中文
English
App certification is a core link to ensure the compliance, security, and usability of mobile applications. It covers three core scenarios: app store launch access certification, security compliance certification, and industry-specific qualification certification. Its core value lies in ensuring that the App meets platform rules, national regulations, and industry standards through review and verification by authoritative institutions. It not only protects user rights and interests but also helps developers avoid risks such as removal from shelves and penalties, making it an essential prerequisite for App launch and operation.
I. Core Categories and Applicable Scenarios of App Certification
According to different certification purposes and competent authorities, App certification can be divided into three categories, covering the entire lifecycle from launch and circulation to compliant operation:
|
Certification Type |
Core Purpose |
Competent/Certification Authority |
Applicable Scenarios |
|
App Store Launch Certification |
Obtain platform launch permission and ensure that App functions and content comply with store rules |
Apple (App Store), domestic Android stores such as Huawei/Xiaomi, Google Play, etc. |
All Apps that need to be publicly launched and circulated |
|
Security and Privacy Compliance Certification |
Regulate the collection and use of personal information, prevent security vulnerabilities, and comply with national cybersecurity regulations |
China Cybersecurity Review Technology and Certification Center (CCRC), authoritative third-party testing institutions |
Various Apps that collect users' personal information, especially government affairs, finance, and medical Apps |
|
Industry-Specific Certification |
Comply with the regulatory requirements of specific industries and obtain industry access qualifications |
Financial field (China Financial Certification Authority, CFCA), medical field (institutions related to the National Health Commission), etc. |
Special industry Apps such as financial payment, medical and health, education, news and information, etc. |
II. Detailed Explanation of Core Certifications (Process + Requirements)
(I) App Store Launch Certification (Most Basic and Essential)
The certification rules of different app stores vary, but the core requirements focus on three aspects: qualification compliance, complete functions, and privacy security. The following are the key requirements and processes of mainstream platforms:
1. Mainstream Domestic Android App Stores (Huawei/Xiaomi/OPPO/VIVO)
• Core Qualification Requirements:
Enterprise Developers: Business license, legal person identification certificate; Individual Developers: Front and back of ID card
General Required Documents: 'Computer Software Copyright Registration Certificate' (Software Copyright), ICP Record (if the App includes online services)
Additional Qualifications for Special Industries: Game category requires game version number; Financial category requires financial business license; Medical category requires medical institution practice license
• Certification Process:
graph
TD
A[Register Developer Account] --> B[Submit
Qualification Materials for Review]
B --> C[Create App
and Upload Installation Package]
C --> D[Platform
Conducts Compliance Testing (Privacy + Security)]
D -->
E[Manual Review (Function Completeness + Content Compliance)]
E --> F{Approved?}
F -- Yes --> G[App Launch]
F -- No --> H[Receive Rejection Notice and Rectify]
H --> C
• Common Rejection Reasons and Solutions:
Privacy Compliance Issues: Collecting personal information beyond the scope, failing to disclose third-party SDK information → Supplement the privacy policy, clarify the scope and purpose of data collection, and delete redundant permissions
No Account Cancellation Function: A clear cancellation channel must be specified on the App interface (not only in the agreement), and the cancellation function must be truly effective
Non-Compliant ICP Record: The subject of the ICP record is inconsistent with the developer account, and the record page has no content related to the App → Adjust the record information to ensure that the record number is correctly displayed and queryable
2. Apple App Store (iOS)
• Core Qualification Requirements:
Developer Account: Individual/Enterprise Account (annual fee $99), Enterprise Account requires D-U-N-S Number
Compliance Documents: Complete privacy policy link (publicly accessible), age rating information, test account (if the App includes login/payment functions)
Function Requirements: No incomplete functions, no calling of iOS private APIs, compliance with the 'App Store Review Guidelines'
• Key Pitfall Rectification Suggestions:
Non-Compliant Privacy Policy: Failing to explain the purpose of data collection, failing to mention integrated SDKs → Generate a compliant privacy policy, cover all data collection scenarios, deploy it on the official website, and fill in the correct link
Vague Permission Application Description: Only writing 'Need to access the camera' without explaining the specific purpose → Supplement scenario-based description, such as 'Access the camera to upload user avatar'
Interface Adaptation Issues: Black edges or content occlusion on notch screens/full-screen phones → Enable immersive status bar, adapt to safe area attributes, and test compatibility on different size devices
3. Google Play (Overseas)
• Core Requirements: One-time registration fee of $25, providing a valid email address and bank account; Submitting a privacy policy link and completing the age rating questionnaire; The App must pass security scanning without malicious code and non-compliant content
• Key Notes: If targeting EU users, it must comply with GDPR regulations; Clear notification and authorization must be obtained when collecting user data.
