Cctv newsIn order to optimize service supply, improve user experience, maintain a good information consumption environment, and promote the high-quality development of the industry, the Ministry of Industry and Information Technology recently issued a notice to deploy and further enhance the service capabilities of mobile Internet applications. Focusing on improving users’ service perception and industry management ability, that is, "two improvements", a total of 26 measures are put forward: First, focusing on APP installation and uninstallation, service experience, personal information protection, appeal response, etc., 12 measures are put forward to improve users’ service perception. Second, from the perspective of coordinated and standardized development of the industry and joint prevention and treatment of upstream and downstream, we should seize the five key subjects of current mobile Internet services, namely, APP development operators, distribution platforms, SDK (software development tools), terminals and access enterprises, and put forward 14 measures. The details are as follows:
Notice of the Ministry of Industry and Information Technology on Further Improving the Ability of Mobile Internet Application Services
In recent years, the Ministry of Industry and Information Technology has vigorously promoted the improvement of the quality of mobile Internet application services, effectively safeguarded the legitimate rights and interests of users, and achieved positive social results. However, some enterprises still have problems such as irregular service behaviors and inadequate implementation of related responsibilities. In order to optimize service supply, improve user experience, maintain a good information consumption environment, and promote the high-quality development of the industry, relevant matters are hereby notified as follows according to the Law on the Protection of Personal Information, Regulations on Telecommunications, Provisions on Regulating the Market Order of Internet Information Services, Regulations on the Protection of Personal Information of Telecommunications and Internet Users and other relevant laws and regulations:
First, enhance the service perception of the whole process and protect the legitimate rights and interests of users
(A) standardize the installation and unloading behavior
1. Ensure informed consent for installation.Recommend to users to download the APP should follow the principle of openness and transparency, clearly indicate the necessary information such as the development operator, product function, privacy policy, permission list, etc. in a true, accurate and complete manner, and provide obvious cancellation options at the same time, and download and install the app after the user confirms and agrees, so as to effectively protect the user’s right to know and choose. Do not cheat and mislead users to download and install by means of "stealing the beam and replacing the column", "forced binding" and "silent download".
2. Standardize the recommended downloading behavior of web pages.When users browse the content of the page, they are not allowed to download the APP automatically or forcibly without the user’s consent or active selection, or they are forced to download and open the APP by folding display, active pop-up, frequent prompts, etc., which affects the normal browsing of information by users. Without justifiable reasons, you may not bind downloading the APP to reading the content of the webpage.
3. Realize convenient unloading.In addition to the basic functional software, the APP should be easily uninstalled, and users should not be maliciously prevented from uninstalling by means of blank names, transparent icons, hidden background, etc.
(B) Optimize the service experience
4. Window closing is optional for users.The information window of screen opening and pop-up window provides a clear and effective close button to ensure that users can close it conveniently; Do not pop up the window frequently to interfere with the normal use of users, or use "full-screen heat map", high-sensitivity "shake" and other ways that are easy to cause false triggering to induce users to operate.
5. Inform the service matters in advance.Clearly express the product’s functional rights and interests, tariffs and other contents, and if there are additional conditions such as opening members and charging fees, it should be clearly indicated. Without express, it is not allowed to add restrictive conditions in the process of providing products and services, and use this as an excuse to terminate the normal use of product functions and services by users or reduce the service experience.
6. The startup and operation scenarios are reasonable.In the case of non-service necessity or unreasonable scenarios, it is not allowed to start and associate other apps, or to wake up, call or update.
7. Prompt reminder of service renewal.If the service is provided by automatic renewal or automatic renewal, the user’s consent shall be obtained, and it shall not be checked by default or forced to be bundled. Remind users by SMS and message push 5 days before automatic renewal and automatic renewal, and provide convenient ways to unsubscribe at any time and ways to cancel automatic renewal and automatic renewal during the service period.
