1. Background
The Ministry of Industry and Information Technology recently issued new network access requirements, which clarified specific changes in app network access detection requirements, mainly involving some app permission calls, personal information protection, software upgrades, and sensitive behaviors. In order not to affect the normal operation of the app, relevant rectifications are carried out according to the documents of the Ministry of Industry and Information Technology. The following will explain the specific solutions from 5 directions.
Two, rectification
2.1 Personal Information Protection
2.1.1 Basic mode (no permission, no personal information acquisition mode)
The biggest point involved in this rectification is the basic mode. The basic mode means that when the user chooses the privacy agreement pop-up window, he cannot click "Disagree" to exit the application. Any permissions, no personal information acquisition mode and users can use it normally.
This statement is a bit abstract, let’s take a look at the cases that friends and businessmen have already done.
Tencent Video
From the perspective of Tencent Video's strategy, when users use the app for the first time, a pop-up window of "User Privacy Agreement" will still pop up for users to choose, but what is different from the past is that the "Disagree" button is replaced with "Disagree and enter the basic agreement". Function mode", the user clicks "Disagree and enter the basic function mode" to enter a simplified version of the page, which only provides some basic functions. When the user clicks "Enter full function mode", the privacy agreement pop-up window will pop up again. After killing the process, enter again to enter the basic mode directly.
NetEase Cloud Music
The product strategies of Netease Cloud Music and Tencent Video are slightly different. When the user clicks "Disagree" on the first-level authorization pop-up window, it will jump to the second-level authorization pop-up window. When the user clicks "Disagree" on the second-level pop-up window, Enter the basic function mode" to enter the basic function page. Click "Enter full function mode" on this page to return to the second-level authorization page. When the user kills the process and re-enters the app, it will still return to the first-level authorization page.
Netease Cloud Music has one more pop-up window than Tencent Video, which is only to increase the probability of users entering the full mode, and does not involve new regulations.
In addition, Bilibili, Kugou Music, etc. have already connected to the basic mode, and interested partners can download and experience it by themselves.
2.1.2 Contents of Privacy Policy
If the app reads and transmits the user's personal information, it needs to check whether it has rules for the collection and use of the user's personal information, and clearly inform the purpose, method and scope of reading and transmitting personal information.
Judging whether the permission has read, modified, and transmitted behaviors, if so, it needs to be clearly informed in the privacy agreement.
举个例子,app有获取手机号码并且保存在服务器,需要在协议中明确声明:读取并传送用户手机号码。
2.2 app权限调用
2.2.1 应用内权限调用
- 获取定位信息和生物特征识别信息
在获取定位信息以及生物特征识别信息时需要在调用权限前,单独向用户明示调用权限的目的,不能用系统权限弹窗替代。
如上图,申请位置权限,需要在申请之前,弹出弹窗供用户选择,用户同意调用后才可以申请位置权限。
- 其他权限
其他权限如上面隐私政策一样,需要在调用时,声明是读取、修改、还是传送行为,如下图
2.3 应用软件升级
2.3.1 更新
应用软件或插件更新应在用户授权的情况下进行,不能直接更新,另外要明确告知用户此行为包含下载和安装。
简单来说,就是在app进行更新操作时,需要用弹窗告知用户,是否更新应用,更新的确认权交给用户,并且弹窗上需要声明此次更新有下载和安装两个操作。如下图
2.4 应用签名
需要保证签名的真实有效性。