google play aso service

The new rules are here! From May 1st, App can’t “reach out” too much to ask for user information!

When you download and open an App, you must have encountered a similar scenario above. If you choose to refuse the authorization, you will generally not be able to continue to use some or all of the functions of the App. And whether the collection of such personal information is legal and necessary, it must be a question mark in many people’s minds. In addition, the phenomenon of privacy leakage due to authorization has always occurred around us, which makes people more suspicious of the security of personal information collection.

 

Table of Contents

The new rules are here! From May 1st, App can’t “reach out” too much to ask for user information!

“XxApp applies to obtain your location information”

“XxApp will get your location, contact, microphone, camera, etc. permissions”

“XxApp will obtain your address book permissions”

……

 

According to ASOWorld research data, On March 22, the State Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation jointly issued the “Regulations on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications”. App operators will not be allowed to collect user information “over-class”.

The “Regulations” clearly require that apps must not refuse users to use their basic functions and services because users do not agree to provide non-essential personal information. At the same time, it has made corresponding regulations on the scope of necessary personal information for 39 common types of apps:

In 39 types of commonly used applications, none of the necessary personal information includes sensitive album permissions and address book permissions. Only two types of apps, map navigation and online car-hailing, can request location information, and none of the other 37 types.

13 types of apps can use basic functional services without personal information, including browsers, input methods, security management, application stores, etc.

For 5 types of apps such as online games, online communities, and mailbox cloud disks, the necessary personal information only contains the user’s phone number.

Only 10 types of apps, such as online payment, express mail delivery, transportation ticketing, and online lending, are allowed to obtain the user’s identity or other credential information.

The regulations will come into effect on May 1, 2021, which also means that the overlord clause that apps cannot use without personal information has finally been broken. If the App is not updated in accordance with the regulatory system, it will face exposure and removal.

 

The original text of the “Regulations” is as follows

 

Article 1 In order to regulate the collection of personal information by mobile Internet applications (Apps) and protect the safety of citizens’ personal information, these regulations are formulated in accordance with the “Network Security Law of the People’s Republic of China”.

Article 2 Apps running on mobile smart terminals that collect users’ personal information shall comply with these regulations. Where laws, administrative regulations, departmental rules and regulatory documents provide otherwise, follow those provisions.

App includes mobile smart terminal presets, downloaded and installed application software, and small programs that are developed based on the open platform interface of application software and can be used by users without installation.

Article 3 The “necessary personal information” mentioned in these regulations refers to the personal information necessary to ensure the normal operation of the basic functional services of the App. Without this information, the basic functional services cannot be implemented by the App. Specifically, it refers to the personal information of users on the consumer side, excluding the personal information of users on the service provider side.

Article 4 App shall not refuse users to use its basic functions and services because users do not agree to provide non-essential personal information.

 

Article 5 The scope of necessary personal information for common types of apps:

(1) Map navigation, the basic function service is “positioning and navigation”, and the necessary personal information is: location information, place of departure, and place of arrival.

(2) Internet car-hailing category, the basic functional services are “online taxi reservation service, cruise taxi call-up service”, necessary personal information includes:

1. Registered user’s mobile phone number;
2. Departure place, arrival place, location information, and whereabouts of passengers;
3. Payment information such as payment time, payment amount, payment channel, etc. (Internet rental car reservation service).

(3) Instant messaging, the basic functional service is “provide text, picture, voice, video and other network instant messaging services”, and necessary personal information includes:

1. Registered user’s mobile phone number;
2. Account information: account, instant messaging contact account list.

(4) Online community, the basic function service is “blog, forum, community and other topic discussion, information sharing and follow-up interaction”, the necessary personal information is: registered user’s mobile phone number.

(5) For online payment, the basic functional service is “online payment, cash withdrawal, transfer and other functions”, and necessary personal information includes:

1. Registered user’s mobile phone number;
2. Registered user’s name, certificate type and number, certificate validity period, bank card number.

(6) For online shopping, the basic functional service is “purchase goods”, and the necessary personal information includes:

1. Registered user’s mobile phone number;
2. The name (name), address, and telephone number of the consignee;
3. Payment information such as payment time, payment amount, and payment channel.

(7) For food and beverage delivery, the basic functional service is “food and beverage purchase and delivery”, and necessary personal information includes:

1. Registered user’s mobile phone number;
2. The name (name), address, and telephone number of the consignee;
3. Payment information such as payment time, payment amount, and payment channel.

(8) For express mail delivery, the basic functional service is “mails, parcels, printed matter and other items delivery services”. The necessary personal information includes:

1. Identity information such as the sender’s name, certificate type and number;
2. Sender’s address and telephone number;
3. Recipient’s name (name), address, and telephone number;
4. The name, nature, and quantity of the items to be delivered.

(9) For transportation ticketing, the basic functional services are “traffic-related ticketing services and itinerary management (such as ticket purchase, ticket modification, ticket refund, itinerary management, etc.)”. The necessary personal information includes:

1. Registered user’s mobile phone number;
2. Passenger’s name, certificate type and number, and passenger type. Passenger types usually include children, adults, students, etc.;
3. Passenger departure place, destination, departure time, train number/ship number/flight number, seat type/class of class, seat number (if any), license plate number and license plate color (ETC service);
4. Payment information such as payment time, payment amount, and payment channel.

(10) Marriage and blind date category, the basic function service is “marriage and blind date”, necessary personal information includes:

1. Registered user’s mobile phone number;
2. The sex, age, and marital status of the relatives in the marriage relationship.