(3) Strengthening the protection of personal information
8. Adhere to the principle of legality, justness and necessity.Personal information processing activities should have a clear and reasonable purpose, and users should not be forced to agree to personal information processing activities beyond the scope or unrelated to service scenarios just on the grounds of service experience, product development, algorithm recommendation and risk control. When a user refuses to provide personal information that is not necessary for the current service, it shall not affect the user’s use of the basic functions of the service.
9. Express personal information processing rules.Inform users of personal information processing rules in a concise, clear and easy-to-understand way, and inform users of the latest situation in time if there is any change. Highlight the purpose, method and scope of processing sensitive personal information, establish a list of collected personal information, and do not induce users to agree to the rules of personal information processing by default checking, narrowing text or lengthy text.
10. Reasonable application for permission.When the corresponding business function is started, dynamically apply for the required permissions, and the user shall not be required to agree to multiple necessary permissions that are not related to the business function. When calling the terminal photo album, address book, location and other rights, synchronously inform the user of the purpose of applying for the rights. Without the user’s consent, the user’s unauthorized permission status shall not be changed.
(D) Respond to user demands
11. Set up a customer service hotline.Encourage Internet companies to establish customer service hotlines, and major Internet companies will publicize the telephone numbers of customer service hotlines in prominent positions on websites and apps to simplify the manual service transfer procedures. Encourage the improvement of the response ability of customer service hotline, with the longest monthly response time of 30 seconds and the response rate of manual service exceeding 85%.
12. Properly handle user complaints.Publish effective contact information and accept user complaints. Respond to the complaints on the Internet information service complaint platform according to the requirements of the specification, ensure that they are handled within 15 days, and improve the satisfaction rate of complaint handling. Encourage the setting of user satisfaction evaluation links in the APP to guide users to participate in the evaluation.
Second, improve the whole chain management ability and create a healthy service ecology
(1) Implementing the main responsibility of APP development operators
1. Improve the internal management mechanism.Clarify the lead management department and person in charge of user service and rights protection, establish a life-cycle personal information protection mechanism, improve the assessment accountability system, implement relevant laws and regulations and policies in all aspects of product development, promotion and operation, and continuously improve the compliance level. Regularly conduct compliance audits on personal information protection measures and their implementation to effectively prevent potential risks.
2. Enhance technical support capabilities.Take security technical measures such as access control, technical encryption and de-identification to strengthen front-end and back-end security protection. Active monitoring found personal information disclosure, theft, tampering, damage, loss, illegal use and other risk threats, timely response to disposal requirements.
3. Strengthen software development tools (SDK) use management.Before using the SDK, evaluate its personal information protection ability, clearly stipulate the rights and obligations of all parties through contracts and other forms, and ensure that personal information processing is legal and compliant. Centralized display and timely update of the embedded SDK name, functions and rules for handling personal information. Dealing with users’ personal information together, which infringes on users’ rights and interests and causes damage, shall bear corresponding responsibilities according to law.
(2) Strengthen the platform distribution management.
4. Strictly review the APP.Accurately register and verify the basic information such as the true identity and contact information of the APP development operator, the main functions and uses of the APP, and conduct technical testing on the APP to be put on the shelves. The person in charge of the relevant audit shall be clearly defined, and the audit log records shall be kept, and those that do not meet the requirements shall not be put on the shelves. Publicize the APP on the shelf in full, and indicate the name and function of the APP, the development operator, the version number, the list of user terminal rights to be obtained and the use, personal information processing rules and other information in a prominent position. If the explicit interface for distribution has not been established, the APP download should be linked to the APP store to guide users to download the distributed app from formal channels.
5. strengthen the inspection of the APP on the shelf.Strengthen the dynamic inspection of APP to ensure that the publicity information is true and accurate. For illegal APPs that are inconsistent with the public information, or change the main functions of the app, the application authority, the scene and scope of personal information collection and use without authorization by means of "hot update or hot switch", the service should be stopped.
6. Improve the distribution management mechanism.Establish mechanisms such as credit evaluation and risk warning of APP development operators, encourage electronic signature authentication of distributed apps, and realize traceability of the whole process of application and distribution. Strengthen the linkage with the public service platform for detection and certification of mobile Internet applications, and do a good job in information reporting, monitoring and traceability, information sharing and response disposal.
