Alibaba-run supermarket Hema, online education firm Hujiang, and mobility platform Hello TransTech, were among the more than 20 companies censured by the Shanghai office of the Cyberspace Administration of China (CAC) as a result into a follow-up investigation into excessive collection of personal data by the apps.
The problems, which were originally detected in October, were further investigated by CAC Shanghai last month and released to public on a WeChat post (in Chinese) on Monday. All the companies mentioned have made further plans to promote continued compliance and security management, the notice also reads.
CAC Shanghai added there were still 21 data access issues remaining in some of the apps, which are deemed “unreasonable” or “reasonable but risky.” However, it added that in some instances this was due to technical limitations in Google’s [mobile] operating system Android.
A spokesperson for Hujiang, one of the companies named in the CAC announcement, told TechNode that in its case, the risky data access issues it faced stemmed from an application promotion service “app push,” which is normally provided by third-party solution firms that send messages from apps that aim to encourage users to activate their accounts.
Hujiang, which is a Shanghai-based online education platform, said it had made agreements with third-party solution providers to address the problems, and that the next version of its mobile app is currently being tested and will be released later.
Chinese mobile service providers have faced increased scrutiny following a series of user data leaks. Local police on January arrested a 25-year-old suspect for allegedly accessing the personal data of 5 million passengers on third-party ticketing platforms.
In the same month, CAC collaborated with multiple departments including China’s Ministry of Public Security, kicking off a one-year national campaign to evaluate 1,000 Chinese apps as part of efforts to prevent the leaking of private information.
According to the joint announcement (in Chinese) by CAC and three other departments, mobile application operators will take responsibility for the security of private information. Users must be informed in clear and straightforward ways, and be allowed to have their say before their personal information is accessed. Compulsory authorization including default settings and bundling installation will also be forbidden.