Shulou(Shulou.com)11/24 Report--

CTOnews.com, December 27, the Ministry of Industry and Information Technology (MIIT) today openly solicited opinions on the notice of the Ministry of Industry and Information Technology on further improving the capability of mobile Internet application services (draft for soliciting opinions).

The image source Pexels mentioned that it is recommended to regulate the download behavior of the web page. When users browse the content of the page, they shall not download App automatically or forcibly, or force users to download or open App by means of folding display, active pop-up windows, frequent prompts, etc., without the user's consent or active choice, so as to affect the normal browsing of information. Without reasonable justification, users should not be required not to download App, or not to read the full text. Easy to uninstall. In addition to the basic functional software, App should be easy to uninstall and should not be maliciously obstructed by blank names, transparent icons, background hiding and other ways.

CTOnews.com attached: circular of the Ministry of Industry and Information Technology on further improving the capability of mobile Internet application services (draft for soliciting opinions)

In recent years, our department has made great efforts to improve the service quality of mobile Internet applications, effectively safeguard the legitimate rights and interests of users, and achieved positive social results, but the problems of non-standard service behavior and inadequate implementation of related responsibilities in some enterprises still appear from time to time. In order to optimize the supply of services, improve user experience, maintain a good environment for information consumption, and promote the high-quality development of the industry, in accordance with the personal Information Protection Law, Telecommunications regulations, regulations on regulating the Market order of Internet Information Services, provisions on the Protection of personal Information of Telecommunications and Internet users and other relevant laws and regulations, the relevant matters are hereby notified as follows:

First, enhance the service awareness of the whole process, and protect the legitimate rights and interests of users (1) standardize installation and uninstall behavior 1. Ensure informed consent to the installation. It is recommended to users that downloading App should follow the principle of openness and transparency, truthfully express developer information, product features, privacy policy, rights list and other necessary information, and provide obvious "cancellation" options at the same time, which can be downloaded and installed only after confirmation and approval by users, so as to effectively protect users' right to know and choose. It is not allowed to deceive and mislead users to download and install by means of "changing beams for posts", "forced binding", "silent download" and so on.

two。 Standardize the recommended download behavior of web pages. When users browse the content of the page, they shall not download App automatically or forcibly, or force users to download or open App by means of folding display, active pop-up windows, frequent prompts, etc., without the user's consent or active choice, so as to affect the normal browsing of information. Without reasonable justification, users should not be required not to download App, or not to read the full text.

3. Easy to uninstall. In addition to the basic functional software, App should be easy to uninstall and should not be maliciously obstructed by blank names, transparent icons, background hiding and other ways.

(2) optimize service experience 4. Window closing is optional for users. Open screen and pop-up window information window to provide clear and effective close button, do not frequently pop-up window to interfere with the normal use of users, or use "full-screen thermal map", high sensitivity "shake" and other easily mistakenly triggered ways to induce user operation.

5. Service matters shall be notified in advance. Clearly state the functional rights and interests of the product and the level of fees, etc., if there are additional conditions such as opening membership and fees, it should be significantly prompted. Without express, it is not allowed to add restrictive conditions in the process of providing products and services, and use this as an excuse to terminate the product functions and services normally used by users, or to reduce the service experience.

6. It is reasonable to start the running scenario. It is not allowed to start other App or perform wake-up, call, update and other behaviors when it is not necessary for the service or without reasonable scenarios.

7. Timely reminder of service renewal. If the service is provided by means of automatic renewal or automatic renewal, the consent of the user shall be obtained, and the default check or compulsory bundling shall not be allowed. Five days before automatic renewal and automatic renewal, SMS and other significant ways are used to remind users to provide convenient ways to cancel subscriptions at any time and automatic renewal and automatic renewal during the service period.

(3) strengthening the protection of personal information 8. Adhere to the principle of legality, legitimacy and necessity. Engaging in personal information processing activities shall have a clear and reasonable purpose, and shall not illegally collect personal information only on the grounds of service experience, product research and development, algorithm recommendation, risk control, etc., or force users to agree to collect personal information that has nothing to do with the service scenario. When a user refuses to provide personal information that is not necessary for the current service, it shall not affect the basic functions of the user to use the service.

