China imposes mobile app controls

中国对手机应用程序实施控制

September 01, 2016 | BY

Katherine Jo &clp articles &

The cyberspace authority sets qualification requirements, places onus of authenticating users on app companies. 网络主管部门制定资质要求,公司承担用户身份认证责任。

Chinese authorities have stepped up regulation of mobile applications, imposing registration requirements, making user identification mandatory and putting much of the onus on companies that provide the products.

The Cyberspace Administration of China (CAC), which oversees online information and security, has declared itself the administrative body for all app content and set out a range of rules. These include requiring app store operators to register with the local CAC office within 30 days of the business going online, manage their catalogue for data security and lawfulness, and de-listing any non-compliant apps.

The Provisions for the Administration of the Information Services of Mobile Internet Application Programs (Provisions), which took effect on August 1, also subject app providers and store operators to minimum requirements. Article 5 of the Provisions, which states that “relevant qualifications specified in laws and regulations” must be secured to provide services via apps, has drawn attention for what one lawyer described as a lack of clarity.

“It's unclear what these qualifications exactly are,” said Howard Wu, partner at Baker & McKenzie in Shanghai and head of the firm's Asia IT & communications group. “But the existing regulatory backdrop consists of various guidelines issued by the Ministry of Industry and Information Technology (MIIT), the State Administration of Press, Publication, Radio, Film and Television (SAPPRFT) and the Ministry of Culture (MOC) as well.”

The MIIT's Classified Catalogue of Telecommunications Services (Telecom Catalogue) contains a category called “information publishing platforms,” which falls under the expanded “internet information services” (IIS) subset, a Type II value-added telecom service (VATS). The 2013 draft of the Telecom Catalogue cited app stores as examples for defining information publishing services. The released 2015 version provides no examples, though the definitions provided in the new Provisions can be interpreted to fit this category.

Article 2 of the Provisions defines an app as “a piece of application software…that runs on a smart mobile terminal and provides information services to users,” and an app store as “a platform that provides, via the internet, browsing, search or download services for application software or publication services.” IIS also includes social media, instant messaging, voice and video calling, anti-virus software and spam filtering services, indicating that apps of this nature will be captured by the definition.

“All of this means that app providers and app store operators will require a VATS license, and more specifically, an IIS or ICP (internet content provider) license,” said Wu. “And legislation recently released by the MIIT and SAPPRFT suggests that an additional online publishing permit will be required, depending on the app's content. For instance, whether they provide gaming or video-streaming services.”

The Provisions for the Administration of Online Publication Services (Online Publishing Provisions), issued on February 4 by the MIIT and SAPPRFT, broadened the scope of “online publications” to include everything from audio/video and written works to maps and games, and a catch-all “other types”. All service providers must obtain an online publication service permit.

In addition, an online cultural operations permit from the MOC and a cybersecurity certification may also be required.

However, each specific app's complex licensing requirements depend on the actual service offerings and are unlikely to be enforced as strongly as those for app stores. For instance, according to a Morrison & Foerster alert on the Telecom Catalogue, it is normally the operator of the server that will require the IIS license rather than the publisher of the relevant app.

“It isn't the authorities' intention to evaluate the millions of individual app developers,” said Kevin Guo, partner at TransAsia Lawyers. “Instead, they are trying to regulate the app market more closely through the actual app store operators, which are the ones that require all these permits and need to monitor for compliance.”

Mobile app providers have also been made responsible for authenticating user identity, complying with privacy and respecting IP, said Guo. They are also liable for their content.

The Provisions' operating rules

Prior to these Provisions, a draft aimed at governing the pre-installation and distribution of mobile apps was issued by the MIIT on November 18, 2015. It took a much tougher stance—even extending liability to phone manufacturers—than the 2013 Circular on Strengthening the Administration of Network Access by Smart Mobile Devices, the MIIT's first regulation for the app market.

“Now that it's clear mobile apps have become a key source of content, the authorities are holding content providers responsible and making sure app stores get serious with the types of apps they provide,” Guo said. The domestic app market has been criticized for its high number of fraudulent, scam and misleading app services.

Article 7 of the Provisions calls for app providers to implement strict information security measures and sets the following standards:

  • Authenticate registered users' identity based on their mobile phone numbers and real names
  • Establish a user data security protection mechanism and comply with laws for the collection and use of personal information
  • Establish a content management mechanism that enables measures such as giving warnings, restricting functions and suspending and closing accounts, as well as keep records of violating content
  • Protect users' awareness of app installation or use, disable functions such as collecting geographical locations, reading correspondence records, using the camera or enabling recording without notification and consent, and prevent bundling and installing unrelated apps
  • Respect and protect IP rights
  • Record users' log information for 60 days.

And Article 8 provides the following administrative obligations for app store operators:

  • Conduct reviews on authenticity, security and lawfulness of app providers, establish an integrity management system and record file with the local CAC
  • Ensure that app providers protect users' information and provide explanations to users on the collection and use of their personal data
  • Ensure that app providers publish lawful content, and establish a security review mechanism with dedicated staff
  • Ensure that app providers publish lawful apps and respect IP rights.

Mobile games

On June 2, the SAPPRFT issued the Circular Regarding the Administration of Mobile Game Publication Services (Circular). It distinguishes between domestic games and games authorized by foreign copyright holders, which are subject to the Circular on Further Standardizing Application Materials for the Publication of Foreign Copyright Holder-Authorized Internet Game Works and Electronic Game Publications and the Circular on the Launching of Real Name Verification Work for the Prevention of Network Game Addiction.

