---
title: "MIIT Public-Naming Bulletin 2026 Batch 4 (Total Batch 57): 32 Apps and SDKs Cited for PI Violations, Excessive Permission Demands, and SDK Disclosure Failures"
author: "DCC Editorial"
published: 2026-07-02T05:00:00.000Z
url: https://datacompliancechina.com/posts/miit-2026-batch-4-32-app-public-naming/
description: "On July 2, 2026, MIIT's Information & Communications Administration Bureau issued its fourth public-naming bulletin of 2026 (total Batch 57), citing 32 apps and SDKs for infringing user rights — unlawful and beyond-scope collection of personal information, forced/frequent/excessive permission demands, frequent self-starting and chained starting, uncloseable and redirect-abusing information windows, and inadequate SDK information disclosure. The batch runs under the same 2026 CAC + MIIT + MPS special campaign as the earlier CAC notification and Shanghai takedown covered in DCC's enforcement tracker, on the same rectify-or-face-disposition pathway. DCC transcribes the full 32-entry list from the bulletin's attached image table. The profile: a mobility-and-transport long tail (ride-hailing driver apps, EV charging, bus-information tools) alongside recognizable names — Neta Auto's app, PetroChina Kunlun's charging app, NetDragon's fortune-telling app, iFlyPlus — plus two WeChat mini-programs, multiple Apple App Store listings, one developer named twice, and three SDKs, one of which (闪登 SDK) drew four separate findings including the headline SDK-disclosure failure."
tags: ["enforcement", "miit", "app-compliance", "pipl", "public-naming", "sdk"]
laws_cited: ["pipl", "csl", "telecom-internet-user-pi-protection-provisions"]
domains: ["enforcement", "personal-information", "app-compliance"]
account: "miit-weibao"
original_title: "关于侵害用户权益行为的APP（SDK）通报（2026年第4批，总第57批）"
original_author: "工业和信息化部信息通信管理局 (MIIT Information & Communications Administration Bureau)"
original_publication: "工信微报 WeChat Official Account (via 数据何规)"
original_url: "https://mp.weixin.qq.com/s/ebPPWvKRuQWHAh9CJOMuPg"
source_language: "zh"
---

> **Source: Data Compliance China** — https://datacompliancechina.com/posts/miit-2026-batch-4-32-app-public-naming/ · China data law, translated and annotated for overseas counsel. Cite as: Data Compliance China, "MIIT Public-Naming Bulletin 2026 Batch 4 (Total Batch 57): 32 Apps and SDKs Cited for PI Violations, Excessive Permission Demands, and SDK Disclosure Failures", https://datacompliancechina.com/posts/miit-2026-batch-4-32-app-public-naming/
> *Editor's Note — DCC.*
>
> This is the next entry in DCC's enforcement tracker: the **Notification on
> Apps (SDKs) Infringing User Rights (2026 Batch 4, Total Batch 57)**
> (关于侵害用户权益行为的APP（SDK）通报（2026年第4批，总第57批）), issued by the
> **MIIT Information & Communications Administration Bureau** on **July 2,
> 2026** and published via 工信微报 (read here through the 数据何规 repost).
> The 32-entry list is attached to the bulletin as an **image table**; DCC has
> **transcribed it below** (app name, developer, distribution source, version,
> cited issues) and added **unofficial English renderings** of the app and
> company names for identification. The transcription may contain minor error
> and the translations are not official — the Chinese original is
> authoritative.
>
> Read it against the series: the
> [Batch 3 bulletin (31 apps, May 2026)](/posts/miit-2026-batch-3-31-app-public-naming/),
> the [CAC 30-app notification](/posts/cac-2026-30-app-pi-notification-account-cancellation/),
> and the rung below on the enforcement ladder, the
> [Shanghai 46-app takedown for missed rectification](/posts/shanghai-46-app-takedown-failure-to-rectify/).

## The bulletin

The legal architecture is unchanged from Batch 3. Acting under the **CAC +
MIIT + MPS** *Announcement on Carrying Out the 2026 Personal Information
Protection Series of Special Campaigns*, and citing the
[Personal Information Protection Law](/laws/pipl/), the
[Cybersecurity Law](/laws/csl/), the Telecom Regulations (电信条例), and the
[Provisions on Protecting the Personal Information of Telecommunications and
Internet Users](/laws/telecom-internet-user-pi-protection-provisions/), MIIT
organized **third-party testing institutions** to run sample checks on apps
and SDKs for unlawful collection and use of personal information. The sweep
found **32 apps and SDKs infringing user rights**, now publicly named.

The disposition pathway is the standard one: named apps and SDKs must
**rectify in accordance with the relevant requirements**; where rectification
is not implemented in place, MIIT will **organize disposition measures in
accordance with law and regulation** — the pathway that, as DCC's
[Shanghai takedown brief](/posts/shanghai-46-app-takedown-failure-to-rectify/)
showed, ends in removal from distribution for those who miss the window.

