Wednesday, June 24, 2026

Valyrian News Network

Understanding, Automated

Technology Regulation

China Names 71 Apps for Illegally Collecting Personal Data

Valyrian News Network 4 min read

China Names 71 Apps for Illegally Collecting Personal Data

Chinese authorities have publicly named 71 mobile applications for illegally collecting and using personal data in violation of the country’s cybersecurity and data protection laws, marking the latest enforcement action under a multi-agency campaign launched in April 2026. The announcement, issued on June 3 by the National Cybersecurity Notification Center, follows detection by the National Computer Virus Emergency Response Center during a testing period from April 16 to May 20, 2026.

Background of the Crackdown

The action is part of the 2026 Personal Information Protection Series of Special Actions, a coordinated campaign jointly launched by the Cyberspace Administration of China (CAC), the Ministry of Industry and Information Technology (MIIT), and the Ministry of Public Security (MPS) on April 2, 2026. The campaign targets seven key sectors: apps and SDKs, internet advertising, education, transportation, healthcare, finance, and criminal cases related to personal information violations.

According to CCTV News, the crackdown is conducted under China’s comprehensive legal framework for data protection, including the Cybersecurity Law, the Personal Information Protection Law (PIPL), and the Regulations on Network Data Security Management.

Categories of Violations

The 71 applications were found to have violations across 11 distinct categories, ranging from failure to display privacy policies to inadequate encryption measures and improper handling of minors’ data. The most common violations included:

  • Privacy policy deficiencies — 41 apps failed to list the purposes, methods, and scope of data collection in their privacy policies, including data shared with third-party SDKs.
  • Failure to display privacy policies — 26 apps did not show privacy policies via pop-ups on first launch or used default consent mechanisms.
  • No withdrawal mechanism — 20 apps provided no way for users to withdraw consent for data collection.
  • Lack of encryption — 13 apps failed to implement encryption, de-identification, or other security measures.
  • Unauthorized third-party sharing — 14 apps provided personal data to third parties without separate user consent or anonymization.

Four apps were found to have no special rules for processing minors’ data under the age of 14, and one app used facial recognition as the only verification method without offering alternatives.

Notable Apps Named

The list of violating applications spans diverse sectors, including aviation, healthcare, finance, education, and retail. Among the most notable names is Air China, whose WeChat mini-program was flagged for multiple violations across three categories, including inadequate privacy policy disclosure, unauthorized third-party data sharing, and failure to provide a consent withdrawal mechanism.

Other notable apps include Guilin Bank Credit Card (Cloud Flash Payment mini-program), Inner Mongolia Bank Real Loan (WeChat mini-program), and several regional airlines such as 9 Air, Qingdao Airlines, and Chengdu Airlines. Educational apps like Putonghua Proficiency Test, Crazy Vocabulary, and Weici were also cited.

China News Service reported that the app “Weiyi HD” appeared in 8 out of 11 violation categories, suggesting systemic non-compliance.

Repeat Offenders Face Removal

In a significant demonstration of follow-through enforcement, authorities confirmed that 17 apps from a previous round of 67 reported violations were still found to be non-compliant after re-testing and have been removed from app distribution platforms. This marks an escalation in enforcement, moving beyond public naming to actual removal from app stores.

Broader Implications

The June 2026 action is part of an intensifying pattern of monthly enforcement rounds. Previous rounds in January, February, and March 2026 each saw 71-72 apps reported, while May 2026 specifically targeted 35 AI apps including well-known platforms like Zhipu Qingyan and Kimi.

Analysts note that the inclusion of mini-programs within WeChat, Alipay, Baidu, and UnionPay ecosystems signals that these platforms are now firmly in the regulatory crosshairs. International companies operating in China must ensure their apps and mini-programs comply with local data protection regulations or risk public naming and potential removal from distribution channels.

What to Watch For

As the 2026 campaign continues to unfold across its seven target sectors, app developers and operators face increasing scrutiny. The question remains whether authorities will impose financial penalties beyond public naming and removal from app stores. With China’s Personal Information Protection Law now in effect for nearly five years, the enforcement trajectory suggests regulators are moving toward more aggressive compliance measures.

For users, the message is clear: Chinese authorities are actively monitoring how apps handle personal data, and the monthly naming-and-shaming exercises serve as both a deterrent and a public awareness tool.