Core Viewpoint - The National Cybersecurity Notification Center has reported that over 60 mobile applications, including those from seven financial institutions, are found to be illegally collecting and using personal information [1][2][3] Group 1: Violations Identified - A total of 13 types of violations were identified among the 60+ mobile applications [2] - The most common violations include: - Lack of detailed privacy policies outlining the purpose, method, and scope of personal information collection, affecting 25 applications including those from Longjiang Bank and ShenGang Securities [1][2] - Failure to provide users with a way to withdraw consent for personal information collection, impacting 30 applications including those from Industrial Bank and Hainan Airlines [2] - Inadequate security measures such as encryption and de-identification, affecting 29 applications including those from Chengtong Securities and Zhilian Recruitment [2] Group 2: Financial Institutions Involved - The financial institutions implicated include four brokerages: Chengtong Securities, Industrial Bank, ShenGang Securities, and Wukuang Securities, as well as three banks: Longjiang Bank, Wuhai Bank, and Haixia Bank [1][2] - Specific versions of the mobile applications that were flagged include: - Chengtong Securities (version 6.0.3.0), ShenGang Securities (version 3.1.7), Industrial Bank (version 8.9.0), Wukuang Securities (version 3.40.2), Wuhai Bank (version 5.0.1), Haixia Bank (version 4.0.0), and Longjiang Bank (version 2.00.03) [2][3] Group 3: Broader Implications - The violations are not limited to financial applications; they also encompass a wide range of sectors including dining, gaming, recruitment, and lifestyle services [2] - The National Cybersecurity Notification Center has released six lists of violating mobile applications since 2025, indicating a persistent issue within the industry [3] - The central authorities are conducting a series of special actions to protect personal information, with a focus on addressing typical violations and ensuring compliance [3]

Group 1 - The insurance industry is characterized as a "personal information-intensive industry," involving multiple data elements and long protection chains, with various risk points [3] - Some insurance intermediaries have user registration agreements that contain infringing clauses allowing the use of personal contact information for "partner product recommendations" [1][3] - The Personal Information Protection Law mandates that the collection and processing of personal information must adhere to the "minimum necessity" principle, limiting data collection to what is necessary for achieving processing purposes [3][4] Group 2 - Despite the establishment of a legal framework for data compliance in China, including the Cybersecurity Law, Data Security Law, and Personal Information Protection Law, violations in personal information collection persist [4] - The ambiguity of the "minimum necessity" principle, along with the opaque nature of data flow and misuse of technology, contributes to the ongoing issues of excessive data collection [4] - Effective governance of personal information misuse requires more than just user vigilance or corporate ethics; it necessitates detailed scenario rules, effective notification, increased violation costs, and rigid constraints [4]

Group 1 - The express delivery business in China has surpassed 1 trillion packages this year, raising concerns about the protection of personal information contained in these deliveries [1] - The Beijing Postal Administration has initiated a special inspection on privacy application in express delivery, urging companies to enhance the protection of users' personal information [1] - The Internet Information Office of Beijing will collaborate with the Postal Administration to conduct a special rectification on personal privacy protection in delivery scenarios [1] Group 2 - The concept of "privacy waybill" is introduced, which utilizes de-identification techniques to encrypt personal information such as names and contact details on delivery waybills [1] - Express companies, including SF Express, are implementing technical and management measures to improve user privacy protection, including the use of privacy waybills and virtual numbers [1] - SF Express has encrypted sensitive customer data in backend storage to ensure that even if data is illegally accessed, it cannot be viewed without the decryption key [1] Group 3 - The Internet Information Office is set to deepen the governance of illegal collection and use of personal information in offline consumption scenarios, conducting thorough inspections and rectifications [2] - Regular monitoring measures will be strengthened to ensure the protection of citizens' personal information rights [2]

