Security & Privacy

Developers must ensure the app runs safely, properly handle users' personal information, and meet additional protection obligations for apps whose audience includes minors. Applicable laws include but are not limited to the Personal Information Protection Law, the Cybersecurity Law, the Data Security Law, the Law on the Protection of Minors, the Methods for Identifying Unlawful Collection and Use of Personal Information by Apps, and the Provisions on the Online Protection of Children's Personal Information.

Basic Quality

1. No bug-class issues (download failures, install or registration failures, can't exit, severe lag, etc.).
2. No undisclosed hidden features or behavior contrary to the description.
3. No content that modifies game functionality (cheats, mod tools) and breaks game balance.

Malicious Code & Remote Control

1. No viruses, trojans, or any suspicious code that negatively affects the system or harms users' rights.
2. Do not hijack system operations, exploit vulnerabilities, or use deception to surveil users or steal data (such as hijacking the desktop, monitoring the clipboard, or planting phishing links).
3. Do not allow remote attackers to control the phone or receive remote-control commands without the user's knowledge.
4. Do not download, install, or run third-party malicious code to alter this or other apps' functionality (abuse of hot updates or plugin-based dynamic loading).

Hidden Charges & Cost Loss

1. Do not, without the user's knowledge or authorization, run hidden execution, deceptively click subscriptions, or use mobile payment to cause financial loss.
2. Do not auto-place calls, send SMS/MMS/email, or repeatedly connect to the network in ways that waste users' fees.
3. Do not encrypt user data, obscure windows, abuse lock-screen or app-lock permissions, or exploit denial-of-service vulnerabilities to extort users.

Network, System & Permissions

1. Do not use system resources to launch DoS/DDoS attacks.
2. Do not interfere with, block, intercept, or access without authorization users' communications, network services, or other lawful business.
3. Do not induce users to perform Root, activate Device Admin, enable Accessibility, or other actions that compromise system security.
4. Do not force-start system services such as Bluetooth or GPS without authorization.
5. Do not force device restarts or modify system settings beyond the app's scope.
6. Do not include hidden or transparent icons, or abuse foreground services or floating-window permissions to maliciously pop windows over the desktop or other apps.
7. Do not modify other apps' data, maliciously interfere with them, or induce their uninstallation.

Privacy Policy

1. The app must contain a conveniently accessible privacy-policy link whose contents match actual processing behavior; the link must always open correctly.
2. The privacy policy must explain the purposes, methods, and scope of personal information collected and used by the app (including third-party code and plug-ins).
3. It must explain how users exercise their rights as data subjects: withdrawing consent, requesting deletion, and accessing or copying their personal information, plus channels for privacy feedback. If the app uses an account system, an easy account-deletion service must be provided, with processing completed within 15 business days.
4. Before accessing, collecting, using, or disclosing any personal information, obtain user consent or comply with applicable regulations.

User Consent

1. Present the privacy policy clearly; before collection, obtain the user's voluntary, informed, and explicit consent.
2. Provide an easy way to withdraw consent.
3. If personal information is used for personalized ads or precision marketing, disclose this in the privacy policy and provide a separate opt-out inside the app.
4. Processing sensitive personal information requires separate consent, with disclosure of necessity and impact.
5. Where not necessary for the service or without a reasonable scenario, do not auto-launch or chain-launch other apps. Disclose chain launches prominently or require user initiation.

Collection & Use

1. Follow the data-minimization principle, limited to the smallest scope required for the processing purpose.
2. No covert collection, no over-scope collection, and no collection without a reasonable scenario.
3. Process all personal information using secure methods such as HTTPS encryption.
4. To disclose any personal information, the privacy policy must state what is disclosed, why, and to whom.
5. Selling users' personal information is prohibited.
6. Sensitive information such as call logs, SMS, biometrics, health data, and location traces must not be used for service improvement, advertising, marketing, or other non-core functions.
7. If a user declines to provide personal information not required by the current service, the user's access to basic functions must not be affected.

Permission Requests

1. Follow the least-privilege principle: dynamically request permissions when the corresponding business function starts; no bundled permission requests.
2. Permission requests must have a clear, reasonable use case; when requesting sensitive permissions, disclose the purpose at the same time; do not change the authorization state without consent.
3. Do not request permissions repeatedly; after a refusal, do not request again unless required by the function in use.

Protection of Minors

If the target audience includes or is designed for minors, the following also applies in addition to the above:

1. Non-kids apps must not include words such as "suitable for toddlers" or "suitable for children" that imply a child audience.
2. Information that may cultivate bad habits or affect minors' physical or mental health must carry a prominent warning before display.
3. Do not provide products or services to minors that induce addiction. Online games, livestreaming, audio-video, and social apps must provide time-management, permission-management, and spending-management features for minors.
4. No cyberbullying content that insults, defames, threatens, or maliciously damages a minor's image.
5. No pedophilia, inappropriate interactions with minors, child sexual abuse, or other minor-related pornographic content.
6. Apps for minors must not include unsuitable violent, gore, or horror content, or content depicting or encouraging harmful or dangerous activities.
7. Do not advertise or encourage minors to use or sell alcohol, tobacco, e-cigarettes, or controlled substances; do not promote negative body image (cosmetic surgery, extreme dieting, etc.).
8. No noncompliant after-school training content such as "one-on-one", "live-in tutors", "premium housekeeping", "crowd-funded private tutors"; apps for minors must not provide curricula that go beyond standard scope or that are sourced overseas.
9. Online education for minors must not contain links to online games or push ads unrelated to teaching.
10. Do not provide "photo-search-for-answers" or other thinking-numbing learning methods that contradict pedagogy.
11. Social apps involving stranger chat, dating, or sex/relationship advice must not target minors.
12. Ads targeted at minors must not promote medical care, drugs, health foods, medical devices, cosmetics, alcohol, beauty, dating, pregnancy/parenting, or online games detrimental to minors' physical or mental health.

Additional Requirements for Kids' Apps

1. No external links, paid items, or other content that distracts children, unless kept in a designated parent-supervised area.
2. A dedicated children's privacy policy must be in place.
3. Before collecting and using children's personal information, lawful authorization from a parent or guardian must be obtained.