(C) Standardize SDK application services
7. Establish an information publicity mechanism.Publicly express basic information such as SDK name, developer, version number, main functions, instructions for use, and personal information processing rules. If the SDK collects, transmits and stores personal information independently, it shall make a separate explanation. Encourage the role of SDK management service platform and guide APP development operators to use compliant SDK.
8. Optimize the function configuration.Follow the principle of minimum necessity, define the functions of SDK and the corresponding scope of personal information collection according to different APPlication scenarios or uses, and provide functional modules and configuration options for personal information collection to app developers and operators, and do not excessively collect personal information in a package.
9. Strengthen service coordination.In the whole life cycle of product use, actively provide compliance guidelines to APP developers and operators in a clear and easy-to-understand way, guide APP developers and operators to use them correctly and reasonably, and jointly improve the compliance level. When the personal information processing rules change or risks are found, update and inform the APP development operators in time.
(D) Build a terminal security line
10. strengthen APP operation management.Provide users with the closing function of self-startup and associated startup of the APP, as well as convenient options for resetting related device identification codes, strengthen the monitoring of silent download and hot update of the APP, and prevent unauthorized startup, download and installation without the user’s consent.
11. Strengthen the reminder of APP behavior record.Enhance the ability to record the behavior of permission calls, and provide convenience for users to query the situation of permission calls. Establish an obvious prompt mechanism for the status of permissions such as address book, microphone, camera, location and clipboard, so as to ensure users to know the status of personal information collection in time and accurately.
12. Improve the risk early warning capability of APP.Promote the development of APP electronic signature authentication, and provide early warning tips to users to improve the ability to identify counterfeit, bad, illegal and other risk apps.
(V) Consolidate the responsibility of access enterprises.
13. Accurate registration information.When providing network access services for APP and SDK, register and verify the real identity and contact information of the developers and operators of APP and SDK to improve traceability.
14. Ensure effective disposal.In accordance with the requirements of the telecommunications regulatory authorities, necessary measures such as stopping access to illegal apps and SDK shall be taken according to law to effectively prevent them from violating the rights and interests of users.
Third, the job requirements
(1) Do a good job in organization and implementation.All units should adhere to the people-centered development thought, improve their political stance, strengthen their responsibility, refine and decompose tasks, earnestly implement this notice, and ensure effective results. Relevant enterprises should implement the main responsibility, carry out self-examination and self-correction according to the requirements of this notice, and earnestly safeguard the legitimate rights and interests of users. At the same time, improve the long-term mechanism, innovate modes and methods, continuously improve the service level of mobile Internet applications, and continuously enhance users’ sense of acquisition, happiness and security.
(2) Strengthen guidance and supervision.The Ministry of Industry and Information Technology has improved the mechanism of evaluation, notification, ranking and publicity, promoted the work in a solid and orderly manner, and timely summarized and popularized excellent cases and experiences. Local communications administrations should strengthen supervision and inspection, guide and urge local enterprises to implement the requirements of this notice. If the implementation is not in place or there are violations, measures such as ordering rectification within a time limit, announcing to the public, and organizing the removal of the shelves shall be taken according to law, and serious accountability shall be investigated.
(3) Strengthen the application of technology.China Information and Communication Research Institute should organize industrial forces, comprehensively use new technologies and means such as artificial intelligence and big data, upgrade and build a national public service platform for testing and certification of mobile Internet applications, continuously improve platform functions, and do a good job in technical testing, monitoring services and supervision support. Actively promote the application of traceable technical means such as electronic signature authentication, and promote the improvement of service management capabilities.
(4) promoting industry self-discipline.Encourage industry associations and related institutions to formulate industry self-discipline conventions, technical standards and service specifications, and strengthen evaluation and certification and personnel training. Further unblock channels to listen to the opinions of the masses, promote exchanges and interactions between all parties, guide enterprises to operate in compliance with laws and regulations, continuously optimize and improve services, create a good environment for striving for Excellence and promoting mutual progress, and promote high-quality development with high-quality services.