## The violation taxonomy in this batch

The attached table cites six problem categories across the 32 entries:

- **违规收集个人信息** — unlawful collection of personal information (the
  most common finding, appearing against most entries);
- **超范围收集个人信息** — collection of personal information beyond scope
  (the SDK entries);
- **APP强制、频繁、过度索取权限** — forced, frequent, or excessive permission
  demands (the headline category, appearing against 13 entries);
- **APP频繁自启动和关联启动** — frequent self-starting and chained starting
  of apps;
- **信息窗口无法关闭 / 信息窗口点击乱跳转** — information windows that cannot
  be closed, and window-click redirect abuse (the Batch 3 signature issue,
  down to two entries here);
- **SDK信息公示不到位** — inadequate SDK information disclosure (new to the
  headline, cited against the 闪登 SDK).

## Who got named — the 32

The dominant profile is a **mobility-and-transport long tail**: ride-hailing
and carpooling driver apps (司机点点乘客/车主, 拼客出行司机端, 化工宝智运司机端,
多多拉车主), EV-charging and car-service tools (新充电圈, 登途有车, 52车,
哪吒汽车), bus and ticket lookups (月城公交, 实时公交路线查询, 汽车票查票助手,
隧e通), and shared two-wheelers (MAN 共享摩托, 小鱼出行, 骑铃智行, 科马智行).

Within the long tail, several recognizable names:

- **哪吒汽车 (Neta Auto)** — the EV maker's own app, named from the Apple App
  Store;
- **新充电圈** — developed by 中石油昆仑网联电能科技有限公司, a **PetroChina
  Kunlun** entity;
- **龙易运势** — a fortune-telling app from 福建网龙计算机网络信息技术有限公司
  (**NetDragon**);
- **iFlyPlus** and **松果出行** (Beijing Apa Kelan Technology Group) — both
  App Store listings;
- **隧e通** — from 青岛国信城市信息科技有限公司, a state-linked city-services
  operator.

Structural patterns worth logging in the tracker:

- **The mini-program perimeter is active.** Two entries (**科马智行**,
  **梦马校园**) are distributed as **WeChat mini-programs** — MIIT's testing
  reaches in-platform apps, not just store binaries, consistent with the CAC
  notification's perimeter.
- **One developer, two apps.** 安徽华格科技有限公司 appears twice
  (司机点点乘客 #17, 司机点点车主 #23) — the same one-operator-cluster pattern
  that produced multi-app takedowns in Shanghai.
- **Apple's App Store is fully in scope.** Six entries were sampled from the
  App Store, alongside OPPO, vivo, Xiaomi, Samsung, Honor, 应用宝, 360, 百度,
  豌豆荚, and 快手 — plus **official-website distribution for the SDKs**.
- **SDKs drew the most granular findings.** Of the three SDKs named, **闪登
  SDK** (北京微方程科技有限公司) collected four separate findings — unlawful
  collection, beyond-scope collection, forced/frequent/excessive permission
  demands, and **inadequate SDK information disclosure**. SDK disclosure —
  publishing what an embedded SDK collects and does — is the obligation the
  bulletin's headline is signaling to the supply chain.

