The Complete Guide to Login and Payment Solutions for Apps in China
Launching an app in China involves more than localising your product and listing it on Chinese app stores. Chinese app stores, regulators, and consumers each impose specific requirements regarding user login, payment processing, and personal data management. Getting these wrong is one of the most common reasons overseas apps are rejected during the store review process or run into compliance issues after launch. This guide covers what you need to know about login systems and in-app payments for apps in China.
Why Login and Payment Requirements in China Are Different
In most Western markets, login and payment are relatively straightforward to implement. In China, they sit at the intersection of several overlapping requirements:
- App Store policies
- Personal Information Protection Law (PIPL)
- Real-name Verification (实名认证)
- Platform-specific payment infrastructure
Each of these layers adds requirements that overseas developers are often not aware of until they hit a rejection or a compliance issue. Understanding these requirements beforehand can avoid unnecessary delays and problems when launching apps in China.
What are the Login Requirements for Apps in China?
What Chinese App Stores Require
Chinese Android app stores, including major platforms such as Vivo, Huawei, OPPO, and Xiaomi, require any app with in-app purchases to have a complete account system (完善的账号系统). Apps with payment functionality must comply with this requirement, and those without it face rejection during the review process.
A compliant account system must include:
- User registration and login. A persistent identity tied to a verified phone number or third-party account
- Purchase history. Users must be able to view what they have bought and when
- Subscription management. If your app offers auto-renewal, users must be able to cancel at any time from within the account settings, and must be notified at least 5 days before any automatic renewal via SMS or push notification
- Account deletion. Under PIPL and app store privacy guidelines, users must be able to delete their account and have their personal data erased or anonymised. This feature must be visible and functional within the app’s account settings
- Guest mode payments. If your app allows users to make payments without logging in, you must display a clear and prominent prompt asking them to bind a personal account to protect their purchase history
| Feature | Requirement |
| User registration and login | Users need a persistent account linked to a verified phone number or third-party login |
| Purchase history | Users must be able to view their past purchases and purchase dates |
| Subscription management | Users must be able to cancel auto-renewing subscriptions in account settings and receive renewal notice at least 5 days in advance by SMS or push notification |
| Account deletion | Users must be able to delete their account and have personal data erased or anonymised in the app’s account settings |
| Guest mode payments | Guest checkout users must see a clear prompt |
Login Methods
Chinese users expect to log in via familiar local methods. WeChat login (微信登录) is the most common third-party login option and is strongly recommended. However, one important note is that the Apple App Store China has rejected apps that offer only a single login method. Your app should support at least two login options, for example, WeChat login combined with phone number registration.
Common login configurations for B2C apps in China include:
- Phone number and SMS verification code (most universally compliant)
- Apple Sign-In and WeChat Login (required by Apple if any other third-party login is offered)
Real-Name Verification
For apps involving payments, social interaction, or certain regulated content categories, the account system must support Real-Name verification (实名认证). In practice, this is typically achieved by binding a Chinese mobile phone number, which is legally tied to the user’s national ID under China’s Real-Name verification requirements.
Choosing a Login Solution
Building a compliant login system from scratch in China is technically complex. Most overseas developers work with a third-party identity and access management (IAM) solution. Authing is one well-known option, offering support for WeChat login, phone number verification, and account management flows. Other solutions exist; the key criteria are support for Chinese login methods, PIPL-compliant data handling, and compatibility with your app’s architecture.
One important consideration when using a third-party IAM solution: routing personal data through a third-party service does not remove your obligations as a personal information handler under PIPL. If your app determines the purpose and means of processing personal information, you will generally remain the personal information handler, while the service provider typically acts as an entrusted processor on your behalf. This means personal information collected through your login system still needs to be assessed as part of your overall PIPL compliance and any applicable cross-border transfer analysis.
What are the In-App Payment Requirements in China?