(11) For the job search and recruitment category, the basic function service is “job search and recruitment information exchange”. The necessary personal information includes:

1. Registered user’s mobile phone number;
2. Resume provided by the job applicant.

(12) Online lending, the basic functional services are “personal loan application services for consumption and daily production and operation turnover realized through the Internet platform”, and necessary personal information includes:

1. Registered user’s mobile phone number;
2. Borrower’s name, certificate type and number, certificate validity period, bank card number.

(13) Housing rental and sale, the basic functional service is “personal housing information release, housing rental or sale”, necessary personal information includes:

1. Registered user’s mobile phone number;
2. Basic information about housing: housing address, area/house type, expected price or rent.

(14) Second-hand car transaction category, the basic functional service is “Used car buying and selling information exchange”, the necessary personal information includes:

1. Registered user’s mobile phone number;
2. Purchaser’s name, certificate type and number;
3. Seller’s name, certificate type and number, vehicle driving license number, and vehicle identification number.

(15) For consultation and registration, the basic function service is “online consultation and consultation, appointment and registration”, and necessary personal information includes:

1. Registered user’s mobile phone number;
2. The name of the patient, the type and number of the certificate, and the hospital and department of the appointment should be provided when registering;
3. A description of the condition shall be provided during consultation.

(16) Travel service category, the basic functional service is “Release and Order Travel Service Product Information”, and the necessary personal information includes:

1. Registered user’s mobile phone number;
2. Traveler’s destination and travel time;
3. Traveler’s name, certificate type and number, and contact information.

(17) Hotel service category, the basic function service is “hotel reservation”, and the necessary personal information includes:

1. Registered user’s mobile phone number;
2. The name and contact information of the guest, check-in and check-out time, and the name of the hotel.

(18) For online games, the basic functional service is “providing online game products and services”, and the necessary personal information is: registered user’s mobile phone number.

(19) For learning and education, the basic functional service is “online tutoring, online classroom, etc.”, and the necessary personal information is: registered user’s mobile phone number.

(20) For local life, the basic functional service is “housekeeping maintenance, home decoration, second-hand idle item trading and other daily life services”, and the necessary personal information is: registered user’s mobile phone number.

(21) For women’s health, the basic functional services are “health management services such as women’s menstrual period management, pregnancy, and beauty and body care”, and basic functional services can be used without personal information.

(22) Car service category. The basic functional services are “bicycle sharing, car sharing, car rental services, etc.”. The necessary personal information includes:

1. Registered user’s mobile phone number;
2. The certificate type and number of the user who uses the shared car or rental car service, and the driver’s certificate information;
3. Payment information such as payment time, payment amount, payment channel, etc.;
4. The location information of users who use shared bicycles and car-sharing services.

(23) Investment and financial management. The basic functional service is “stocks, futures, funds, bonds and other related investment and financial management services”. The necessary personal information includes:

1. Registered user’s mobile phone number;
2. Investment and financial management user name, certificate type and number, certificate validity period, certificate photocopy;
3. Investment and wealth management user’s capital account, bank card number or payment account number.

(24) mobile banking, the basic functional services are “bank account management, information inquiry, transfer and remittance services through mobile smart terminal devices such as mobile phones”, and necessary personal information includes:

1. Registered user’s mobile phone number;
2. User name, certificate type and number, certificate validity period, certificate photocopy, bank card number, bank mobile phone number reserved;
3. The payee’s name, bank card number, and account bank information must be provided when transferring funds.

(25) Mailbox cloud disk type, the basic function service is “mailbox, cloud disk, etc.”, the necessary personal information is: registered user’s mobile phone number.

(26) For remote conferences, the basic function service is “providing audio or video conferences through the network”, and the necessary personal information is: registered user’s mobile phone number.

(27) Webcast, the basic functional service is “continuously provide the public with real-time video, audio, graphic and other forms of information browsing services.” Basic functional services can be used without personal information.

(28) On-line audio and video, the basic functional service is “movie and music search and playback”, you can use the basic functional service without personal information.

(29) For short videos, the basic functional service is “video search and playback within a certain period of time”, and basic functional services can be used without personal information.

(30) News information, the basic function service is “browsing and searching of news information”, you can use the basic function service without personal information.

(31) In the sports and fitness category, the basic functional service is “sports and fitness training”. You can use the basic functional service without personal information.

(32) Browser category, the basic function service is “browsing Internet information resources”, you can use the basic function service without personal information.

(33) Input methods. The basic function service is “input of characters, symbols, etc.”. You can use the basic function service without personal information.

(34) Security management category, the basic functional services are “checking and killing viruses, cleaning malicious plug-ins, fixing vulnerabilities, etc.”, and you can use basic functional services without personal information.

(35) For e-books, the basic functional service is “e-book search and reading”, and you can use the basic functional services without personal information.

(36) Shooting beautification category, the basic functional services are “shooting, beautifying, filters, etc.”, you can use the basic functional services without personal information.

(37) App store category, the basic function service is “App search, download”, you can use the basic function service without personal information.

(38) Practical tools, basic functions and services are “calendar, weather, dictionary translation, calculator, remote control, flashlight, compass, clock alarm, file transfer, file management, wallpaper ringtones, screenshot recording, recording, document Processing, smart home assistant, constellation personality test, etc.”, without personal information, you can use basic functional services.

(35) For performance ticketing, the basic functional service is “purchase tickets for performances”, and necessary personal information includes:

1. Registered user’s mobile phone number;
2. The number of performances and seat number (if any);
3. Payment information such as payment time, payment amount, and payment channel.

Article 6 Any organization or individual who discovers violations of these regulations may report to relevant departments. After receiving the report, the relevant departments shall deal with it in accordance with the law.

Article 7 These regulations shall come into force on May 1, 2021.