Skip to content
DCC · DATA COMPLIANCE CHINA China data law, for overseas counsel.
§ 071 · ENFORCEMENT

From Naming to Takedown: Shanghai Pulls 46 Apps That Missed the Rectification Window

On June 24, 2026 the Shanghai Communications Administration (上海市通信管理局, the MIIT's directly-administered local communications authority) issued a notification ordering the takedown of 46 apps and SDKs that, after public naming and a rectification window, still had not fixed user-rights and personal-information violations. DCC reads it as the next rung on the enforcement ladder above the CAC's 30-app naming notification: same 2026 CAC + MIIT + MPS special campaign, but the local communications-administration tier converting an unrectified naming into an operative sanction — removal from distribution, with further measures flagged (suspension of access, administrative penalty, inclusion in the telecom-business bad-record list). The legal basis is PIPL, the Cybersecurity Law, the Telecom Regulations, and the Telecom and Internet User PI Protection Provisions. The 46-app list — transcribed here from the notice's attached image — is almost entirely Shanghai-registered long-tail O2O lifestyle apps (moving, housekeeping and cleaning, pet services, local travel agencies, community group-buy food, fitness and restaurants), and several operators appear with multiple apps taken down at once. DCC's read for overseas counsel: the provincial communications administrations are where a missed rectification window becomes a removed app, and the takedown tier sweeps the small-operator long tail, not just big nationals.

Editor’s Note — DCC.

This brief covers a single local enforcement notice: the Notification on Taking Down 46 Apps (SDKs) for Infringing User Rights (关于下架46款侵害用户权益行为APP(SDK)的通报), issued by the Shanghai Communications Administration (上海市通信管理局, SHCA) — the Ministry of Industry and Information Technology’s directly-administered provincial-level communications authority — via its 上海通信圈 account on 24 June 2026. The 46-app list is published as an image table attached to the notice; DCC has transcribed it below from that image (app name and ICP filing entity), and the transcription may contain minor error — the authoritative list is the original. The structural framing is DCC’s.

Read it against DCC’s enforcement tracker: the CAC 30-app naming notification and the MIIT Batch 56 bulletin, both running under the same 2026 joint special campaign. This notice is the rung above naming — takedown.

The notification

Citing the Personal Information Protection Law, the Cybersecurity Law, the Telecom Regulations (电信条例), and the Provisions on Protecting the Personal Information of Telecommunications and Internet Users, and acting under the CAC + MIIT + MPS Announcement on Carrying Out the 2026 Personal Information Protection Series of Special Campaigns — the same campaign document behind the CAC notifications and the MIIT batched bulletins — SHCA describes a clean enforcement sequence:

  1. In June 2026, SHCA publicly named a batch of apps and SDKs found to infringe user rights through unlawful collection and use of personal information.
  2. Operators were given a rectification deadline.
  3. On recheck after the deadline, 46 apps (SDKs) still had not rectified as required.
  4. SHCA therefore takes the 46 down (采取下架处理).

SHCA adds that it will keep tracking the named apps and, as warranted, take further measures: suspension of access (停止接入), administrative penalty, and inclusion in the telecom-business bad-record list (电信业务经营不良名单).

Why this notice is different: the enforcement ladder

DCC’s earlier enforcement entries captured the naming tier — the CAC notification gave 30 apps a 15-working-day rectify-and-report window; the MIIT batches name apps and threaten disposition. This SHCA notice is what happens at the bottom of that ladder when the window is missed:

PUBLIC NAMING            →  rectify within the window  →  (compliant: closed)
   │  (window missed)

TAKEDOWN (下架)          →  removed from distribution
   │  (further, as warranted)

SUSPENSION OF ACCESS · ADMINISTRATIVE PENALTY · BAD-RECORD LIST

Two structural points for the tracker:

  • Local tier, operative sanction. The provincial communications administrations are MIIT’s operational arm; they execute testing and disposition in their own jurisdiction and can order removal through app stores and access providers. Where the CAC notification’s operative verb was “rectify and report,” SHCA’s is “take down.” This is naming converting into a distribution consequence.
  • The bad-record list bites beyond the app. Inclusion in the telecom-business bad-record list is not app-specific housekeeping — it attaches to the operator and carries knock-on consequences for its telecom-business credit standing. The sanction reaches the company, not just the binary.

Who got taken down — the 46

The striking feature of the list is its profile: almost every entry is a Shanghai-registered, long-tail O2O lifestyle-service app — moving and relocation, housekeeping and cleaning, pet services, local travel agencies, community group-buy food, fitness, and restaurants/catering. These are not big-name national apps; they are the small-operator long tail, which typically ships with thin privacy disclosures and is the natural yield of local communications-administration testing.

A second pattern: several operators appear with multiple apps taken down at once — one company, a cluster of removals. Examples from the list include the 星颜到家 beauty-service trio (上海昕颜优享美容服务有限公司, #6–8), the 帮宠到家 / 哇咕 / wagoo pet cluster (帮宠到家(上海)宠物服务有限公司, #16–18), the 百瑞福 / 食百道 food trio (食百道(上海)绿色食品股份有限公司, #26–28), the 老兵搬家 moving pair (上海老兵搬家有限公司, #24–25), the 美湫 / Meishu travel pair (美湫(上海)旅行有限公司, #40–41), the 家链食品 pair (#43–44), and the 加伽磅 fitness pair (上海君邦健身有限公司, #45–46).

