4.1.0, Xiaomi App Store), “Beidou Companion” (v1.47, 360 Mobile Assistant), “Caineng Network” (6.2.8.3, 360 Mobile Assistant), “Chan Mama” (4.18.2, Huawei App Market), “Chong Richang” (V26.3.0, Douyin App Center), “Duizhuang Jade” (8.5.5, Lihu Market), “Duoduo Animation House” (3.8.8.0_alipp, PP Assistant), “Haofenshu” (V4.31.55, App Store), “Jialutong” (v5.6.7, Douyin App Center), “Jiang Haijinlong Comprehensive Edition” (V9.00.91, Baidu Mobile Assistant), “Judou” (V5.0.7.1102, PP Assistant), “Kaiyan English” (8.2.9, App Store), “Paper Translation Assistant” (3.5.12, vivo App Store), “Maoxiang” (1.51.0, Douyin App Center), “Miaopu Pitu” (3.2.1, Xiaomi App Store), “Momo Vocabulary” (V5.5.11 (0839) RLC, PP Assistant), “Mu Wu Waimai” (WeChat Mini Program), “Paidu English” (5.7.9, Dangxia Software Park), “Renrenzu” (3.16.3, Kuaishou Download Center), “Shanghai Siji_Android_SDK” (2.8.4, Official Website), “Shenlong Acceleration” (1.4.0, Huawei App Market), “Shiyou Shanglv” (4.3.0, vivo App Store), “Wanda Pubao” (25.07.3, Huawei App Market), “Xiangzi Constellation” (V7.5.5, Appstore), “Xiao Chunniang Huaiyang Cuisine” (WeChat Mini Program), “Floating Clock” (1.4.4, Sogou Download), “Xueqiu Fund” (7.66.0, Huawei App Market), “Xunfei Yousheng” (2.7.3201, PP Assistant), “Yinyue Duoduo” (1.0.7, Baidu Mobile Assistant), “You Jiankang” (8.4.5, Wandoujia), “Yuanbei Jiao” (10.5.9.869, PP Assistant), “Yuanqi SDK” (5.7.2, Official Website), “Yuanzhou Luji” (V3.1.9, 360 Mobile Assistant), “Yunzhubo-Tuiliu SDK” (2.7.1, Official Website), “Zhanshang Gongjiao” (7.1.6, Wandoujia), “Zhanshang Huayi” (V3.124.5, App Store), “Zhenhao Jie” (9.0.5, Xiaomi App Store)
3. Failure to Inform Users About Data Sharing with Third Parties: When personal information is shared with other processors, users were not consistently notified about the recipient’s identity, contact details, the purpose and method of processing, and the types of data being shared. Furthermore, separate consent from the individuals was not always obtained. This practice raises serious concerns about data control and potential misuse by third parties. This affects 17 mobile applications, including:
“Chilun” (10.0.8, Wandoujia), “Chong Richang” (V26.3.0, Douyin App Center), “Duoduo Animation House” (3.8.8.0_alipp, PP Assistant), “Fangzhou Jianke Online Pharmacy” (6.42.0, OPPO Software Store), “Jialutong” (v5.6.7, Douyin App Center), “Judou” (V5.0.7.1102, PP Assistant), “Kaiyan English” (8.2.9, App Store), “Meili Xiuxing” (8.36.0, Appstore), “Miaopu Pitu” (3.2.1, Xiaomi App Store), “Tongcheng Xindong” (1.1.0, Kuaishou Download Center), “Tuyahaotu” (9.0.7, Sogou Download), “Wanda Pubao” (25.07.3, Huawei App Market), “Xunfei Yousheng” (2.7.3201, PP Assistant), “Yuanbei Jiao” (10.5.9.869, PP Assistant), “Zhanshang Gongjiao” (7.1.6, Wandoujia), “Zhanshang Huayi” (V3.124.5, App Store), “Zhenhao Jie” (9.0.5, Xiaomi App Store)
4. Data Collection and Permission Granting Without Prior Consent: Several applications commenced collecting personal information or activating data-collecting permissions proactively without obtaining explicit user consent beforehand. This is a direct contravention of basic privacy principles that prioritize user autonomy. This issue was observed in 7 mobile applications:
“Jixin Zhushou” (2.5.1, Huawei App Market), “Lan Xiangzi Xiangcai Xiaochao” (WeChat Mini Program), “Laowan Hui Order +” (3.30.14, WeChat Mini Program), “Mu Wu Waimai” (WeChat Mini Program), “Paidu English” (5.7.9, Dangxia Software Park), “Wanda Pubao” (25.07.3, Huawei App Market), “Yinyue Duoduo” (1.0.7, Baidu Mobile Assistant)
5. Lack of or Ineffective Personal Information Correction and Account Deletion Features: Users were often hindered from exercising their rights to correct or delete their personal data or de-register their accounts. In cases where these functionalities were present, they were either not responsive in a timely manner or required manual intervention without adherence to promised resolution times. This can leave users in a difficult position regarding their digital footprint. This problem was present in 5 mobile applications:
