The National Information Security Standardization Technical Committee said an app’s collection of personal information must have a clear purpose, be minimal and necessary, seek user consent, be transparent and safe.
The regulation listed detailed requirements on 16 kinds of apps. Short-video, news and dating apps can collect at most three types of personal information. Those offering maps and navigation can only access the user’s location information.
Apps that involve mobile payment functions can collect six kinds of personal information such as mobile phone numbers, bank accounts and IDs.
Personal financing or loan services apps should not access user contact lists without approval, though users can leave information on emergency contacts.