Core Viewpoint - The article discusses the new regulatory phase of facial recognition technology in China, highlighting the crackdown on its misuse and the implementation of new laws to protect personal privacy [2][4][5]. Group 1: Regulatory Actions - Since April, the Chongqing Municipal Cyberspace Administration and other departments have initiated a special campaign against the misuse of facial recognition technology, focusing on issues like mandatory facial verification and lack of notification [2][4]. - The campaign has identified 131 problems across nearly 30 enterprises in seven key sectors, including education and banking, primarily related to inadequate privacy protocols and unauthorized data handling [5][6]. Group 2: Specific Cases and Findings - A notable case involved a company in Chongqing that collected over 12,000 customer records, including more than 5,000 facial images, without consent, leading to a fine of 10,000 yuan [3][4]. - The article emphasizes that facial recognition remains a prevalent method for identity verification in various public spaces, despite the lack of proper notification in many instances [3][6]. Group 3: Future Plans and Industry Standards - The Chongqing Municipal Cyberspace Administration plans to establish self-regulatory norms for personal information protection, collaborating with industry associations to create guidelines and promote best practices [6][7]. - There is a focus on enhancing privacy protection technologies in smart consumption scenarios, with support for research and development in this area [7]. Group 4: Public Awareness and Recommendations - The article suggests that the public should be more cautious about sharing biometric data and should prefer traditional verification methods when possible [8][9]. - It also encourages individuals to understand their rights under the Personal Information Protection Law and to report any violations regarding facial data collection [9].

Core Viewpoint - The rapid growth of apps within the Huawei HarmonyOS ecosystem has prompted the National Cybersecurity Review and Certification Center to enhance app user privacy protection and support the sustainable development of the Harmony ecosystem [1][2] Group 1: App Certification and Compliance - The National Cybersecurity Review and Certification Center is conducting research on the certification of mobile applications within the Harmony ecosystem, focusing on core technologies such as the microkernel architecture and security access mechanisms [1] - The center is analyzing risks related to personal information collection and usage in a distributed environment, particularly concerning privacy leakage during cross-device data transfer and permission synchronization across different terminals [1] - The center aims to continuously optimize compliance detection strategies and certification standards for HarmonyOS apps [1] Group 2: Monitoring and Data Support - The mobile application monitoring platform is being upgraded to adapt to the Harmony system's technical architecture, enabling comprehensive dynamic monitoring of both Android and Harmony ecosystems [1] - The platform utilizes behavior analysis and real-time data processing technologies to monitor app behavior during operation, identifying security vulnerabilities related to personal information safety [1] - This data-driven approach provides strong support for precise governance of apps [1] Group 3: Future Initiatives - The National Cybersecurity Review and Certification Center has issued "App Security Certification" and "Financial Technology Product Certification" to several Harmony apps in the education and finance sectors [2] - Future efforts will focus on deepening research into mobile application certification within the Harmony ecosystem, aligning with the 2025 personal information protection initiative led by multiple government agencies [2]

| | Android SDK | 技股份有限公司 | H 1.2 | | | | --- | --- | --- | --- | --- | --- | | | | | | | 信息窗口乱跳转 | | | | | | | SDK 信息公示不到位 | | 21 | 目睹直播播 | 杭州雅顾科技有 | 官网 | 1.1175317 | 强制、频繁,过度索 取权限 | | | 放器 SDK | 限公司 | | 505 | | | | | | | | SDK 信息公示不到位 | | 22 | 剧星-精品短 | 浙江出海数字技 | 官网 | 1.1.13 | 超范围收集个人信息 | | | 剧 SDK | 术有限公司 | | | SDK 信息公示不到位 | | 23 | NSAGClient- | 格尔软件股份有 | 官网 | 1.0.0 | 超范围收集个人信息 | | | SDK | 限公司 | | | SDK 信息公示不到位 | (责任编辑：柯晓霁) | | 17L | 两位不达几 | | | | | --- | --- | --- | --- | --- | --- | | 11 | 恐惧迷宫 | 海南星空跳动 ...