“Card and racing games may not involve any significant content-related issues but the sheer processing power of today's mobile devices means certain mobile games are as sophisticated as some PC games,” said Guo. “Regulators are increasingly shifting their attention to this.”

The Circular differentiates between “casual”—i.e. simple games with no political, military, ethnic or religious content and with little to no plot, such as board, puzzle and sports games—and “non-casual” games, which are subject to stricter review and approval standards. This Han Kun Law Offices commentary details the necessary application materials.

The Circular makes it clear that any games that fail to undergo the approval procedures will be deemed illegal publications that can be ordered offline or be subjected to penalties and, in serious cases, have their licenses revoked. Developers whose games that have been live before the Circular's July 1 implementation date have until October 1 to complete the process.

“A common practice being seen, however, is that for publishing MMORPGs [massively multiplayer online role-playing games], it is acceptable for foreign parties to work with Chinese partners that can get the publishing license,” Guo said. “If foreign companies can provide sufficient reasons for bringing a game into China, a mechanism enabling their market entry on an individual project basis will be made available.”

Tencent's $8.6 billion purchase of Finland-based digital game company Supercell, which produced the global hit Clash of Clans, reflects tech companies' bullish attitudes to the mobile gaming industry. The deal gained Supercell access to the WeChat messaging app, which has 762 million monthly active users. Online games accounted for more than half of Tencent's $15 billion in revenue last year, The Wall Street Journal reported.

Foreign service providers

“Offshore app providers that have been taking advantage of the previous lack of enforcement are now faced with the government's clear indication to limit this space,” said Guo.

They can no longer take for granted that by operating wholly offshore they can practically evade any regulation over their services, especially those foreign apps that involve significant and large-scale operations and clearly target a PRC market share, he explained.

While the qualifications set by the Provisions do not distinguish between onshore and offshore service providers, foreign investors are legally unable to offer online mobile games and online publishing apps in China.

The Telecom Catalogue permits Sino-foreign joint ventures across various TMT businesses (though obtaining clearance in practice is highly difficult and, according to Dahui Lawyers associate Ben Chai, the MIIT has only approved fewer than 50 foreign-invested telecom enterprises across the entire Telecom Catalogue), but the MIIT and SAPPRFT's Online Publishing Provisions prohibit foreign ownership of any kind.

“A foreign app store operator will need to place its servers in China, somehow get an ICP license to run the store and, depending on the underlying nature of the app, obtain an online publishing permit, which isn't available to foreign companies at all, as well as a cultural permit, which is equally hard to get,” said Baker & McKenzie's Wu.

Foreign app stores can either set up a joint venture and obtain a one-off project permit, or simply continue to operate offshore with the hope that they won't be cut off from China's network access one day, he said, adding that onshore JVs should be strongly considered for this reason.

Apple's iOS App Store is accessible in China and comes preinstalled with its iPhones, iPods and iPads. “The Apple App Store isn't technically captured by these regulations as it is an offshore platform, but recent news reports state it is trying to acquire new game developers that possess the qualifications required by local laws, which is a sign that the company is trying to be compliant,” Guo said.

Currently, Apple has a compromise in place with Chinese regulators—its China-facing App Store filters apps that meet PRC standards, and the government has largely tolerated Apple's presence due to the brand's popularity and industry stakeholders, from local manufacturers and software firms to consumers. Apple partnered with Baidu's app store in January this year to promote Apple Music for Android phones.

Google's Google Play, an app store for Android operating systems, also usually comes pre-installed on Android devices but is not officially released in China.

“When you open the Google Play app in China, a notification pops up saying access is denied or that the IP address is unable to be located,” said Chai.

The Mountain View, California-based company is reportedly working on setting up a wholly foreign-owned enterprise (WFOE) in the Shanghai Free Trade Zone to pin down the required operating permits, he said. In July, Google announced the opening of a new experience center in Shenzhen.

“It will be especially challenging for Google to navigate all the overlapping regulations and requirements—the company isn't famous for complying in China,” said one Beijing-based lawyer.

Amazon, which launched its Amazon App Store in China in 2013, “may find it relatively easier as it has been on the ground for more than 10 years and has a more direct rapport with regulators,” the lawyer said. The company also runs a significant content business in the mainland through its Kindle Store, where it offers electronic books on new Chinese Android and iOS apps.

As for domestic app store operators, it will certainly be easier for them to meet all these requirements, but they will have to jump through hoops to obtain the necessary licenses, Wu said.

According to newzoo, Tencent's Myapp, Qihoo's 360 Mobile Assistant, Baidu Mobile Assistant, Xiaomi's MIUI app store and Huawei App Store were the top five Android app stores in China as of June this year. iiMedia Research logged 444 million active users on third party mobile app stores as of Q1 2016. China Internet Watch had more than 33,000 mobile apps developed by 7,350 Chinese companies, with photography being the most popular category, followed by health/fitness, travel/navigation, lifestyle/shopping and social/messaging.

Foreign investors' major concerns are related to all these operating permit requirements and whether they can pin them down through WFOEs or local partners, said DaHui Lawyers' Chai. These are in addition to broader developments regarding data storage requirements and the flurry of internet rules being issued, all of which represent a sweeping crackdown on online services.

“The new draft of the PRC Cybersecurity Law further confirms that anything concerning information and data, the internet and network infrastructure cannot be taken lightly,” Guo said.