“Baijiayun Android Playback core sdk” (3.22.2, Official Website), “Sviden Homestay Apartment Villa Booking” (WeChat Mini Program), “Yunketang SDK” (6.39.4, Official Website), “Yunzhubo-Tuiliu SDK” (2.7.1, Official Website), “Zhongchuang Zhigou Member” (4.7.3.0515, Wandoujia)
6. Inconsistent or Erroneous Reporting: An anomaly in the reporting listed several applications without a clear categorization of their violation, making it difficult to provide targeted feedback. This may point to broader systemic issues in data handling practices across a range of applications. The applications involved are:
“91 Desktop” (10.5.2, Sogou Download), “Chong Richang” (V26.3.0, Douyin App Center), “Judou” (V5.0.7.1102, PP Assistant), “Shanghai Siji_Android_SDK” (2.8.4, Official Website), “Shenlong Acceleration” (1.4.0, Huawei App Market), “Sviden Homestay Apartment Villa Booking” (WeChat Mini Program), “Yantai Bank Citizen E-loan” (v2.4.1.0(acc94934), WeChat Mini Program)
7. Absence of Convenient Consent Withdrawal Mechanisms: Users were not provided with easy or accessible ways to withdraw their consent for data collection. The lack of straightforward opt-out options limits users’ control over their personal information. This issue was found in 28 mobile applications, including:
“Beidou Companion” (v1.47, 360 Mobile Assistant), “Caineng Network” (6.2.8.3, 360 Mobile Assistant), “Chilun” (10.0.8, Wandoujia), “Chong Richang” (V26.3.0, Douyin App Center), “Duizhuang Jade” (8.5.5, Lihu Market), “Duoduo Animation House” (3.8.8.0_alipp, PP Assistant), “Fangzhou Jianke Online Pharmacy” (6.42.0, OPPO Software Store), “Haofenshu” (V4.31.55, App Store), “Jixin Zhushou” (2.5.1, Huawei App Market), “Kaiyan English” (8.2.9, App Store), “Koudai Chongyin” (V2.6.1(81), vivo App Store), “Paper Translation Assistant” (3.5.12, vivo App Store), “Maoxiang” (1.51.0, Douyin App Center), “Momo Vocabulary” (V5.5.11 (0839) RLC, PP Assistant), “Renrenzu” (3.16.3, Kuaishou Download Center), “Shiyou Shanglv” (4.3.0, vivo App Store), “Suchongyin” (v1.3.23, vivo App Store), “Tuyahaotu” (9.0.7, Sogou Download), “Yantai Bank Citizen E-loan” (v2.4.1.0(acc94934), WeChat Mini Program), “Yinyue Duoduo” (1.0.7, Baidu Mobile Assistant), “You Jiankang” (8.4.5, Wandoujia), “Yuanzhou Luji” (V3.1.9, 360 Mobile Assistant), “Yunketang SDK” (6.39.4, Official Website), “Changlong Tourism” (Version7.9.3, 360 Mobile Assistant), “Zhanshang Gongjiao” (7.1.6, Wandoujia), “Zhanshang Huayi” (V3.124.5, App Store), “Zhenhao Jie” (9.0.5, Xiaomi App Store), “Zhongchuang Zhigou Member” (4.7.3.0515, Wandoujia)
8. Lack of Opt-Out Options for Personalized Content and Marketing: Applications utilizing automated decision-making for targeted information推送 or commercial marketing did not provide users with the option to opt out of personalized content or with a simple way to decline such practices. This infringes on user autonomy in managing the information they receive. This applies to 2 mobile applications:
“Judou” (V5.0.7.1102, PP Assistant), “Xueqiu Fund” (7.66.0, Huawei App Market)
9. Collection of Sensitive Personal Information Without Separate Consent: The collection of sensitive personal data was proceeding without obtaining specific, explicit consent from the individuals involved, a critical requirement for protecting vulnerable information. This was identified in 1 mobile application:
“Wanda Pubao” (25.07.3, Huawei App Market)
10. Inadequate Handling of Minors’ Personal Information: Applications dealing with the personal information of minors under the age of fourteen failed to establish specific rules for processing such data and did not obtain separate consent from guardians when collecting information from minors. This represents a significant oversight in child data protection. This violation was noted in 12 mobile applications:
