NISSTC Seeks Comments on Guidelines for Application and Use of System Permissions by Apps

The Secretariat of the National Information Security Standardization Technical Committee ("NISSTC") has recently issued the Practical Guide to Cyber Security Standards— Guidelines for Application and Use of System Permissions by Mobile Internet Applications (App) (Draft for Comment) (the "Draft for Comment") for public comments by August 12, 2020.

The Draft for Comment sets forth basic principles and security requirements for application and use of system permissions by Apps in respect of such typical issues as mandatory, frequent and excessive request for permissions, bundled authorization, privately invoking the permission to upload personal information of users, and abuse of sensitive permissions, found in the application and use process, and proposes that Apps operators should standardize their relevant application and use of system permissions with reference to the Practical Guide. Among others, the Draft for Comment clarifies 14 general requirements for the application of system permissions, which include "users should be notified of the type of personal information to be accessed and the purpose of the application while applying for permissions, and the purpose should be clear and easy to understand, containing no advertising or any description that may deceive, inveigle, or mislead users for permissions", and 13 general requirements for the use of system permissions, which include "Apps should only access to the minimum personal information necessary to meet business functions".



(Source: https://www.tc260.org.cn/front/postDetail.html?id=20200729195232)

Note: The link to the Chinese official website of the document is for your reference.