9. Express personal information processing rules. Inform users of personal information processing rules in a concise, clear and easy-to-understand way, highlight the purpose, mode and scope of sensitive personal information processing, and establish a list of collected personal information, users shall not be induced to agree to personal information processing rules by default check, reduced text, lengthy text, etc.

10. Apply for the right of use reasonably. When the corresponding business function is started, the required permissions shall not be dynamically applied for, and the user shall not be required to agree to open multiple unnecessary permissions. When invoking the permission of the terminal, such as photo album, address book, location, etc., the user is informed of the purpose of applying for the permission synchronously. The permission status set by the user shall not be changed without the consent of the user.

(4) respond to users' demands 11. Set up a customer service hotline. Internet enterprises are encouraged to set up customer service hotlines, and major Internet enterprises publish customer service hotline numbers at prominent locations on websites and App, so as to simplify the procedures for manual service transfer. The improvement of customer service hotline capacity is encouraged, the maximum monthly response time is 30 seconds, and the response rate of manual service is more than 85%.

twelve。 Properly handle user complaints. Publish effective contact information and accept user complaints. Reply to the complaints on the Internet information service complaint platform in accordance with the requirements of the norms, ensure that the complaints are completed within 15 days, and improve the satisfaction rate of complaint handling. Encourage the establishment of user satisfaction evaluation links in App to guide users to participate in the evaluation.

Second, improve the ability of full-chain management and create a health service ecology (1) implement the main responsibility of App developers and operators 1. Improve the internal management mechanism. Identify the leading management departments and responsible persons for user service and rights protection, establish a full life cycle personal information protection mechanism, improve the assessment and accountability system, and implement relevant laws and policies in all aspects of product research and development, promotion and operation, continuously improve the level of compliance. Conduct independent audits on personal information protection measures and implementation on a regular basis to effectively prevent potential risks.

two。 Enhance the ability of technical support. Take access control, technical encryption, de-identification and other security technical measures to strengthen the front-end and back-end security protection. Actively monitor and find personal information disclosure, theft, tampering, damage, loss, illegal use and other risk threats, and respond to disposal requirements in a timely manner.

3. Strengthen the use and management of software development tools (SDK). Evaluate the personal information protection ability of SDK before using it, and clearly agree on their respective rights and obligations through contracts and other forms to ensure that personal information processing complies with the law. Centrally display and update all embedded SDK names, functions and rules for handling personal information. Whoever jointly deals with the user's personal information and infringes upon the user's rights and interests and causes damage shall bear joint and several liability in accordance with the law.

(2) strengthen the platform distribution management 4. Strict App review on the shelves. Accurately register and verify the real identity and contact information of the App development operator, the main functions and uses of the App, and conduct technical testing of the App to be put on the shelves. The person in charge of the relevant audit shall be identified and the audit log record shall be kept. Those that do not meet the requirements will not be put on the shelves. Fully publicize the on-shelf App, and prominently mark the App name, development operator, version number, user terminal authority list and use, personal information processing rules and other information. If an explicit distribution interface has not been established, the App download should be linked to the app store to guide users to download the distributed App from formal channels.

5. Strengthen on-the-shelf App inspection. Strengthen the dynamic inspection of App to ensure that the publicity information is true and accurate. If the App is inconsistent with the public information, or changes the main functions of App, the authority applied for, the scene and scope of personal information collection, and other illegal App by means of "hot update, hot exchange", etc., the service shall be stopped.

6. Improve the distribution management mechanism. Establish App development operator credit evaluation, risk prompt and other mechanisms, encourage the electronic signature authentication of the distribution App, and realize the traceability of the whole process of application and distribution behavior on the shelf. Strengthen the linkage with the detection and certification public service platform for mobile Internet applications, and cooperate with regulatory departments to do a good job of data reporting, monitoring traceability, information sharing, response and disposal.

