Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizens, soft media new friends 1984342, xiaocluoyuzi, rain and snow for the delivery of clues on the way! CTOnews.com, February 27, according to the official WeChat WeChat of the Ministry of Industry and Information Technology, in order to optimize service supply, improve user experience, maintain a good information consumption environment, and promote the high-quality development of the industry, the Ministry of Industry and Information Technology recently issued a notice to deploy to further enhance the ability of mobile Internet application services.

According to the Ministry of Industry and Information Technology, the Ministry of Industry and Information Technology has put forward a total of 26 measures to enhance users' perception of services and enhance industry management capabilities, that is, "two upgrades."

First, it focuses on App installation and uninstallation, service experience, personal information protection, demand response, etc., and puts forward 12 measures to improve users' service perception.

Second, from the point of view of the coordinated and standardized development of the industry and the joint prevention and co-governance of upstream and downstream, we should grasp the five key subjects of the current mobile Internet services, namely, App development operators, distribution platforms, SDK (software development tools), terminals and access enterprises, and put forward 14 measures.

The full text of the Circular of the Ministry of Industry and Information Technology on further improving the capability of Mobile Internet Application Services is attached to CTOnews.com:

In recent years, the Ministry of Industry and Information Technology has vigorously promoted the improvement of the service quality of mobile Internet applications, effectively safeguarded the legitimate rights and interests of users, and achieved positive social results. however, problems such as non-standard service behavior of some enterprises and inadequate implementation of related responsibilities still occur from time to time. In order to optimize the supply of services, improve user experience, maintain a good environment for information consumption, and promote the high-quality development of the industry, in accordance with the personal Information Protection Law, Telecommunications regulations, regulations on regulating the Market order of Internet Information Services, provisions on the Protection of personal Information of Telecommunications and Internet users and other relevant laws and regulations, the relevant matters are hereby notified as follows:

First, enhance the service awareness of the whole process, and protect the legitimate rights and interests of users (1) standardize installation and uninstall behavior 1. Ensure informed consent to the installation. It is recommended to users that downloading App should follow the principle of openness and transparency, truthfully, accurately and completely state the necessary information such as development operator, product features, privacy policy, authority list, and provide obvious cancellation options at the same time, and download and install only with the confirmation and consent of users, so as to effectively protect users' right to know and choose. It is not allowed to deceive and mislead users to download and install by means of "changing beams for posts", "forced binding", "silent download" and so on.

two。 Standardize the recommended download behavior of web pages. When users browse the content of the page, they shall not download App automatically or forcibly, or force users to download or open App by means of folding display, active pop-up windows, frequent prompts, etc., without the user's consent or active choice, so as to affect the normal browsing of information. You may not bind downloading App to reading web content without good reason.

3. Easy to uninstall. In addition to the basic functional software, App should be easy to uninstall and should not be maliciously obstructed by blank names, transparent icons, background hiding and other ways.

(2) optimize service experience 4. Window closing is optional for users. Open screen and pop-up window information windows provide clear and effective closing buttons to ensure that users can easily close; do not frequently pop-up windows to interfere with the normal use of users, or use "full-screen thermal map", high-sensitivity "shake" and other easy-to-trigger ways to induce user operation.

5. Service matters shall be notified in advance. Clearly state the functions, rights, rights and charges of the product, and if there are additional conditions such as membership and fees, it shall be significantly prompted. Without express, it is not allowed to add restrictive conditions in the process of providing products and services, and use this as an excuse to terminate the product functions and services normally used by users, or to reduce the service experience.

6. It is reasonable to start the running scenario. It is not allowed to start other App or perform wake-up, call, update and other behaviors when it is not necessary for the service or without reasonable scenarios.

7. Timely reminder of service renewal. If the service is provided by means of automatic renewal or automatic renewal, the consent of the user shall be obtained, and the default check or compulsory bundling shall not be allowed. Five days before automatic renewal and automatic renewal, users are reminded by SMS, message push and other significant ways to provide convenient ways to cancel subscription at any time and automatic renewal and automatic renewal during the service period.