By Katherine Jo

中国主管部门加大对手机应用程序的监管,规定注册要求、提出用户身份识别的强制规定,并使提供产品的公司承担更大的责任。

国家互联网信息办公室负责监管网络信息和安全,作为所有应用程序内容的管理机构,制定了一系列规则。根据规则,应用商店运营商须在业务上线后三十日内,与国家互联网信息办公室的当地办事处注册,对其管理的应用程序进行数据安全和合法性审核,并删除任何不合规的应用程序。

《移动互联网应用程序信息服务管理规定》(《规定》)自8月1日起生效,其中也对应用程序提供者和商店运营商提出了最低要求。《规定》第5条规定通过应用程序提供服务“应当依法取得法律法规规定的相关资质”。此项规定已经引起关注,有律师认为其并不明确。

“我们不确定这些资质的确切内容,”贝克麦坚时律师事务所上海办事处合伙人、亚洲区IT和通讯业务部负责人吴昊律师表示,“但就目前而言,监管背景由工信部、广电总局和文化部发布的各类指引组成。”

工信部《电信业务分类目录》(《电信目录》)包含“信息发布平台”这一类别,属于“互联网信息服务”(IIS) 子类别,是第二类增值电信业务(VATS)。2013年 《电信目录》草案将应用商店作为定义信息发布服务的例子。已公布的 2015年版本没有举例,但新《规定》给出的定义可理解为属于这一类别。

《规定》第2条将应用程序定义为“通过预装、下载等方式获取并运行在移动智能终端上、向用户提供信息服务的应用软件”, 应用商店的定义为“通过互联网提供应用软件浏览、搜索、下载或开发工具和产品发布服务的平台”。IIS也包括社交媒体、即时通信、话音和视频话音、反病毒软件和垃圾邮件过滤服务,表明此类性质的应用程序符合这一定义。

“这意味着应用程序提供者和应用商店运营商都需要有VATS许可,更确切地说,也就是 IIS或 ICP (互联网内容提供者)许可,”吴律师说。“工信部和广电总局最近出台的立法表明,根据应用程序的内容,还需要取得额外的网络发布许可,例如是否提供游戏或视频串流服务。”

工信部和广电总局在2月4日出台的《网络出版服务管理规定》(《网络出版规定》),扩大了“网络出版物”的范围,包括音频/视频、文字作品、地图、游戏以及 “其他类型”这一泛称。 所有服务提供者必须取得网络出版服务许可。

此外,还可能需要获得文化部的网络文化运营许可和网络安全认证。

但是,每一特定应用程序的复杂许可要求取决于实际提供的服务,不可能像针对应用商店的要求那样严格执行。例如,根据美富律师事务所有关《电信目录》的简讯,一般情况下,服务器运营商需要IIS许可,而不是相关应用程序的出版商。

“主管部门的意图并不是评估数以百万计的个人应用程序开发商,”权亚律师事务所合伙人郭烨指出,“与之相反,他们是想通过实际的应用商店运营商,来更密切地监管应用程序市场,正是这些运营商必须取得所有这些许可,并接受合规监督。”

郭律师还指出,手机应用程序提供者还要负责认证用户身份,遵守隐私并尊重知识产权 。他们还就内容承担责任。

《规定》的运行规则

在此《规定》前, 工信部在2015年11月18日发布了旨在管辖手机应用程序预先安装和发行的草案。相比工信部首部有关应用程序市场的法规 《关于加强移动智能终端进网管理的通知》,草案更为严格,并将责任扩大到手机制造商。

“如今,手机应用程序已明确成为主要的内容来源,主管部门使内容提供者负有责任,确保应用商店严肃对待他们所提供的应用程序,”郭律师说。由于虚假、垃圾和误导性的应用程序服务,国内应用程序市场一直以来受到批评。

《规定》第七条要求移动互联网应用程序提供者应当严格落实信息安全管理责任,并制定了以下标准:

  • 基于移动电话号码和真实姓名,对注册用户进行身份认证
  • 建立用户信息安全保护机制,收集、使用用户个人信息应当合法
  • 建立内容管理机制,视情采取警示、限制功能、暂停更新、关闭账号等处置措施,并保存违反内容的记录
  • 保障用户在安装或使用过程中的知情权,未向用户明示并经用户同意,不得开启收集地理位置、读取通讯录、使用摄像头、启用录音等功能,不得开启与服务无关的功能,不得捆绑安装无关应用程序
  • 尊重和保护知识产权
  • 记录用户日志信息,并保存六十日
  • 第八条规定互联网应用商店服务提供者负有以下管理责任:
  • 对应用程序提供者进行真实性、安全性、合法性等审核,建立信用管理制度,并向所在地省、自治区、直辖市互联网信息办公室分类备案
  • 督促应用程序提供者保护用户信息,向用户提供获取和使用用户信息的说明
  • 督促应用程序提供者发布合法信息内容,建立安全审核机制并配备人员
  • 督促应用程序提供者发布合法应用程序,尊重知识产权

手机游戏

6月2日,广电总局发布了《关于移动游戏出版服务管理的通知》 (《通知》)。《通知》将国内游戏与出版境外著作权人授权的移动游戏作了区分,后者须遵守《关于进一步规范出版境外著作权人授权互联网游戏作品和电子游戏出版物申报材料的通知》和《关于启动网络游戏防沉迷实名验证工作的通知》。

“牌类和赛车游戏可能不涉及任何重大的内容相关问题,但如今只是移动设备的处理能力便意味着,某些手机游戏与电脑游戏一样复杂,”郭律师说。 “监管部门对这一问题日益关注。”

