Implementation Guide for New App Network Entry Requirements: Personal Information Protection, Permission Calls, Updates, and Signature

Introduction

The Ministry of Industry and Information Technology has issued new network entry requirements for apps, focusing on permission calls, personal information protection, software upgrades, and sensitive behaviors. This guide outlines practical solutions across five areas.

2.1 Personal Information Protection

2.1.1 Basic Mode (No Permissions, No Personal Data Collection)

When users encounter the privacy agreement dialog, they must not be able to exit the app by selecting "Disagree"; instead, they should be offered a "basic mode" that provides functionality without any permissions or personal data collection. Examples from other apps illustrate this approach.

Example: Tencent Video

On first launch, Tencent Video shows a privacy agreement dialog. The "Disagree" button is replaced with "Disagree and Enter Basic Mode". Selecting this opens a simplified interface with limited features. Users can later switch to full‑function mode, which triggers the privacy dialog again. After killing the process, the app returns to basic mode on next launch.

Example: NetEase Cloud Music

NetEase Cloud Music uses a two‑level dialog flow. Clicking "Disagree" on the first dialog leads to a second dialog; choosing "Disagree and Enter Basic Mode" opens a basic‑function page. From there, users can switch to full mode, which returns them to the second dialog. Killing the app returns to the first dialog on restart. Additional apps such as Bilibili and KuGou Music have also implemented basic mode.

2.1.2 Privacy Policy Content

If an app reads or transmits personal information, the privacy policy must clearly state the purpose, method, and scope of collection, usage, and transmission. Permissions that involve reading, modifying, or transmitting data must be explicitly disclosed, e.g., stating that the app reads and sends the user's phone number.

2.2 App Permission Calls

2.2.1 In‑App Permission Requests

Location and Biometric Information

Before requesting location or biometric data, the app must display a custom dialog explaining the purpose of the request; system permission prompts cannot replace this explanation.

The example shows that an explanatory dialog must appear before the system location permission is requested, and the user must consent before the permission is granted.

Other Permissions

For other permissions, the same principle applies: the app must declare whether the operation reads, modifies, or transmits data, as illustrated in the accompanying diagram.

2.3 Application Software Upgrade

2.3.1 Update Process

Software or plugin updates must be performed with explicit user consent. The app must inform the user that the update involves both download and installation steps via a dialog.

2.4 Application Signature

The app’s signature must be genuine and valid to ensure integrity.

Additional Resources

The article concludes with a list of recommended PHP and Vue3 learning resources, which are promotional links and not directly related to the regulatory guidance.