(II) Security and Privacy Compliance Certification (Promoted by the State)
This type of certification is voluntary, but passing it can enhance App credibility. It is preferred in some scenarios (such as government procurement and financial cooperation). The core is the 'Mobile Internet Application (App) Security Certification':
Certification Authority: China Cybersecurity Review Technology and Certification Center (CCRC) (the only official designated certification authority)
Applicable Scope: All Apps that collect, store, transmit, and use personal information
Core Standards: GB/T 35273-2020 'Information Security Technology - Personal Information Security Specification', 'Implementation Rules for Mobile Internet Application (App) Security Certification'
Certification
Process:
a. Submit application materials (enterprise
qualifications, App-related descriptions, privacy policies, etc.) to
CCRC;
b. Official designated testing institutions
conduct technical verification and issue test reports;
c. CCRC conducts on-site audits and makes certification
decisions after comprehensive evaluation;
d. After
passing, issue a certification certificate and authorize the use of
the certification mark, with a validity period of 3 years (regular
supervision and audit is required).
(III) Industry-Specific Certification (Taking the Financial Field as an Example)
Special industry Apps need to comply with additional regulatory requirements and obtain industry access qualifications. The financial field is a typical representative, with core certifications including fintech product certification and UnionPay payment application software security certification:
|
Certification Name |
Target Audience |
Core Standards |
Certification Value |
|
Fintech Product Certification (Client Software) |
Payment Apps/SDKs of banks, securities, insurance, non-bank payment institutions, etc. |
JR/T 0092-2019 'Security Management Specification for Mobile Financial Client Application Software' |
Included in the national unified certification system, preventing financial technical risks and enhancing industry credibility |
|
UnionPay Payment Application Software Security Certification |
Payment Apps accessing the UnionPay network (mobile Pay, QR code payment software, etc.) |
2019 Edition of 'China UnionPay Payment Application Software Security Specification' |
Obtain the qualification to access the UnionPay network and ensure the security of payment information and transaction integrity |
III. General Preparation Checklist and Notes for Certification
1. Core Material Preparation Checklist
□ Enterprise/Individual Identification Documents (Business License/ID Card)
□ Computer Software Copyright Registration Certificate (Essential for Launch)
□ ICP Record Document (Required for Apps with Online Services)
□ Privacy Policy Document (Publicly accessible, clarifying data collection and use rules)
□ Industry-Specific Qualifications (Game Version Number, Financial License, etc., prepared as needed)
□ Test Accounts and Instructions (Required for Apps with Login/Payment Functions)
2. Key Notes
|
|
IV. Certification Value and Recommended Resources in Shenzhen
1. Core Certification Value
Basic Value: Obtain launch and circulation qualifications and operate legally and compliantly;
Security Value: Identify security vulnerabilities and privacy risks, and reduce user complaints and data leakage risks;
Commercial Value: Enhance user trust, and Apps that have passed certification are preferred in some scenarios (government cooperation, enterprise procurement);
Risk Avoidance: Avoid being removed from shelves or fined due to violations, especially complying with the requirements of laws and regulations such as the 'Personal Information Protection Law' and 'Cybersecurity Law'.
2. High-Quality Service Resources in Shenzhen
• Qualification Handling Institutions:
Software Copyright Handling: Shenzhen Copyright Protection Center (Address: Block B, Building 10, Shenzhen Bay Science and Technology Ecology Park, Nanshan District);
ICP Record Consultation: Shenzhen Communications Administration Government Service Window (Huaqiang North Road, Futian District).
• Certification and Testing Institutions:
Shenzhen Institute of Metrology and Quality Inspection: Provides App security testing and compatibility testing, and the report is recognized by mainstream app stores;
China Financial Certification Authority (CFCA) Shenzhen Branch: Focuses on industry-specific certification and testing of financial Apps;
CEPREI Certification Center (Shenzhen): Provides auxiliary services for CCRC App security certification, including compliance consultation and technical rectification.