(3) standardize SDK application service 7. Establish the mechanism of information publicity. Disclose basic information such as SDK name, developer, version number, main functions, instructions for use, as well as personal information processing rules. Where SDK independently collects, transmits and stores personal information, it shall give 6 separate explanations. Encourage the use of SDK management services platform to guide App development operators to use compliant SDK.

8. Optimize the function configuration. Follow the principle of minimum necessity, define SDK functions and the corresponding scope of personal information collection according to different application scenarios or uses, and provide App developers and operators with configuration options for each functional module and personal information collection, and do not overcollect personal information in a package.

9. Strengthen service coordination. During the whole life cycle of product use, take the initiative to provide compliance guidelines to App development operators in a clear and easy-to-understand way, so as to guide App development operators to use them correctly and reasonably, and jointly improve the level of compliance. Update and inform App developer and operator when personal information processing rules are changed or risks are found.

(4) build a solid terminal security line 10. Strengthen the management of App operation. Provide users with App self-startup and associated startup shutdown functions, as well as convenient device identification code reset options, strengthen the monitoring of App silent downloads and hot updates, and prevent unauthorized downloading and installation without the consent of users.

11. Strengthen the App behavior record reminder. Enhance the ability to record the behavior of permission invocation, and provide convenience for users to query the situation of permission invocation. Establish an obvious prompt mechanism for the use of permissions such as address book, microphone, camera, location, clipboard, etc., to ensure that users know the collection status of personal information timely and accurately.

twelve。 Improve the ability of App risk early warning. Promote the development of App electronic signature authentication, and give early warning prompts to users to improve the ability to identify wind 7 risks such as counterfeiting, defective and illegal App.

(5) tamping into corporate responsibility 13. Accurate registration information. When providing network access services for App and SDK, register and verify the real identity and contact information of App and SDK development operators to improve traceability.

14. Ensure effective disposal. In accordance with the requirements of the telecommunications regulatory department, it is necessary to take necessary measures to stop access to illegal App and SDK in accordance with the law, so as to effectively prevent them from infringing upon the rights and interests of users.

Third, work requirements (1) do a good job in organizational implementation. All units should adhere to the idea of people-centered development, improve their political position, strengthen their responsibilities, refine their decomposition tasks, conscientiously organize and implement various requirements, and ensure that practical results are achieved. The relevant enterprises shall implement the principal responsibility, carry out self-inspection and self-correction in accordance with the requirements of this circular, and effectively safeguard the legitimate rights and interests of users. At the same time, improve the long-term mechanism, innovative models and methods, and constantly improve the level of mobile Internet application services, so that the majority of users have more sense of achievement, happiness, sense of security.

2. Strengthen supervision and guidance. The Ministry of Industry and Information Technology will improve the mechanisms for evaluation, notification, ranking and publicity, promote the work to be carried out in a solid and orderly manner, and summarize and popularize excellent cases and experiences and practices in a timely manner. Local communications administrations shall strengthen supervision and inspection, guide and urge territorial enterprises to implement the requirements of this circular. If the implementation is not in place or there are violations, measures such as ordering rectification within a time limit, making public announcement, organizational removal, suspension of service, and administrative punishment shall be taken in accordance with the law, and serious accountability shall be investigated and dealt with.

(3) strengthening technical means. The China Academy of Information and Communications should organize industrial forces, comprehensively use new technologies and new means such as artificial intelligence and big data, upgrade and build a national testing and certification public service platform for mobile Internet applications, and continuously improve the functions of the platform. do a good job in technical testing, monitoring services and regulatory support. Actively promote the application of traceable technical means such as electronic signature authentication to improve the ability of service management.

(4) promote self-discipline in the industry. Encourage industry associations and related institutions to formulate industry self-discipline conventions and technical standards, and strengthen evaluation and certification and personnel training. Further open channels to listen to the views of the masses, promote exchanges and interaction among all parties, guide enterprises to operate in accordance with the law, constantly optimize and improve services, create a good environment for striving for excellence and promoting mutual progress, and promote high-quality development with high-quality services.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.