Shanghai Cracks Down on 263 Apps for Privacy Violations – What Does This Mean for China’s App Ecosystem?
The Shanghai Municipal Communications Administration (上海市通信管理局) has taken decisive action against privacy violations in the app ecosystem, identifying 263 applications, WeChat Mini Programs(微信小程序), WeChat Service Accounts (微信公众号) and software development kits (SDKs) that breach user rights protections. This latest crackdown represents China’s ongoing commitment to strengthening digital privacy safeguards and could signal broader regulatory trends across the country.
The Shanghai Municipal Communications Administration announced on July 3, 2025, that it had conducted comprehensive third-party testing of local apps and SDKs, uncovering widespread violations of user privacy rights. The enforcement action draws authority from China’s robust privacy legislation framework, including the Personal Information Protection Law (PIPL), Cybersecurity Law, and Data Security Law.
This marks the fifth batch of problematic apps identified by Shanghai regulators in 2025, suggesting systematic and ongoing monitoring of the digital ecosystem. The large-scale crackdown of 162 apps in a single review cycle indicates that privacy compliance remains a significant challenge for China’s app developers.
It is further worth noting that apps are not the only subjects of this crackdown; WeChat Mini Programs (微信小程序) and WeChat Service Accounts (微信公众号) have also been issued the same warning notice. Therefore, apps are not the only focus of tightened review processes; smaller digital components are also coming under scrutiny.
Timeline of Shanghai’s Crackdown
Shanghai’s systematic approach to app privacy enforcement throughout 2025 reveals an escalating regulatory focus:
February 7, 2025: Shanghai regulators identify 31 apps and mini-programs violating user privacy rights (first batch), with a 7-day rectification deadline until February 14.
April 11, 2025: Shanghai regulators identify 5 apps and mini-programs violating user privacy rights (second batch), with an 8-day rectification deadline until April 19.
May 8, 2025: Shanghai regulators identify 15 apps and mini-programs violating user privacy rights (third batch), with an 8-day rectification deadline until May 16.
June 5, 2025: Shanghai Municipal Communications Administration identifies 50 apps and SDKs violating user privacy rights, requiring immediate rectification within 30 days.
July 3, 2025: The latest enforcement action targets 162 apps and SDKs for privacy violations, marking the fifth and largest batch of problematic apps identified this year.
Total Impact: Across these documented enforcement actions, Shanghai regulators have identified at least 263 apps, SDKs, and mini-programs violating user privacy rights in 2025. This represents a significant regulatory effort affecting hundreds of digital services operating in China’s largest financial hub, demonstrating the authorities’ commitment to comprehensive privacy protection in the digital ecosystem.
Most notably, in the fifth batch this year, large international companies such as Bang & Olufsen, Dyson, InBody, Nike, and Blueair have all appeared on the list, showcasing that even big international companies are not exempt from local regulations.
What Are The Consequences?
Apps identified in the crackdown face strict remediation requirements:
- Immediate cessation of privacy-violating practices
- Comprehensive self-assessment of personal information and user rights protection mechanisms
- 30-day deadline to submit detailed rectification and self-evaluation reports to regulators
- Legal consequences for failure to comply within the specified timeframe
The regulator’s approach combines immediate enforcement with mandatory self-reflection, requiring companies to not only fix current violations but also evaluate their entire privacy protection framework.
What Does This Mean for the App Market in China?
This enforcement action reflects several important trends in China’s digital regulatory landscape. Shanghai’s latest enforcement action is likely just the beginning. As China continues to strengthen its digital privacy framework, app developers can expect:
- More frequent and comprehensive privacy audits
- Stricter penalties for non-compliance
- Greater scrutiny of data collection and processing practices
- Increased focus on user consent and transparency
For international companies operating in China, this regulatory environment demands serious investment in privacy compliance infrastructure and ongoing monitoring systems.
The message from the Shanghai Municipal Communications Administration (上海市通信管理局) is clear: user privacy protection is not optional in China’s digital economy. As the country continues to refine its approach to digital governance, companies that prioritise privacy compliance will be better positioned to thrive in this evolving regulatory landscape.
How Can AppInChina Help?
As China’s digital ecosystem’s restrictions tighten, it is more important than ever that companies already in China and companies that wish to enter China remain consistently compliant. At AppInChina, we provide a free compliance report to ensure that you know what your next steps are to reaching full compliance. We also offer:
- Legal counselling from our legal team
- Compliance management and maintenance
If you are worried about the recent tightening of restrictions and don’t know how to ensure your business isn’t affected, contact us to get started.