Attention! These 15 mobile apps have privacy violations
Based on the Cybersecurity Law, the Personal Information Protection Law, the Method for Identifying Illegal and Irregular Collection and Use of Personal Information by Apps, and other laws and regulations as well as relevant national standards, the National Computer Virus Emergency Response Center recently discovered through Internet monitoring that 15 mobile apps had privacy non-compliance behaviors.
1. The privacy policy does not list the purpose, method, scope, etc. of the App’s collection and use of personal information; it does not state the basic information of the App’s operator. The 7 Apps involved are as follows:
2. App clients provide personal information to third parties without user consent and without anonymization; personal information processors provide personal information they process to other personal information processors without informing the individual of the recipient’s name or name, contact information, purpose of processing, processing method, and type of personal information, and without obtaining the individual’s separate consent. The following 6 apps are involved:
3. The App starts collecting personal information or opens the permission to collect personal information before obtaining the user's consent. The two Apps involved are as follows:
4. The App does not provide effective functions for correcting, deleting personal information, or canceling user accounts, or sets unnecessary or unreasonable conditions for correcting, deleting personal information, or canceling user accounts; does not provide users with ways and means to withdraw their consent for the collection of personal information, but does not specify this in the privacy policy and other collection and use rules; the manual processing time limit for canceling user accounts exceeds 15 working days. The five Apps involved are as follows:
5. The App failed to establish and publish channels for complaints and reports on personal information security, or failed to accept and handle complaints within the promised time limit. The following 5 Apps are involved:
6. Where personal information is processed based on personal consent, the individual has the right to withdraw his or her consent. The personal information processor has not provided a convenient way to withdraw consent. The five apps involved are as follows:
7. Pushing information and conducting commercial marketing to individuals through automated decision-making, without providing options that are not targeted at their personal characteristics, or without providing individuals with a convenient way to refuse; the privacy policy does not state that the collected user personal information is used for targeted push and precision marketing; the privacy policy explicitly states that there is a targeted push function, but the page does not clearly distinguish between personalized push services. The four apps involved are as follows:
8. Processing sensitive personal information without obtaining the individual’s separate consent. The four apps involved are as follows:
9. Personal information processors handle personal information of minors under the age of 14 without formulating special personal information processing rules; and collect information of minors without obtaining separate consent from their guardians. The following 4 apps are involved:
10. Apps frequently start up by themselves or in conjunction with other apps without clearly informing users and consent, and without reasonable usage scenarios. The following 1 app is involved:
In response to the above situation, the National Computer Virus Emergency Response Center reminds mobile phone users to be cautious when downloading and using the above illegal mobile apps. At the same time, they should carefully read their user agreements and privacy policies, not arbitrarily open and agree to unnecessary privacy permissions, not arbitrarily enter personal privacy information, and regularly maintain and clean up related data to avoid personal privacy information being leaked. The detection time of the apps listed in the article is from May 1 to June 1, 2024.