(3) strengthening the protection of personal information 8. Adhere to the principle of legality, legitimacy and necessity. Engaging in personal information processing activities should have a clear and reasonable purpose, and users should not be forced to agree to personal information processing behaviors that go beyond the scope or have nothing to do with the service scenario only on the grounds of service experience, product research and development, algorithm recommendation, risk control, etc. When a user refuses to provide personal information that is not necessary for the current service, it shall not affect the basic functions of the user to use the service.

9. Express personal information processing rules. Inform the user of the personal information processing rules in a concise, clear and easy-to-understand way, and inform the user of the latest situation in time if there is any change. Highlight the processing purpose, mode and scope of sensitive personal information, establish a list of collected personal information, and do not use default check, reduced text, lengthy text and other ways to induce users to agree to personal information processing rules.

10. Apply for the right of use reasonably. When the corresponding business function is started, the required permissions shall not be dynamically applied for, and the user shall not be required to agree to multiple necessary permissions other than this business function. When invoking terminal photo album, address book, location, etc., the user is informed of the purpose of applying for the permission synchronously. The unauthorized permission status of the user shall not be changed without the consent of the user.

(4) respond to users' demands 11. Set up a customer service hotline. Internet enterprises are encouraged to set up customer service hotlines, and major Internet enterprises publish customer service hotline numbers at prominent locations on websites and App, so as to simplify the procedures for manual service transfer. It is encouraged to improve the response ability of customer service hotlines, with a maximum monthly response time of 30 seconds and a manual service response rate of more than 85%.

twelve。 Properly handle user complaints. Publish effective contact information and accept user complaints. Reply to the complaints on the Internet information service complaint platform in accordance with the requirements of the specification, ensure that the handling is completed within 15 days, and improve the satisfaction rate of complaint handling. Encourage the establishment of user satisfaction evaluation links in App to guide users to participate in the evaluation.

Second, improve the ability of full-chain management and create a health service ecology (1) implement the main responsibility of App developers and operators 1. Improve the internal management mechanism. Identify the leading management departments and responsible persons for user service and rights protection, establish a full life cycle personal information protection mechanism, improve the assessment and accountability system, and implement relevant laws and policies in all aspects of product research and development, promotion and operation, continuously improve the level of compliance. Conduct compliance audits on personal information protection measures and implementation on a regular basis to effectively prevent hidden risks.

two。 Enhance the ability of technical support. Take access control, technical encryption, de-identification and other security technical measures to strengthen the front-end and back-end security protection. Actively monitor and find personal information disclosure, theft, tampering, damage, loss, illegal use and other risk threats, and respond to disposal requirements in a timely manner.

3. Strengthen the use and management of software development tools (SDK). Evaluate the personal information protection ability of SDK before using it, and clearly agree on the rights and obligations of all parties through contracts and other forms to ensure that personal information processing complies with the law. Focus on displaying and updating embedded SDK names, functions and rules for handling personal information. Those who jointly deal with users' personal information and infringe upon users' rights and interests and cause damage shall bear corresponding responsibilities in accordance with the law.

(2) strengthen the platform distribution management 4. Strict App review on the shelves. Accurately register and verify the real identity and contact information of the App development operator, the main functions and uses of the App, and conduct technical testing of the App to be put on the shelves. The person in charge of the relevant audit shall be identified and the audit log record shall be kept. Those that do not meet the requirements will not be put on the shelves. Fully publicize the on-shelf App, and prominently mark the App name and function, development operator, version number, user terminal authority list and use, personal information processing rules and other information. If an explicit distribution interface has not been established, the App download should be linked to the app store to guide users to download the distributed App from formal channels.

5. Strengthen on-the-shelf App inspection. Strengthen the dynamic inspection of App to ensure that the publicity information is true and accurate. If the App is inconsistent with the public information, or changes the main functions of App, the authority applied for, the scene and scope of personal information collection, and other illegal App by means of "hot update, hot exchange", etc., the service shall be stopped.

6. Improve the distribution management mechanism. Establish App development operator credit evaluation, risk prompt and other mechanisms, encourage the electronic signature authentication of the distribution App, and realize the traceability of the whole process of application and distribution behavior on the shelf. Strengthen the linkage with the detection and certification public service platform for mobile Internet applications, and do a good job of information reporting, monitoring traceability, information sharing, response and disposal.

