What's the best practice to satisfy Chinese privacy regulation?

[junwchina]

Summary

App MUST not collect user's information(IMEI/MAC/Android ID/IDFA/OpenUDID/GUID/IP地址/SIM) before user agree APP Privacy Policy on Chinese Market, and most third party SDKs require developer to do a lazy initialization. I can do the same logic on Amplitude SDK as well, just want to know if there is an official way to avoid this privacy problem. @haoliu-amp

[qingzhuozhen]

Hi @junwchina Thanks for the information. Is there a link document these requests? Would like to double check how many ids we support are included in that requirement. Thank you.

[junwchina]

@qingzhuozhen http://www.cac.gov.cn/2019-12/27/c_1578986455686625.htm There are lots of requirements. Basically, app can not collect any information without user's consent. In order to collect information, app has to do:

1. App must show Privacy Policy at the beginning
2. App must tell user what permissions/third party SDKs/data you are using, and why you need
3. Only collect these data you declared in your Privacy policy file after user clicked agree button

[qingzhuozhen]

@junwchina I see, according to the policy, it makes sense to do a lazy initialization after user agree with the privacy policy. That could be the safest way. For android SDK, related are android advertising id, app set id; for iOS, it is idfa and idfv. You can also use tracking options to control the data collection for these.

[junwchina]

@qingzhuozhen got it. Thanks for your quick response.