“Bianfeng Dou Dizhu” (V1.0.7.140, WeChat Mini Program), “Fei Da Chu Chili Fried Meat Member” (WeChat Mini Program), “Lan Xiangzi Xiangcai Xiaochao” (WeChat Mini Program), “Laowan Hui Order +” (3.30.14, WeChat Mini Program), “Momo Vocabulary” (V5.5.11 (0839) RLC, PP Assistant), “Mu Wu Waimai” (WeChat Mini Program), “Taowei Chalou” (WeChat Mini Program), “Tianjin Runengcheng Shopping Center” (WeChat Mini Program), “Wanda Pubao” (25.07.3, Huawei App Market), “Xiangzi Constellation” (V7.5.5, Appstore), “Xiao Chunniang Huaiyang Cuisine” (WeChat Mini Program), “Yunketang SDK” (6.39.4, Official Website)
11. Excessive Data Collection Beyond Actual Needs: Some applications collected personal information at a frequency or in a scope that exceeded what was necessary for their stated functional requirements, suggesting potential overreach and unnecessary data accumulation. This was found in 1 mobile application:
“Yinyue Duoduo” (1.0.7, Baidu Mobile Assistant)
12. Insufficient Data Security Measures: A substantial number of applications failed to implement appropriate security technical measures, such as encryption and de-identification, to protect user data. This leaves personal information vulnerable to breaches and unauthorized access. This issue affects 31 mobile applications:
“Baoxiao Pitu Emoji DIY” (4.1.0, Xiaomi App Store), “Chan Mama” (4.18.2, Huawei App Market), “Dayuecheng Shopping Mall JOYCITY” (1.0.47, WeChat Mini Program), “Duizhuang Jade” (8.5.5, Lihu Market), “Fei Da Chu Chili Fried Meat Member” (WeChat Mini Program), “Jixin Zhushou” (2.5.1, Huawei App Market), “KFC” (6.23.0, OPPO Software Store), “Koudai Chongyin” (V2.6.1(81), vivo App Store), “Lan Xiangzi Xiangcai Xiaochao” (WeChat Mini Program), “Laowan Hui Order +” (3.30.14, WeChat Mini Program), “Meili Xiuxing” (8.36.0, Appstore), “Mu Wu Waimai” (WeChat Mini Program), “Paidu English” (5.7.9, Dangxia Software Park), “Pupu Supermarket” (5.6.4, Huawei App Market), “Renrenzu” (3.16.3, Kuaishou Download Center), “Shou Lv Rujia Hotel Group” (WeChat Mini Program), “Sviden Homestay Apartment Villa Booking” (WeChat Mini Program), “Suchongyin” (v1.3.23, vivo App Store), “Taowei Chalou” (WeChat Mini Program), “Tianjin Runengcheng Shopping Center” (WeChat Mini Program), “Tongcheng Xindong” (1.1.0, Kuaishou Download Center), “Shangri-La Club Official Booking” (10.0.02, WeChat Mini Program), “Xiao Chunniang Huaiyang Cuisine” (WeChat Mini Program), “Floating Clock” (1.4.4, Sogou Download), “You Jiankang” (8.4.5, Wandoujia), “Yuanzhou Luji” (V3.1.9, 360 Mobile Assistant), “Changlong Tourism” (Version7.9.3, 360 Mobile Assistant), “Zhanshang Gongjiao” (7.1.6, Wandoujia), “Zhenhao Jie” (9.0.5, Xiaomi App Store), “Zhongchuang Zhigou Member” (4.7.3.0515, Wandoujia), “InterContinental Hotels Group IHG Rewards Club” (WeChat Mini Program)
13. Advertisements Without Clear Close Options: Some applications featured advertisements that could not be closed until the ad finished playing or a countdown timer elapsed, preventing users from easily exiting intrusive advertising. This is a common user experience frustration. This was noted in 2 mobile applications:
“Shanghai Siji_Android_SDK” (2.8.4, Official Website), “Yuanqi SDK” (5.7.2, Official Website)
14. Absence of Privacy Policies: A critical omission was the complete lack of a privacy policy in some applications, leaving users entirely unaware of the data handling practices. This is a fundamental breach of transparency and user rights. This was observed in 5 mobile applications:
“Cheliang Zhongxin” (1.6.0.y, Chang’an Qiyuan Q05 Pre-installed App), “Kuka Youxi” (1.5.2, Chang’an Qiyuan Q05 App Store), “Mahjong” (1.1.8.k, Chang’an Qiyuan Q05 App Store), “Yinyue” (5.5, Chang’an Qiyuan Q05 Pre-installed App), “Zhongguo Xiangqi” (1.0.0.u, Chang’an Qiyuan Q05 App Store)
