MIIT Cracks Down on 42 Apps and SDKs for Privacy Violations – What Does This Mean for China’s App Ecosystem?

The Ministry of Industry and Information Technology (MIIT, or 工业和信息化部) has taken decisive action against privacy violations in the app ecosystem, identifying 42 applications and software development kits (SDKs) that breach user rights protections.

MIIT announced through its official WeChat public account (工信微报) that it had conducted comprehensive third-party testing of apps and SDKs, uncovering widespread violations of user privacy rights. MIIT states that enforcement action will draw from China’s core cybersecurity laws, including the Personal Information Protection Law (PIPL or 个人信息保护法), Cybersecurity Law (网络安全法), Telecommunications Regulations (电信条例), and the Provisions on Protecting the Personal Information of Telecommunications and Internet Users (电信和互联网用户个人信息保护规定).

What are the Apps and SDKs listed? 

MIIT has publicly disclosed the complete list of 42 apps and SDKs found to be violating user privacy rights. The table shows each violating entity’s name, developer/company, distribution platform (such as App Store, Huawei, Xiaomi, OPPO, andVivo stores), version number, and the specific violations identified (including illegal collection of personal information, APP权限/弹窗骚扰, which refers to app permissions and intrusive pop-ups, and 强制/频繁/过度索取权限, meaning forceful/frequent/excessive permission requests).

The violations span a wide range of industries, including gaming, e-commerce, social networking, finance, and lifestyle services. Notably, the list includes Picfun Inc., a Hong Kong-based international app developer, demonstrating that foreign companies operating in China are subject to the same privacy compliance requirements as domestic operators.

What Does This Mean for the App Market in China?

This enforcement action is part of a joint initiative announced by four government departments: the Cyberspace Administration of China (国家互联网信息办公室), the Ministry of Industry and Information Technology (工业和信息化部), the Ministry of Public Security (公安部), and the State Administration for Market Regulation (市场监管总局). The coordinated approach suggests that privacy protection has become a priority across China.

MIIT’s enforcement specifically targets illegal collection and use of personal information by both apps and SDKs, demonstrating that scrutiny extends beyond standalone applications to include embedded software components operating across multiple apps.

China’s increasing enforcement of privacy policies indicates that app developers can expect:

• More frequent privacy audits conducted by third-party testing agencies
• Greater scrutiny of data collection and processing practices

For international companies operating in China, this regulatory environment demands serious investment in privacy compliance infrastructure and ongoing monitoring systems.

What Are The Consequences?

The 42 apps and SDKs identified in the crackdown have been given instruction to rectify these issues or risk facing consequences outlined in relevant laws. This includes: 

This includes:

• Financial penalties for serious violations. Under PIPL Article 66, provincial or higher-level authorities may impose fines up to CNY 50 million or 5% of annual revenue (whichever is greater) for serious violations, with directly responsible individuals facing fines between CNY 100,000 and CNY 1 million. 
• Business suspension or closure. For serious violations, authorities may order suspension or closure of relevant business operations under PIPL Article 66.
• Revocation of business licenses. Under PIPL Article 66, serious violations can result in revocation of business licenses or operating permits.
• App store removal: Under the Telecommunications Regulations (电信条例), apps failing to rectify violations can be removed from distribution platforms
• Personnel sanctions: PIPL Article 66 allows for prohibition of directly responsible persons from holding senior management positions for a certain period.

Apps and SDKs that fail to implement adequate corrective measures will face escalating administrative action organised by MIIT in accordance with applicable laws and regulations. The multi-department coordination of this campaign means violators may face enforcement from multiple regulatory bodies simultaneously.

How Can AppInChina Help?

The message from MIIT and other government bodies is clear: user privacy protection is not optional in China’s digital economy. It is more important than ever that companies already in China and companies that wish to enter China remain consistently compliant. At AppInChina, we provide a free compliance report to ensure that you know what your next steps are to be compliant with local laws and regulations. We also offer:

• Legal counselling from our legal team
• Ongoing compliance management

If you are worried about the recent tightening of restrictions and don’t know how to ensure your business isn’t affected, contact us to book a free initial call.