Core Points - The National Cybersecurity Notification Center reported that 64 mobile applications were found to illegally collect and use personal information, including apps from 7 financial institutions [1][5] - The violations involved 13 types of misconduct, with 5 major categories identified as "high-risk" behaviors [3][4] Group 1: Financial Institutions - Four brokerage firms and three banks were named, including Chengtong Securities, Xingye Securities, Shengan Securities, Wukuang Securities, Longjiang Bank, Wuhai Bank, and Haixia Bank [1][5] - Specific issues included failure to inform users about the recipients of their personal information and not obtaining separate consent, affecting apps from Chengtong Securities, Haixia Bank, Xingye Securities, and Wukuang Securities [6] - Chengtong Securities did not implement necessary security measures such as encryption, while Xingye Securities failed to provide users with a way to withdraw consent for data collection [6] Group 2: Violations and Categories - The five major categories of violations included: 1. Lack of clear notification to users about privacy policies at the first app launch [3] 2. Incomplete privacy policies that did not specify the purposes, methods, and scope of personal information collection [3] 3. Failure to inform users about the transfer of their personal information to other parties [3][6] 4. No provision for users to easily withdraw consent for data collection [4][6] 5. Inadequate security measures such as encryption and de-identification [4] - Other industries affected included food and beverage, gaming, transportation, and lifestyle services, with notable brands like Starbucks, Hualala, and others being implicated [7]

Core Insights - The Central Cyberspace Administration of China has detected violations of user rights in 15 apps and 16 SDKs, highlighting issues such as failure to list the SDKs collecting personal information and lack of clarity on the rules for personal information collection [1][6]. Group 1: Issues Identified in Apps - Eight of the 15 problematic apps failed to list the SDKs collecting personal information, including Moji Weather TV version (1.3.8) and Dongman Zhi Jia (3.9.13) [1][2]. - Seven apps did not accurately specify the purpose, method, and scope of personal information collection by the SDKs, including Youdao Premium Course (6.8.2) and Tuhu Car (7.10.5) [1][3]. Group 2: Issues Identified in SDKs - Among the 16 problematic SDKs, three did not provide rules for personal information collection, including CTP Penetration Collection and Jinsida Penetration Collection [3][4]. - Four SDKs, such as Xigua Video, failed to explain measures for responding to user requests regarding personal information rights in their collection rules [3][4]. Group 3: Regulatory Actions and Compliance - The Central Cyberspace Administration requires the operators of the identified apps and SDKs to complete rectifications within 15 working days from the announcement and report back on their compliance [6]. - The regulatory body will conduct follow-up inspections and take legal actions based on the rectification results [6].

0 0 0 0 I 000H00HH00 H o 0 0 0 1 0 ------ 00 T 1 1000 I 0 0 0 0 0 r 0 0 0 0 1 0 0 0 0 0 000 0 0 0 0 0 0 0 o Ho :国家网络安全 一点宣传周 0 0 0 0 0 1 0 0 0 0 0 OHOHO 1 0 0 0 0 0 0 101 0 l 主 0 0 1 (--------- 2- (2) 0 0 1 - China Cybersecurity Week 0 ------- 0 0 1 l 11 0 0 1 0 0 1 0 0 0 T 1 1 - 0 0 0 0 1 0 0 0 0 0 0 0 0 c 4 pend from the 0 0 0 0 0 0 0 0 0 0 0 e 0 0 格安全 你我同行 0 0 0 c 0 0 8 3 融网络安全宣传手册 中国人民银行 THE PEOPLE'S BANK OF CHINA 《中华人民共和国网络安全法》 《中华人民共和国网络安全法》由中 华人民共和国第十二届全国人民代表大会 常务委员会第二十四次会议于2016年11月 7日表决通过,自2017年6月1日 ...