Privacy & Information Security Law Blog

On June 28, 2016, the State Internet Information Office of the People’s Republic of China published the Administrative Provisions on Information Services for Mobile Internet Applications (the “App Administrative Provisions”). This is the first regulation that expressly regulates mobile apps in the People’s Republic of China. Before the App Administrative Provisions were published, the P.R.C. Ministry of Industry and Information Technology had published a draft of the Interim Provisions on the Preinstallation and Management of the Distribution of Mobile Intelligent Terminal Applications (“Interim Provisions”). The comment period for the Interim Provisions draft expired six months ago and i’s still uncertain when it will become effective. According to unofficial statistics, domestic app stores have more than 4 million apps in inventory presently, and the number is growing. Those apps will now become highly regulated products under the App Administrative Provisions.

Most importantly, the App Administrative Provisions expressly requires app providers who provide information services via apps to obtain relevant licenses. Currently, numerous app providers conduct information service businesses without having any license to do so, due to the lack of express laws in this area. With the issuance of the App Administrative Provisions, these app providers will now have to apply for and obtain the relevant licenses, which can include ICP, Internet Culture Operation and/or Internet Publishing Licenses.

Also, according to the App Administrative Provisions, app providers now have obligations relating to information security. For example, app providers are now required to conduct an authentication of the identity of their registered users according to a principle summarized as “real name authentication at the back end, voluntary authentication at the front end.” Also, without the users’ consent, an app provider is required not to collect or use personal information or operate functions which are closely related to the personal information of its users, such as location, contacts and camera. App providers also are required not to produce or publish apps that infringe upon the intellectual property of third parties, and are required to maintain the log-in information of the users of its app on file for 60-days.

Internet Application Store Service Providers (“IASS Providers”) are required to supervise the performance by app providers of their obligations. For example, an IASS Provider is required to file required information about app providers with branches of the governmental Internet Information Offices at the provincial level, and to supervise the app providers’ performance of their obligations. If any app provider violates its obligations, the IASS Provider is required to adopt relevant remedial measures, and file a report with the relevant government agencies.