67 mobile applications suspected of collecting and using personal information illegally and against regulations have been reported.

According to the announcement issued by the Cyberspace Administration of China, the Ministry of Industry and Information Technology, and the Ministry of Public Security on the special action for personal information protection in 2026, based on the "Cybersecurity Law," "Personal Information Protection Law," "Regulations on the Administration of Network Data Security," and "Methods for Determining Illegal and Unauthorized Collection and Use of Personal Information by Apps" and other laws and regulations, and related provisions, 67 mobile applications were detected by the National Computer Virus Emergency Response Center to have one or more cases of illegal and unauthorized collection and use of personal information. The details are as follows: 1. The app did not prompt users to read the privacy policy and other usage rules through obvious means such as a pop-up window when it was first launched; it sought user consent through non-explicit means such as default consent to the privacy policy; the privacy policy was difficult to access; and before processing personal information, the personal information processor did not clearly and comprehensively inform individuals in a significant, clear, and understandable language of the processor's name or identity, contact information, retention period of personal information, etc. This involved 13 mobile applications. 2. The privacy policy did not list out the purpose, methods, scope, etc., of collecting and using personal information by the app one by one. This involved 32 mobile applications. 3. If a personal information processor provides the personal information it processes to another personal information processor, it did not inform the individual of the recipient's name or identity, contact information, purpose of processing, method of processing, and types of personal information, and obtain the individual's separate consent; the app client provides personal information to third parties without the user's consent or anonymization. This involved 15 mobile applications.