《通知》还区别“休闲类”和“非休闲类”的游戏,“休闲类”是指没有政治、军事、民族或宗教内容且无故事情节或者情节简单的简单游戏,例如棋牌、解谜和体育游戏,而“非休闲类”受制于更严格的审查和审批标准。《通知》也明确规定了必要的申请材料。

《通知》明确,任何没有通过审批程序的游戏将被视为非法出版物,可被命令下线、处以罚款,情况严重的吊销许可。游戏在《通知》7月1日执行日期前上线的开发者需在10月1日前完成相关程序的办理。

“但是,大型多人在线角色扮演游戏 (MMORPG)的出版有这样一种常见的做法,外方可以与能够取得出版许可的中方进行合作,”郭烨指出。“如果外国公司可以就游戏引入中国提供充分的理由,就可享有基于个别项目来确保市场准入的机制。”

腾讯以86亿美元收购总部位于芬兰的数字游戏公司Supercell,该公司制作了风靡全球 的《皇室战争》,表明科技企业对于手机游戏行业的乐观态度。交易使Supercell得以进入微信应用程序,该程序拥有每月7.62亿 活跃用户。根据《华尔街日报》的报道,去年网络游戏占腾讯150亿美元收入的一半以上。

外国服务提供者

“境外应用程序提供者一直在利用过去的监管缺失,但如今政府明确要限制这一空间,”郭烨指出。

他解释说,他们不再能够想当然地认为,通过完全在境外运营,就可在实践上逃避对服务实施的监管,尤其是那些涉及重要的大规模运营、明确以中国市场份额为目标的外国应用程序。

尽管《规定》所列的资质要求没有区别境内和境外服务提供者,外国投资者在法律上不能在中国提供网上手机游戏和网上出版应用程序。

《电信目录》允许多项TMT业务设立中外合资企业, 但达辉律师事务所的柴向阳律师指出, 在实践中,取得批准非常困难。 工信部只批准了整个电信目录上不到50家外商投资的电信企业,而工信部和广电总局的《网络出版规定》 禁止任何类型的外国所有权。

贝克麦坚时的吴昊律师提到:“外国应用商店运营商需要将服务器放在中国,以某种方式取得ICP 许可来经营商店,并根据应用程序的基本性质来取得网络出版许可,这完全不向外国公司公开;另外,他们还须取得文化许可证,同样非常难获得”。

他还指出,外国应用商店可以设立合资公司,并取得一次性项目许可,或者继续在境外运营,并希望自己不要有朝一日被中国网络切断。他补充说,若有这样的目的,强烈建议考虑境内合资公司。

苹果的iOS 应用商店可以在中国访问,而且是预装在苹果的iPhone、 iPod和iPad产品上。 “苹果应用商店是境外平台,所以在技术上不受这些法规规限,但近期有新闻报道说,苹果公司正在收购拥有当地法律要求资质的新的游戏开发商,这是公司正在努力合规的标志,”郭律师说。

目前,苹果与中国监管部门达成折衷方案,在面向中国的应用商店中,过滤了符合中国标准的应用程序,而且主要由于苹果品牌知名度,以及包括本地制造商、软件公司、消费者等行业利益相关方因素, 政府对苹果持包容态度。苹果在今年一月与百度应用商店合作,推广用于安卓手机的苹果 Music。

谷歌Google Play是安卓应用系统的应用商店 ,通常预安装在安卓设备上,但并未在中国正式发布。

柴律师说,“当你在中国打开Google Play 应用程序,会自动弹出一条通知,访问被拒绝或者无法确定IP地址。”

他提到,总部位于加州的Mountain View公司被报道正在上海自贸区建立外商独资企业,这样可以确定规定的运营许可。今年七月,谷歌宣布在深圳开设新的体验中心。

“要符合所有这些重叠性的法规和要求,对谷歌公司尤其具有挑战性,这家公司在中国并不以合规见称,”一位北京律师指出。

亚马逊于2013年在中国开设了亚马逊应用商店,“这对亚马逊而言可能相对简单,因为他们在中国已经营了10年多时间,与监管部门有更多的直接、良好关系, ” 北京律师说道。公司也通过Kindle商店在大陆经营大量内容业务,提供可用于新的中文安卓和iOS应用程序的电子书。

吴昊指出,对于国内应用商店运营商而言,要符合所有这些要求会相对简单,但也要通过几道程序,才能取得必要的许可。

根据newzoo,截至今年六月,腾讯应用宝、奇虎的360手机助手、百度手机助手、小米MIUI 应用商店和华为应用商店是中国五大安卓应用商店。截至2016年第一季度,艾媒咨询统计在第三方手机应用商店有4.44亿活跃用户。《中国互联网观察》指有7350家中国公司开发了3.3万多个手机应用程序。其中照片是最受欢迎的类别,其次是健康/运动、旅行/导航、生活品味/购物以及社交/通讯。

逹辉律师事务所的柴向阳提到,外国投资者的担心主要与这些运营许可要求有关,以及他们是否可以通过外商独资企业或本地合作方来处理这些问题。除此以外,数据存储要求和大量网络规则相继出台,所有这些动态都表明网络服务面临更严格的监管力度。

郭烨律师指出,“新的《中华人民共和国网络安全法》进一步确认,任何有关信息和数据、互联网和网络基础设施的事项都不能掉以轻心。”

(作者:赵修敏)

Chinese authorities have stepped up regulation of mobile applications, imposing registration requirements, making user identification mandatory and putting much of the onus on companies that provide the products.