#App (SDK)ICP filing entity
1喜鹊日式搬家上海喜鹊搬家服务有限公司
2修押鸭上海科锐达维修技术服务有限公司
3净悦上海爱喜衣清洁技术有限公司
4喔洗喔洗上海爱善衣清洁技术有限公司
5食物本义本地生活上海布锦餐饮管理有限公司
6星颜到家上海昕颜优享美容服务有限公司
7星颜到家手艺人上海昕颜优享美容服务有限公司
8星颜到家 home上海昕颜优享美容服务有限公司
9YSJ 雅士嘉上海雅嘉家政服务有限公司
10航阳南旅(商旅出行服务)上海航阳国际旅行社有限公司
11有数出行上海航阳国际旅行社有限公司
12宠邻里上海壹温宠物商店有限公司
13闪听米诺上海闲数文化旅游发展有限公司
14尾星出发桁戈(上海)文化传播有限公司
15德宁医生德宁(上海)医疗服务有限公司
16好爱游旅行小助手上海好爱游旅游咨询有限公司
17哇咕帮宠到家(上海)宠物服务有限公司
18wagoo帮宠到家(上海)宠物服务有限公司
19BODYCONCEPT STUDIO上海宝迪康德运动科技有限公司
20旷晨国际商旅上海旷晨旅游咨询有限公司
21花王保洁上海宝爹保洁服务有限公司
22优政企业保洁上海优政保洁服务有限公司
23岚猫管家上海岚猫管家家政有限公司
24老兵硬汉搬家上海老兵搬家有限公司
25正步老兵搬家上海老兵搬家有限公司
26百瑞福利平台食百道(上海)绿色食品股份有限公司
27食百道绿色食品食百道(上海)绿色食品股份有限公司
28百瑞福蛋糕商城食百道(上海)绿色食品股份有限公司
29法小满家服上海春潮家政清洁服务有限公司
30好班长搬家上海迁易搬家有限公司
31SH Market BONITA上海朋笙餐饮管理有限公司
32鲶坊生活(家烹保洁开荒家电清洗)上海宅尔保洁服务有限公司
33格莱美品质洗护上海酷米洗衣管理有限公司
34聚晚晴(聚会旅游演艺旅居)聚晚晴(上海)国际旅行社有限公司
35MAX SHANGHAI渌福餐饮娱乐(上海)有限责任公司
36菲咪上海菲咪宠物服务有限公司
37外港智慧餐厅上海优荐餐饮管理有限公司
38斯里兰卡 ETA 中文申请通道旗旅国际旅行社(上海)有限公司
39Funshot Coffee上海蓓果餐饮管理有限公司
40Meishu GOLF美湫(上海)旅行有限公司
41Meishu 美湫旅行美湫(上海)旅行有限公司
42太慧旅游上海久程旅游有限公司
43心能源空间家链食品(上海)有限公司
44农场零距离家链食品(上海)有限公司
45加伽磅健身上海君邦健身有限公司
46加伽磅之家上海君邦健身有限公司

Transcribed from the image table attached to the original notice; the notice also lists each app’s ICP record number (partially masked in the original). The original is authoritative.

What overseas compliance teams should take from it

  • Local communications administrations are a real enforcement channel. If your China app is filed for ICP through a local entity, the provincial communications administration — not only CAC and central MIIT — tests it and can take it down. Map which administration your filing sits under, and treat its channel as a live enforcement surface.
  • The takedown list is the missed-window list. Every app here was named first and given time to fix. The disposition is for failure to rectify, not for the underlying finding alone. The operational lesson is the same one the CAC brief drew: have a standing rectification playbook — owner, test protocol, report template — so a naming never ages into a takedown.
  • One operator, many apps, one sweep. Operators running a family of apps off a single corporate entity saw the whole cluster removed together. A shared privacy/SDK defect replicated across a product family is a cluster-takedown risk; remediate at the platform level, not app by app.
  • Takedown is not the floor. SHCA expressly reserves suspension of access, administrative penalty, and bad-record-list inclusion as further steps. The bad-record list in particular reaches the operator’s telecom credit standing — a consequence that outlasts any single app.

The continuity with DCC’s earlier entries is the enforcement model itself: visible, testing-driven, batched public naming — now shown converting, at the local tier, into the removal of apps that did not fix what they were named for. In the 2026 campaign, the naming is the warning; the takedown is what the warning was for.


上海市通信管理局, 关于下架46款侵害用户权益行为APP(SDK)的通报 (Notification on Taking Down 46 Apps (SDKs) for Infringing User Rights), published via the 上海通信圈 WeChat Official Account, June 24, 2026. Original notification (Chinese).

Not legal advice. The above is DCC’s structural analysis of the notification. The 46-app list was transcribed from the image table attached to the original notice and may contain minor transcription error; the original is authoritative.

— Not legal advice.


§ SUBSCRIBE

The Monday brief.

One short email every Monday. New briefs on Chinese data-compliance rules from the previous week, with the source law cited.

Opt-in only. Unsubscribe anytime by replying "unsubscribe" to any issue.