Core Viewpoint - The Ministry of Industry and Information Technology (MIIT) has reported on the infringement of user rights by 23 apps and SDKs, highlighting ongoing efforts to protect personal information in compliance with relevant laws and regulations [1] Group 1: Regulatory Actions - The MIIT's actions are part of a broader initiative announced by four government departments, including the Central Cyberspace Administration, to conduct a series of special actions for personal information protection in 2025 [1] - The report indicates that the identified apps and SDKs are required to rectify their violations, with potential legal consequences for non-compliance [1] Group 2: Legal Framework - The governance actions are based on several laws, including the Personal Information Protection Law, Cybersecurity Law, Telecommunications Regulations, and the Regulations on the Protection of Personal Information of Telecommunications and Internet Users [1] - The MIIT has engaged third-party testing organizations to conduct inspections, which led to the discovery of the violations [1]

根据中央网信办、工业和信息化部、公安部、市场监管总局等四部门联合发布的《关于开展2025年个人 信息保护系列专项行动的公告》，依据《个人信息保护法》《网络安全法》《电信条例》《电信和互联 网用户个人信息保护规定》等法律法规，工信部对APP、SDK违法违规收集使用个人信息等问题开展治 理。近期，经组织第三方检测机构进行抽查，共发现23款APP及SDK存在侵害用户权益行为（详见附 件），现予以通报。 中国经济网北京8月5日讯（记者 殷俊红） 4日，工信部发布关于侵害用户权益行为的APP（SDK）通报 （2025年第4批，总第49批）。 ...

Core Viewpoint - The article highlights the increasing issue of insurance telemarketing calls and messages affecting individuals' daily lives, raising concerns about potential personal information leaks and privacy violations by insurance intermediaries [2][3]. Group 1: Consumer Experience - Many users report receiving frequent insurance sales calls, especially when their policies are nearing renewal, leading to frustration and confusion about how their personal information was obtained [3][4]. - Users express concerns about receiving targeted marketing calls despite not having purchased insurance from the companies contacting them, indicating a possible breach of privacy [3][4]. Group 2: Privacy Policies and Information Collection - Some insurance intermediaries, like "Toubao Paipai," include clauses in their user agreements that allow for extensive personal information collection, including browsing history, which raises legal and ethical questions [4][8]. - The privacy policies of these intermediaries often blur the lines between legally required information collection and data gathered for commercial purposes, potentially infringing on consumer rights [7][9]. Group 3: Regulatory Environment - Regulatory bodies have been actively addressing the issue of excessive personal information collection by financial institutions, emphasizing the need for clear, reasonable purposes for data processing [10][11]. - Recent regulations mandate that financial institutions must limit personal information collection to what is necessary for business purposes, highlighting the importance of consumer consent and transparency [11][12].

记者8月4日从工业和信息化部获悉，依据相关法律法规，工业和信息化部对APP、SDK（第三方软件开发工具包）违法违规收集使用个人信息 等问题开展治理。近期，经组织第三方检测机构进行抽查，共发现23款APP及SDK存在侵害用户权益行为。 | 序号 | 应用名称 | 应用开发者 | 应用来源 | 应用版本 | 所涉问题 | | --- | --- | --- | --- | --- | --- | | 1 | 保卫萝卜2 | 北京凯罗天下科 | 三星应用 | 5.2.6 | 违规收集个人信息 | | | | 技有限公司 | 商店 | | | | 2 | 多屏互动 | Shenzhen Falcon Network Media | App Store | 4.5.10 | 违规收集个人信息 | | | | Co., Ltd. | | | | | 3 | 进圈 | 厦门勇气网络科 | 应用宝 | 2.2.2.4 | APP 强制、频繁、过 | | | | 技有限公司 | | | 度索取权限 | | 4 | 掌上大学 | 杭州新麦科技有 | OPPO 软件 | 3.24.6 | 违规收集个人信息 | | | | 限公司 ...