The Cyberspace Administration of China (CAC), which oversees online information and security, has declared itself the administrative body for all app content and set out a range of rules. These include requiring app store operators to register with the local CAC office within 30 days of the business going online, manage their catalogue for data security and lawfulness, and de-listing any non-compliant apps.

The Provisions for the Administration of the Information Services of Mobile Internet Application Programs (Provisions), which took effect on August 1, also subject app providers and store operators to minimum requirements. Article 5 of the Provisions, which states that “relevant qualifications specified in laws and regulations” must be secured to provide services via apps, has drawn attention for what one lawyer described as a lack of clarity.

“It's unclear what these qualifications exactly are,” said Howard Wu, partner at Baker & McKenzie in Shanghai and head of the firm's Asia IT & communications group. “But the existing regulatory backdrop consists of various guidelines issued by the Ministry of Industry and Information Technology (MIIT), the State Administration of Press, Publication, Radio, Film and Television (SAPPRFT) and the Ministry of Culture (MOC) as well.”

The MIIT's Classified Catalogue of Telecommunications Services (Telecom Catalogue) contains a category called “information publishing platforms,” which falls under the expanded “internet information services” (IIS) subset, a Type II value-added telecom service (VATS). The 2013 draft of the Telecom Catalogue cited app stores as examples for defining information publishing services. The released 2015 version provides no examples, though the definitions provided in the new Provisions can be interpreted to fit this category.

Article 2 of the Provisions defines an app as “a piece of application software…that runs on a smart mobile terminal and provides information services to users,” and an app store as “a platform that provides, via the internet, browsing, search or download services for application software or publication services.” IIS also includes social media, instant messaging, voice and video calling, anti-virus software and spam filtering services, indicating that apps of this nature will be captured by the definition.

“All of this means that app providers and app store operators will require a VATS license, and more specifically, an IIS or ICP (internet content provider) license,” said Wu. “And legislation recently released by the MIIT and SAPPRFT suggests that an additional online publishing permit will be required, depending on the app's content. For instance, whether they provide gaming or video-streaming services.”

The Provisions for the Administration of Online Publication Services (Online Publishing Provisions), issued on February 4 by the MIIT and SAPPRFT, broadened the scope of “online publications” to include everything from audio/video and written works to maps and games, and a catch-all “other types”. All service providers must obtain an online publication service permit.

In addition, an online cultural operations permit from the MOC and a cybersecurity certification may also be required.

However, each specific app's complex licensing requirements depend on the actual service offerings and are unlikely to be enforced as strongly as those for app stores. For instance, according to a Morrison & Foerster alert on the Telecom Catalogue, it is normally the operator of the server that will require the IIS license rather than the publisher of the relevant app.

“It isn't the authorities' intention to evaluate the millions of individual app developers,” said Kevin Guo, partner at TransAsia Lawyers. “Instead, they are trying to regulate the app market more closely through the actual app store operators, which are the ones that require all these permits and need to monitor for compliance.”

Mobile app providers have also been made responsible for authenticating user identity, complying with privacy and respecting IP, said Guo. They are also liable for their content.

The Provisions' operating rules

Prior to these Provisions, a draft aimed at governing the pre-installation and distribution of mobile apps was issued by the MIIT on November 18, 2015. It took a much tougher stance—even extending liability to phone manufacturers—than the 2013 Circular on Strengthening the Administration of Network Access by Smart Mobile Devices, the MIIT's first regulation for the app market.

“Now that it's clear mobile apps have become a key source of content, the authorities are holding content providers responsible and making sure app stores get serious with the types of apps they provide,” Guo said. The domestic app market has been criticized for its high number of fraudulent, scam and misleading app services.

Article 7 of the Provisions calls for app providers to implement strict information security measures and sets the following standards:

  • Authenticate registered users' identity based on their mobile phone numbers and real names
  • Establish a user data security protection mechanism and comply with laws for the collection and use of personal information
  • Establish a content management mechanism that enables measures such as giving warnings, restricting functions and suspending and closing accounts, as well as keep records of violating content
  • Protect users' awareness of app installation or use, disable functions such as collecting geographical locations, reading correspondence records, using the camera or enabling recording without notification and consent, and prevent bundling and installing unrelated apps
  • Respect and protect IP rights
  • Record users' log information for 60 days.

And Article 8 provides the following administrative obligations for app store operators:

  • Conduct reviews on authenticity, security and lawfulness of app providers, establish an integrity management system and record file with the local CAC
  • Ensure that app providers protect users' information and provide explanations to users on the collection and use of their personal data
  • Ensure that app providers publish lawful content, and establish a security review mechanism with dedicated staff
  • Ensure that app providers publish lawful apps and respect IP rights.

Mobile games

On June 2, the SAPPRFT issued the Circular Regarding the Administration of Mobile Game Publication Services (Circular). It distinguishes between domestic games and games authorized by foreign copyright holders, which are subject to the Circular on Further Standardizing Application Materials for the Publication of Foreign Copyright Holder-Authorized Internet Game Works and Electronic Game Publications and the Circular on the Launching of Real Name Verification Work for the Prevention of Network Game Addiction.

“Card and racing games may not involve any significant content-related issues but the sheer processing power of today's mobile devices means certain mobile games are as sophisticated as some PC games,” said Guo. “Regulators are increasingly shifting their attention to this.”

