On October 9, 2022, TC260 of China issued the Information Security Technology – Basic Security Requirements for Pre-installed App of Smartphones for public comment ending December 6, 2022 (the “Guidelines”). The Guidelines are applicable to smartphone manufacturers and also provide reference to relevant regulators and third-party assessments.
From the perspective of the Guidelines, the Apps installed on smartphones could be divided into two types: (1) applications that are pre-installed by smartphone manufacturers or by smartphone manufacturers and their partners, such as mobile app providers, before smartphones are out of the factory; and (2) the third-party pre-installed applications that are pre-installed by entities other than smartphone manufacturers.
In general, uninstallation of pre-installed applications must be made available to customers. However, the pre-installed applications that directly support system operations or implement the necessary, basic functions of smartphones may not be uninstalled by users, such as apps for system settings, document management, phone calls, multimedia recording, text message, address book, browsers and the app store.
In addition, the Guidelines also provide the technical security requirements for pre-installed applications from the perspectives of uninstallation security, security function and safeguarding of personal information. The Guidelines also address security management for third-party pre-installed applications (including review of third-party security capabilities and personal information security) and requirements for public notice on the security information of pre-installed applications.