(3) standardize SDK application service 7. Establish the mechanism of information publicity. Disclose basic information such as SDK name, developer, version number, main functions, instructions for use, as well as personal information processing rules. Where SDK independently collects, transmits or stores personal information, it shall make a separate explanation. Encourage the use of SDK management services platform to guide App development operators to use compliant SDK.

8. Optimize the function configuration. Follow the principle of minimum necessity, define SDK functions and the corresponding scope of personal information collection according to different application scenarios or uses, and provide App developers and operators with functional modules and configuration options for personal information collection, and do not overcollect personal information.

9. Strengthen service coordination. During the whole life cycle of product use, take the initiative to provide compliance guidelines to App development operators in a clear and easy-to-understand way, so as to guide App development operators to use them correctly and reasonably, and jointly improve the level of compliance. Update and inform App developer and operator when personal information processing rules are changed or risks are found.

(4) build a solid terminal security line 10. Strengthen the management of App operation. Provide users with App self-start and associated start-off functions, as well as convenient related device identification code reset options, strengthen the monitoring of App silent downloads and hot updates, and prevent unauthorized startup, download and installation without the consent of users.

11. Strengthen the App behavior record reminder. Enhance the ability to record the behavior of permission invocation, and provide convenience for users to query the situation of permission invocation. Establish an obvious prompt mechanism for the use of permissions such as address book, microphone, camera, location, clipboard, etc., to ensure that users know the status of personal information collection timely and accurately.

twelve。 Improve the ability of App risk early warning. Promote the development of App electronic signature authentication, and give early warning prompts to users to improve the ability to identify the risk of counterfeiting, bad, violation and other risks App.

(5) tamping into corporate responsibility 13. Accurate registration information. When providing network access services for App and SDK, register and verify the real identity and contact information of App and SDK development operators, so as to improve the traceability.

14. Ensure effective disposal. In accordance with the requirements of the telecommunications regulatory department, it is necessary to take necessary measures to stop access to illegal App and SDK in accordance with the law, so as to effectively prevent them from infringing upon the rights and interests of users.

Third, work requirements (1) do a good job in organizational implementation. All units should adhere to the idea of people-centered development, improve their political position, strengthen their responsibilities, refine their decomposition tasks, conscientiously do a good job in the implementation of this circular, and ensure that practical results are achieved. The relevant enterprises shall implement the principal responsibility, carry out self-inspection and self-correction in accordance with the requirements of this circular, and effectively safeguard the legitimate rights and interests of users. At the same time, improve the long-term mechanism, innovative models and methods, constantly improve the level of mobile Internet application services, and constantly enhance users' sense of achievement, well-being and sense of security.

Second, strengthen guidance and supervision. The Ministry of Industry and Information Technology will improve the mechanisms for evaluation, notification, ranking and publicity, promote the work to be carried out in a solid and orderly manner, and summarize and popularize excellent cases and experiences and practices in a timely manner. Local communications administrations shall strengthen supervision and inspection, guide and urge territorial enterprises to implement the requirements of this circular. If the implementation is not in place or there are violations, measures such as ordering rectification within a time limit, announcing to the public, and organizing to remove the shelves shall be taken in accordance with the law, and serious accountability shall be investigated and dealt with.

(3) strengthen the application of technology. The China Academy of Information and Communications should organize industrial forces, comprehensively use new technologies and new means such as artificial intelligence and big data, upgrade and build a national testing and certification public service platform for mobile Internet applications, and continuously improve the functions of the platform. do a good job in technical testing, monitoring services and regulatory support. Actively promote the application of traceable technical means such as electronic signature authentication to improve the ability of service management.

(4) promote self-discipline in the industry. Encourage industry associations and related institutions to formulate industry self-discipline conventions, technical standards and service norms, and strengthen evaluation and certification and personnel training. We will further open channels to listen to the views of the masses, promote exchanges and interaction among all parties, guide enterprises to operate in accordance with the law, constantly optimize and improve services, create a good environment for striving for excellence and promoting mutual progress, and promote high-quality development with high-quality services.

Ministry of Industry and Information Technology

February 6, 2023

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.