The Circular differentiates between “casual”—i.e. simple games with no political, military, ethnic or religious content and with little to no plot, such as board, puzzle and sports games—and “non-casual” games, which are subject to stricter review and approval standards. This Han Kun Law Offices commentary details the necessary application materials.

The Circular makes it clear that any games that fail to undergo the approval procedures will be deemed illegal publications that can be ordered offline or be subjected to penalties and, in serious cases, have their licenses revoked. Developers whose games that have been live before the Circular's July 1 implementation date have until October 1 to complete the process.

“A common practice being seen, however, is that for publishing MMORPGs [massively multiplayer online role-playing games], it is acceptable for foreign parties to work with Chinese partners that can get the publishing license,” Guo said. “If foreign companies can provide sufficient reasons for bringing a game into China, a mechanism enabling their market entry on an individual project basis will be made available.”

Tencent's $8.6 billion purchase of Finland-based digital game company Supercell, which produced the global hit Clash of Clans, reflects tech companies' bullish attitudes to the mobile gaming industry. The deal gained Supercell access to the WeChat messaging app, which has 762 million monthly active users. Online games accounted for more than half of Tencent's $15 billion in revenue last year, The Wall Street Journal reported.

Foreign service providers

“Offshore app providers that have been taking advantage of the previous lack of enforcement are now faced with the government's clear indication to limit this space,” said Guo.

They can no longer take for granted that by operating wholly offshore they can practically evade any regulation over their services, especially those foreign apps that involve significant and large-scale operations and clearly target a PRC market share, he explained.

While the qualifications set by the Provisions do not distinguish between onshore and offshore service providers, foreign investors are legally unable to offer online mobile games and online publishing apps in China.

The Telecom Catalogue permits Sino-foreign joint ventures across various TMT businesses (though obtaining clearance in practice is highly difficult and, according to Dahui Lawyers associate Ben Chai, the MIIT has only approved fewer than 50 foreign-invested telecom enterprises across the entire Telecom Catalogue), but the MIIT and SAPPRFT's Online Publishing Provisions prohibit foreign ownership of any kind.

“A foreign app store operator will need to place its servers in China, somehow get an ICP license to run the store and, depending on the underlying nature of the app, obtain an online publishing permit, which isn't available to foreign companies at all, as well as a cultural permit, which is equally hard to get,” said Baker & McKenzie's Wu.

Foreign app stores can either set up a joint venture and obtain a one-off project permit, or simply continue to operate offshore with the hope that they won't be cut off from China's network access one day, he said, adding that onshore JVs should be strongly considered for this reason.

Apple's iOS App Store is accessible in China and comes preinstalled with its iPhones, iPods and iPads. “The Apple App Store isn't technically captured by these regulations as it is an offshore platform, but recent news reports state it is trying to acquire new game developers that possess the qualifications required by local laws, which is a sign that the company is trying to be compliant,” Guo said.

Currently, Apple has a compromise in place with Chinese regulators—its China-facing App Store filters apps that meet PRC standards, and the government has largely tolerated Apple's presence due to the brand's popularity and industry stakeholders, from local manufacturers and software firms to consumers. Apple partnered with Baidu's app store in January this year to promote Apple Music for Android phones.

Google's Google Play, an app store for Android operating systems, also usually comes pre-installed on Android devices but is not officially released in China.

“When you open the Google Play app in China, a notification pops up saying access is denied or that the IP address is unable to be located,” said Chai.

The Mountain View, California-based company is reportedly working on setting up a wholly foreign-owned enterprise (WFOE) in the Shanghai Free Trade Zone to pin down the required operating permits, he said. In July, Google announced the opening of a new experience center in Shenzhen.

“It will be especially challenging for Google to navigate all the overlapping regulations and requirements—the company isn't famous for complying in China,” said one Beijing-based lawyer.

Amazon, which launched its Amazon App Store in China in 2013, “may find it relatively easier as it has been on the ground for more than 10 years and has a more direct rapport with regulators,” the lawyer said. The company also runs a significant content business in the mainland through its Kindle Store, where it offers electronic books on new Chinese Android and iOS apps.

As for domestic app store operators, it will certainly be easier for them to meet all these requirements, but they will have to jump through hoops to obtain the necessary licenses, Wu said.

According to newzoo, Tencent's Myapp, Qihoo's 360 Mobile Assistant, Baidu Mobile Assistant, Xiaomi's MIUI app store and Huawei App Store were the top five Android app stores in China as of June this year. iiMedia Research logged 444 million active users on third party mobile app stores as of Q1 2016. China Internet Watch had more than 33,000 mobile apps developed by 7,350 Chinese companies, with photography being the most popular category, followed by health/fitness, travel/navigation, lifestyle/shopping and social/messaging.

Foreign investors' major concerns are related to all these operating permit requirements and whether they can pin them down through WFOEs or local partners, said DaHui Lawyers' Chai. These are in addition to broader developments regarding data storage requirements and the flurry of internet rules being issued, all of which represent a sweeping crackdown on online services.

“The new draft of the PRC Cybersecurity Law further confirms that anything concerning information and data, the internet and network infrastructure cannot be taken lightly,” Guo said.