| # | App (SDK) | Developer | Source | Version | Cited issues |
|---|---|---|---|---|---|
| 1 | 每日短剧<br>*Daily Short Drama* | 厦门橙裂科技有限公司<br>*Xiamen Chenglie Technology Co., Ltd.* | Apple App Store | 1.8.1 | Unlawful PI collection |
| 2 | 月城公交<br>*Yuecheng Bus* | 西昌月城公共交通有限公司<br>*Xichang Yuecheng Public Transport Co., Ltd.* | OPPO App Store | 2.7.0 | Unlawful PI collection |
| 3 | MAN 共享摩托<br>*MAN Shared Motorcycles* | 郑州极致思路网络科技有限公司<br>*Zhengzhou Jizhi Silu Network Technology Co., Ltd.* | Tencent Yingyongbao | 4.8.4 | Forced/frequent/excessive permission demands |
| 4 | 小鱼出行<br>*Xiaoyu Mobility* | 云燊智能科技有限公司<br>*Yunshen Intelligent Technology Co., Ltd.* | Apple App Store | 6.7.4 | Unlawful PI collection |
| 5 | 汽车票查票助手<br>*Bus Ticket Lookup Assistant* | 天津米畅科技有限公司<br>*Tianjin Michang Technology Co., Ltd.* | OPPO App Store | 1.0.1 | Unlawful PI collection |
| 6 | 52车<br>*52 Che (52 Car)* | 福建汽致信息技术有限公司<br>*Fujian Qizhi Information Technology Co., Ltd.* | Honor App Market | 3.3.11 | Unlawful PI collection |
| 7 | 实时公交路线查询<br>*Real-Time Bus Route Lookup* | 成都行至远软件科技有限公司<br>*Chengdu Xingzhiyuan Software Technology Co., Ltd.* | Baidu Mobile Assistant | 1.0.1 | Unlawful PI collection; forced/frequent/excessive permission demands |
| 8 | 登途有车<br>*Dengtu Youche (car rental)* | 北京登途汽车租赁服务有限公司<br>*Beijing Dengtu Car Rental Services Co., Ltd.* | Tencent Yingyongbao | 1.0.18 | Unlawful PI collection; forced/frequent/excessive permission demands |
| 9 | 周公解梦欢喜版<br>*Zhougong Dream Interpretation (Huanxi Edition)* | 苏州市昆山真欢喜科技有限公司<br>*Kunshan Zhenhuanxi Technology Co., Ltd. (Suzhou)* | OPPO App Store | 1.5.0 | Information window cannot be closed |
| 10 | 光明易轩<br>*Guangming Yixuan* | 山东辛明轩网络科技有限公司<br>*Shandong Xinmingxuan Network Technology Co., Ltd.* | OPPO App Store | 1.1.65 | Unlawful PI collection; forced/frequent/excessive permission demands |
| 11 | 若初文学<br>*Ruochu Literature* | 北京黑岩信息技术有限公司<br>*Beijing Heiyan Information Technology Co., Ltd.* | Wandoujia | 4.3.4 | Unlawful PI collection |
| 12 | 松果出行<br>*Songguo Mobility* | Beijing Apa Kelan Technology Group Co., Ltd.<br>*(as listed in the bulletin)* | Apple App Store | 7.9.2 | Unlawful PI collection; window-click redirect abuse |
| 13 | 哪吒汽车<br>*Neta Auto* | 上海哪吒聚行信息科技技术有限公司<br>*Shanghai Nezha Juxing Information Technology Co., Ltd.* | Apple App Store | 6.4.2 | Unlawful PI collection |
| 14 | 新充电圈<br>*Xin Chongdianquan (New Charging Circle)* | 中石油昆仑网联电能科技有限公司<br>*PetroChina Kunlun Wanglian Electric Energy Technology Co., Ltd.* | Tencent Yingyongbao | 4.2.32 | Unlawful PI collection |
| 15 | iFlyPlus | iFlyPlus Co.,Ltd<br>*(as listed in the bulletin)* | Apple App Store | 3.7.9 | Unlawful PI collection; forced/frequent/excessive permission demands |
| 16 | 龙易运势<br>*Longyi Fortune* | 福建网龙计算机网络信息技术有限公司<br>*Fujian NetDragon Computer Network Information Technology Co., Ltd.* | Tencent Yingyongbao | 3.8.5 | Unlawful PI collection; frequent self-start and chained start |
| 17 | 司机点点乘客<br>*Siji Diandian — Passenger* | 安徽华格科技有限公司<br>*Anhui Huage Technology Co., Ltd.* | Tencent Yingyongbao | 4.0.58 | Unlawful PI collection |
| 18 | 拼客出行司机端<br>*Pinke Mobility — Driver* | 河南省拼客顺风车科技有限公司<br>*Henan Pinke Carpooling Technology Co., Ltd.* | OPPO App Store | 4.3.5 | Unlawful PI collection |
| 19 | 我爱喝果汁<br>*Wo Ai He Guozhi (I Love Juice)* | 天津康成瑞谷网络科技有限公司<br>*Tianjin Kangcheng Ruigu Network Technology Co., Ltd.* | Kuaishou | 1.0.3.5 | Unlawful PI collection; frequent self-start and chained start |
| 20 | 科马智行<br>*Kema Zhixing* | 合肥大白鼠新能源科技有限公司<br>*Hefei Dabaishu New Energy Technology Co., Ltd.* | WeChat mini-program | — | Unlawful PI collection; forced/frequent/excessive permission demands |
| 21 | 早播<br>*Zaobo* | 上海碳蓝网络科技有限公司<br>*Shanghai Tanlan Network Technology Co., Ltd.* | Samsung Galaxy Store | 1.3.19 | Unlawful PI collection; forced/frequent/excessive permission demands |
| 22 | 化工宝智运司机端<br>*Huagongbao Zhiyun — Driver* | 上海化工宝数字科技有限公司<br>*Shanghai Huagongbao Digital Technology Co., Ltd.* | vivo App Store | 2.2.12 | Forced/frequent/excessive permission demands |
| 23 | 司机点点车主<br>*Siji Diandian — Owner* | 安徽华格科技有限公司<br>*Anhui Huage Technology Co., Ltd.* | Tencent Yingyongbao | 4.6.6 | Unlawful PI collection |
| 24 | 隧e通<br>*Sui-e-Tong (tunnel e-pass)* | 青岛国信城市信息科技有限公司<br>*Qingdao Guoxin City Information Technology Co., Ltd.* | 360 Mobile Assistant | 2.7.3 | Unlawful PI collection |
| 25 | 多多拉车主<br>*Duoduola — Owner* | 深圳汇森能源环保科技有限公司<br>*Shenzhen Huisen Energy & Environmental Protection Technology Co., Ltd.* | Xiaomi App Store | 2.8.2 | Unlawful PI collection; frequent self-start and chained start |
| 26 | 梦马校园<br>*Mengma Campus* | 杭州更创星科技有限公司<br>*Hangzhou Gengchuangxing Technology Co., Ltd.* | WeChat mini-program | — | Unlawful PI collection; forced/frequent/excessive permission demands |
| 27 | 车辆维保记录查询<br>*Vehicle Maintenance Records Lookup* | 昆山博派信息科技有限公司<br>*Kunshan Bopai Information Technology Co., Ltd.* | 360 Mobile Assistant | 2.2.0 | Unlawful PI collection |
| 28 | 骑铃智行<br>*Qiling Zhixing* | 四川玉骑铃科技有限公司<br>*Sichuan Yuqiling Technology Co., Ltd.* | Xiaomi App Store | 1.4.5 | Forced/frequent/excessive permission demands; frequent self-start and chained start |
| 29 | 客生客商家端<br>*Keshengke — Merchant* | 河南客生客电子商务有限公司<br>*Henan Keshengke E-Commerce Co., Ltd.* | Tencent Yingyongbao | 2.3.2 | Unlawful PI collection |
| 30 | 驷象 SDK<br>*Sixiang SDK* | 杭州驷象信息技术有限公司<br>*Hangzhou Sixiang Information Technology Co., Ltd.* | Official website | 4.1.3 | Beyond-scope PI collection |
| 31 | 闪登 SDK<br>*Shandeng SDK (flash login)* | 北京微方程科技有限公司<br>*Beijing Weifangcheng Technology Co., Ltd.* | Official website | 1.0.54 | Unlawful PI collection; beyond-scope PI collection; forced/frequent/excessive permission demands; inadequate SDK information disclosure |
| 32 | 数字人 SDK<br>*Digital Human SDK* | 北京爱语吧科技有限公司<br>*Beijing Aiyuba Technology Co., Ltd.* | Official website | 1.0.0 | Unlawful PI collection |

