On 16 July 2020 China Central Television's (CCTV's) 3.15 programme exposed that third-party software development kit (SDK) plug-ins for mobile phones were collecting and using users' personal information. It was reported that technicians found that the SDK plug-ins from two companies (ie, Credit X and Zhaocai Dog) which are embedded in more than 50 apps were collecting user information without prior notice.
In response, the Ministry of Industry and Information Technology (MIIT) immediately asked the relevant entities to investigate the enterprises involved in accordance with the law.(1) The MIIT ordered:
- the Beijing Communications Bureau and the Shanghai Communications Bureau to inspect the two companies involved;
- third-party testing institutions to conduct technical testing on more than 50 apps that use the above SDKs; and
- major domestic application stores (eg, Alibaba, Tencent, Baidu, Huawei, Xiaomi, OPPO, vivo and 360) to conduct thorough investigations into similar problems as soon as possible. Apps found to have problems should be removed as soon as possible. App stores must also promptly instruct app developers to conduct self-examination and self-correction to promptly discover and process SDKs that unlawfully collect and use users' personal information.
As a next step, the MIIT will adopt normalised regulatory measures to strengthen the comprehensive management of apps. The MIIT will also increase the management and investigation of various unlawful activities (eg, the collection and use of users' personal information without consent) to effectively protect users' legitimate rights and interests.
Endnotes
(1) See here.