By Katherine Jo

中国主管部门加大对手机应用程序的监管,规定注册要求、提出用户身份识别的强制规定,并使提供产品的公司承担更大的责任。

国家互联网信息办公室负责监管网络信息和安全,作为所有应用程序内容的管理机构,制定了一系列规则。根据规则,应用商店运营商须在业务上线后三十日内,与国家互联网信息办公室的当地办事处注册,对其管理的应用程序进行数据安全和合法性审核,并删除任何不合规的应用程序。

《移动互联网应用程序信息服务管理规定》(《规定》)自8月1日起生效,其中也对应用程序提供者和商店运营商提出了最低要求。《规定》第5条规定通过应用程序提供服务“应当依法取得法律法规规定的相关资质”。此项规定已经引起关注,有律师认为其并不明确。

“我们不确定这些资质的确切内容,”贝克麦坚时律师事务所上海办事处合伙人、亚洲区IT和通讯业务部负责人吴昊律师表示,“但就目前而言,监管背景由工信部、广电总局和文化部发布的各类指引组成。”

工信部《电信业务分类目录》(《电信目录》)包含“信息发布平台”这一类别,属于“互联网信息服务”(IIS) 子类别,是第二类增值电信业务(VATS)。2013年 《电信目录》草案将应用商店作为定义信息发布服务的例子。已公布的 2015年版本没有举例,但新《规定》给出的定义可理解为属于这一类别。

《规定》第2条将应用程序定义为“通过预装、下载等方式获取并运行在移动智能终端上、向用户提供信息服务的应用软件”, 应用商店的定义为“通过互联网提供应用软件浏览、搜索、下载或开发工具和产品发布服务的平台”。IIS也包括社交媒体、即时通信、话音和视频话音、反病毒软件和垃圾邮件过滤服务,表明此类性质的应用程序符合这一定义。

“这意味着应用程序提供者和应用商店运营商都需要有VATS许可,更确切地说,也就是 IIS或 ICP (互联网内容提供者)许可,”吴律师说。“工信部和广电总局最近出台的立法表明,根据应用程序的内容,还需要取得额外的网络发布许可,例如是否提供游戏或视频串流服务。”

工信部和广电总局在2月4日出台的《网络出版服务管理规定》(《网络出版规定》),扩大了“网络出版物”的范围,包括音频/视频、文字作品、地图、游戏以及 “其他类型”这一泛称。 所有服务提供者必须取得网络出版服务许可。

此外,还可能需要获得文化部的网络文化运营许可和网络安全认证。

但是,每一特定应用程序的复杂许可要求取决于实际提供的服务,不可能像针对应用商店的要求那样严格执行。例如,根据美富律师事务所有关《电信目录》的简讯,一般情况下,服务器运营商需要IIS许可,而不是相关应用程序的出版商。

“主管部门的意图并不是评估数以百万计的个人应用程序开发商,”权亚律师事务所合伙人郭烨指出,“与之相反,他们是想通过实际的应用商店运营商,来更密切地监管应用程序市场,正是这些运营商必须取得所有这些许可,并接受合规监督。”

郭律师还指出,手机应用程序提供者还要负责认证用户身份,遵守隐私并尊重知识产权 。他们还就内容承担责任。

《规定》的运行规则

在此《规定》前, 工信部在2015年11月18日发布了旨在管辖手机应用程序预先安装和发行的草案。相比工信部首部有关应用程序市场的法规 《关于加强移动智能终端进网管理的通知》,草案更为严格,并将责任扩大到手机制造商。

“如今,手机应用程序已明确成为主要的内容来源,主管部门使内容提供者负有责任,确保应用商店严肃对待他们所提供的应用程序,”郭律师说。由于虚假、垃圾和误导性的应用程序服务,国内应用程序市场一直以来受到批评。

《规定》第七条要求移动互联网应用程序提供者应当严格落实信息安全管理责任,并制定了以下标准:

  • 基于移动电话号码和真实姓名,对注册用户进行身份认证
  • 建立用户信息安全保护机制,收集、使用用户个人信息应当合法
  • 建立内容管理机制,视情采取警示、限制功能、暂停更新、关闭账号等处置措施,并保存违反内容的记录
  • 保障用户在安装或使用过程中的知情权,未向用户明示并经用户同意,不得开启收集地理位置、读取通讯录、使用摄像头、启用录音等功能,不得开启与服务无关的功能,不得捆绑安装无关应用程序
  • 尊重和保护知识产权
  • 记录用户日志信息,并保存六十日
  • 第八条规定互联网应用商店服务提供者负有以下管理责任:
  • 对应用程序提供者进行真实性、安全性、合法性等审核,建立信用管理制度,并向所在地省、自治区、直辖市互联网信息办公室分类备案
  • 督促应用程序提供者保护用户信息,向用户提供获取和使用用户信息的说明
  • 督促应用程序提供者发布合法信息内容,建立安全审核机制并配备人员
  • 督促应用程序提供者发布合法应用程序,尊重知识产权

手机游戏

6月2日,广电总局发布了《关于移动游戏出版服务管理的通知》 (《通知》)。《通知》将国内游戏与出版境外著作权人授权的移动游戏作了区分,后者须遵守《关于进一步规范出版境外著作权人授权互联网游戏作品和电子游戏出版物申报材料的通知》和《关于启动网络游戏防沉迷实名验证工作的通知》。

“牌类和赛车游戏可能不涉及任何重大的内容相关问题,但如今只是移动设备的处理能力便意味着,某些手机游戏与电脑游戏一样复杂,”郭律师说。 “监管部门对这一问题日益关注。”

《通知》还区别“休闲类”和“非休闲类”的游戏,“休闲类”是指没有政治、军事、民族或宗教内容且无故事情节或者情节简单的简单游戏,例如棋牌、解谜和体育游戏,而“非休闲类”受制于更严格的审查和审批标准。《通知》也明确规定了必要的申请材料。