*Transcribed from the image table attached to the original bulletin; the
original is authoritative. English renderings of app and company names are
DCC's unofficial translations or transliterations, provided for
identification only — they are not official names, may be inaccurate, and
where an operator has a registered English name it may differ. The Chinese
names are the operative identifiers.*

## What overseas compliance teams should take from it

- **SDK disclosure is now a headline enforcement category.** If your app
  embeds third-party SDKs in China — or you ship an SDK — the disclosure of
  what each SDK collects, and keeping that disclosure current, is being
  tested. An SDK named in a bulletin contaminates every host app that embeds
  it; run the SDK inventory now.
- **Permission hygiene is the recurring finding.** Thirteen of 32 entries
  drew the forced/frequent/excessive-permission finding. The test is
  behavioral — how often and how insistently the binary asks — so paper
  policies don't answer it; instrumented permission-flow review does.
- **Distribution channel is no shelter.** Apple's App Store, every major
  Android store, Kuaishou's in-app channel, WeChat mini-programs, and
  direct official-site SDK distribution all appear as sampling sources. If it
  runs in China, it is in the perimeter.
- **The cadence is holding.** Batch 4 of 2026 lands at the start of July —
  roughly monthly, 57 batches in. Under the 2026 joint campaign, the
  naming-rectification-disposition machine is running on schedule, and the
  Shanghai takedown notice already showed what the end of the pathway looks
  like for operators who miss the window.

---

— *工业和信息化部信息通信管理局 (MIIT Information & Communications
Administration Bureau), 关于侵害用户权益行为的APP（SDK）通报（2026年第4批，总第57批）
(Notification on Apps (SDKs) Infringing User Rights (2026 Batch 4, Total
Batch 57)), July 2, 2026, published via 工信微报 and read here via the
数据何规 repost. [Repost (Chinese).](https://mp.weixin.qq.com/s/ebPPWvKRuQWHAh9CJOMuPg)*

*Not legal advice. The 32-entry list was transcribed from the image table
attached to the original bulletin and may contain minor transcription error;
English names in the table are DCC's unofficial translations and may be
inaccurate; the original is authoritative.*