Payment Infrastructure
WeChat Pay (微信支付) and Alipay (支付宝) dominate China’s payment ecosystem. Unlike Western markets, where credit card payments are standard, the vast majority of Chinese consumers pay via these two mobile payment platforms. The Apple App Store China also requires apps to use Apple’s in-app purchase system for digital goods and subscriptions, as it does in other regions.
To accept WeChat Pay or Alipay in your app, you need a Chinese business entity; overseas companies cannot apply for merchant accounts directly with Tencent or Ant Group. Most overseas developers work through a local payment service provider or operating partner who holds the merchant accounts and processes payments on their behalf.
Pricing and Disclosure Requirements
Chinese app stores require that all in-app purchases be clearly and accurately described. Specifically:
- All in-app purchases must be reasonably priced and clearly labelled, with a clear explanation of what the user receives
- Auto-renewal subscriptions must obtain explicit user consent; default selection or forced bundling of subscription services is prohibited
- Users must be notified at least 5 days before any automatic renewal, via SMS or push notification
- A one-click cancellation option must be available within the account settings at all times during the subscription period
Payments from Minors
If your app is accessible to children, in-app payment flows must not contain content that induces children to make purchases. Payment functions for child users must be stored in a designated area under parental supervision, and quick payment methods that do not require a password, such as one-tap payment, are not permitted in contexts accessible to minors.
How Do I Make Sure My App is Compliant?
Personal Information Protection Law
Any app that collects personal information from users in China is subject to the Personal Information Protection Law (PIPL). For apps with a login system, this means your account infrastructure, including any data collected through login and payment flows, is subject to PIPL’s requirements around consent, data minimisation, and cross-border data transfers.
Two volume-based thresholds under PIPL are particularly relevant for overseas operators:
- 100,000 users per year. You are required to file a standard contract with the CAC before exporting personal data overseas, including a Personal Information Impact Assessment. There is a fixed template for this, and the process is relatively straightforward.
- 1,000,000 users per year. A full security assessment is required before any personal data can be exported. The process can take up to six months or more to complete.
MLPS Filing
If your app offers subscription payments, a complete account system is required by Chinese app stores, making personal information collection unavoidable and triggering a separate obligation: the Multi-Level Protection Scheme (MLPS) Filing. This requirement applies even if you use a third-party login provider such as WeChat. Although the data is stored by the third party, your app is still considered to be processing that personal information, and the MLPS thresholds apply accordingly.
The MLPS Filing applies once you reach:
- 50,000 registered users, if you collect more than one piece of personal information, or collect phone numbers
- 100,000 registered users, if personal information is limited to email addresses or WeChat OpenIDs only
Why is MLPS Triggered?
It is important to understand that even when using a third-party login provider, such as WeChat Login or a third-party identity and access management solution, your app is still considered to be collecting personal information. The data is stored by the third party, which carries slightly less direct risk, but it still counts as collection for regulatory purposes. Chinese app stores require a complete account system if you add subscription payments, making personal information collection unavoidable.
What Does This Mean For the Cost?
If you intend to offer in-app subscription payments, you should factor MLPS compliance costs into your business model from the outset, not treat them as a future problem. Apps that scale quickly can reach these thresholds sooner than expected.
If you would prefer to avoid the MLPS Filing entirely, the simplest path is to offer a free version of your app with limited functionality and monetise through in-app advertising. This approach keeps personal information collection below the thresholds, provided you do not add payment features later.
How AppInChina Can Help
AppInChina helps overseas B2C apps navigate login, payment, and compliance requirements in China. We can:
- Advise on a compliant login system architecture for your app, including third-party IAM solutions and Chinese login method integration
- Provide payment infrastructure through our local entity, enabling your app to accept WeChat Pay and Alipay without establishing your own Chinese company
- Review your account system against Chinese app store requirements before submission to reduce the risk of rejection
- Guide you through PIPL and MLPS compliance, including data handling architecture and cross-border transfer filings when required
Contact us to discuss your app’s China launch requirements.