《通知》明确,任何没有通过审批程序的游戏将被视为非法出版物,可被命令下线、处以罚款,情况严重的吊销许可。游戏在《通知》7月1日执行日期前上线的开发者需在10月1日前完成相关程序的办理。

“但是,大型多人在线角色扮演游戏 (MMORPG)的出版有这样一种常见的做法,外方可以与能够取得出版许可的中方进行合作,”郭烨指出。“如果外国公司可以就游戏引入中国提供充分的理由,就可享有基于个别项目来确保市场准入的机制。”

腾讯以86亿美元收购总部位于芬兰的数字游戏公司Supercell,该公司制作了风靡全球 的《皇室战争》,表明科技企业对于手机游戏行业的乐观态度。交易使Supercell得以进入微信应用程序,该程序拥有每月7.62亿 活跃用户。根据《华尔街日报》的报道,去年网络游戏占腾讯150亿美元收入的一半以上。

外国服务提供者

“境外应用程序提供者一直在利用过去的监管缺失,但如今政府明确要限制这一空间,”郭烨指出。

他解释说,他们不再能够想当然地认为,通过完全在境外运营,就可在实践上逃避对服务实施的监管,尤其是那些涉及重要的大规模运营、明确以中国市场份额为目标的外国应用程序。

尽管《规定》所列的资质要求没有区别境内和境外服务提供者,外国投资者在法律上不能在中国提供网上手机游戏和网上出版应用程序。

《电信目录》允许多项TMT业务设立中外合资企业, 但达辉律师事务所的柴向阳律师指出, 在实践中,取得批准非常困难。 工信部只批准了整个电信目录上不到50家外商投资的电信企业,而工信部和广电总局的《网络出版规定》 禁止任何类型的外国所有权。

贝克麦坚时的吴昊律师提到:“外国应用商店运营商需要将服务器放在中国,以某种方式取得ICP 许可来经营商店,并根据应用程序的基本性质来取得网络出版许可,这完全不向外国公司公开;另外,他们还须取得文化许可证,同样非常难获得”。

他还指出,外国应用商店可以设立合资公司,并取得一次性项目许可,或者继续在境外运营,并希望自己不要有朝一日被中国网络切断。他补充说,若有这样的目的,强烈建议考虑境内合资公司。

苹果的iOS 应用商店可以在中国访问,而且是预装在苹果的iPhone、 iPod和iPad产品上。 “苹果应用商店是境外平台,所以在技术上不受这些法规规限,但近期有新闻报道说,苹果公司正在收购拥有当地法律要求资质的新的游戏开发商,这是公司正在努力合规的标志,”郭律师说。

目前,苹果与中国监管部门达成折衷方案,在面向中国的应用商店中,过滤了符合中国标准的应用程序,而且主要由于苹果品牌知名度,以及包括本地制造商、软件公司、消费者等行业利益相关方因素, 政府对苹果持包容态度。苹果在今年一月与百度应用商店合作,推广用于安卓手机的苹果 Music。

谷歌Google Play是安卓应用系统的应用商店 ,通常预安装在安卓设备上,但并未在中国正式发布。

柴律师说,“当你在中国打开Google Play 应用程序,会自动弹出一条通知,访问被拒绝或者无法确定IP地址。”

他提到,总部位于加州的Mountain View公司被报道正在上海自贸区建立外商独资企业,这样可以确定规定的运营许可。今年七月,谷歌宣布在深圳开设新的体验中心。

“要符合所有这些重叠性的法规和要求,对谷歌公司尤其具有挑战性,这家公司在中国并不以合规见称,”一位北京律师指出。

亚马逊于2013年在中国开设了亚马逊应用商店,“这对亚马逊而言可能相对简单,因为他们在中国已经营了10年多时间,与监管部门有更多的直接、良好关系, ” 北京律师说道。公司也通过Kindle商店在大陆经营大量内容业务,提供可用于新的中文安卓和iOS应用程序的电子书。

吴昊指出,对于国内应用商店运营商而言,要符合所有这些要求会相对简单,但也要通过几道程序,才能取得必要的许可。

根据newzoo,截至今年六月,腾讯应用宝、奇虎的360手机助手、百度手机助手、小米MIUI 应用商店和华为应用商店是中国五大安卓应用商店。截至2016年第一季度,艾媒咨询统计在第三方手机应用商店有4.44亿活跃用户。《中国互联网观察》指有7350家中国公司开发了3.3万多个手机应用程序。其中照片是最受欢迎的类别,其次是健康/运动、旅行/导航、生活品味/购物以及社交/通讯。

逹辉律师事务所的柴向阳提到,外国投资者的担心主要与这些运营许可要求有关,以及他们是否可以通过外商独资企业或本地合作方来处理这些问题。除此以外,数据存储要求和大量网络规则相继出台,所有这些动态都表明网络服务面临更严格的监管力度。

郭烨律师指出,“新的《中华人民共和国网络安全法》进一步确认,任何有关信息和数据、互联网和网络基础设施的事项都不能掉以轻心。”

(作者:赵修敏)

This premium content is reserved for
China Law & Practice Subscribers.

  • A database of over 3,000 essential documents including key PRC legislation translated into English
  • A choice of newsletters to alert you to changes affecting your business including sector specific updates
  • Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment
For enterprise-wide or corporate enquiries, please contact our experienced Sales Professionals at +44 (0)203 868 7546 or [email protected]