Updated on 2025-06-27 GMT+08:00

Developer Compliance Guide for APM Data Collection SDKs

After the Personal Information Protection Law of the People's Republic of China came into force on November 1, 2021, regulators, industry stakeholders, and end consumers are increasingly concerned about user privacy protection. To crack down on the unauthorized collection and use of personal information by apps and SDKs, regulators have released related standards and specifications.

When providing services for end users, developers (hereinafter referred to as "you") must comply with applicable laws and regulations (including but are not limited to the Personal Information Protection Law of the People's Republic of China, Cybersecurity Law of the People's Republic of China, and Data Security Law of the People's Republic of China) as well as relevant standards and specifications, fulfill personal information protection obligations, and process users' personal information in compliance with the principles of lawfulness, fairness, necessity, and integrity.

This document helps you better understand APM data collection SDKs and use them in compliance with applicable laws and regulations. It applies only to developers in Chinese mainland.

Basic Requirements

Your products and services shall respect user privacy and comply with data protection laws and regulations in countries or regions where your products and services are sold. Do not participate in any activities that interfere with, damage, or access any terminal device, server, or network without authorization.

  • (1) Privacy Policy Requirements

    You need to release a privacy policy in your own name according to laws, and obtain user consent or other legal bases for personal information processing. The requirements of the privacy policy include but are not limited to:

    1. There is a document independent from the user agreement.
    2. Before apps run for the first time to collect and process personal information, the apps need to clearly prompt users to read the privacy policy. The privacy policy must be easy to view. For example, a user can read the privacy policy with fewer than four touches or slides on the main function screen of an app.
    3. The description must be clear and plain, comply with the general language habits, and avoid ambiguity.
    4. The privacy policy must include the purposes, methods, and scope of personal information collection for products and services, and the names and contact information of the personal information processors.
    5. If your products and services need to share personal information with third parties or integrate third-party SDKs, disclose and explain the situation to users in the privacy policy to obtain users' authorization or consent.
  • (2) Requirements for processing personal information

    When processing users' personal information, your products and services must comply with the following requirements:

    1. Process personal information necessary for stated purposes and in compliance with the data minimization principle.
    2. The scope and purposes of personal information collected and processed must be the same as those specified in the privacy policy.
    3. The frequency of personal information collection must be the same as that specified in the privacy policy. Personal information collection beyond the stated frequency is not allowed.
    4. There is a clear mechanism for deleting personal information upon expiration. The retention period of personal information is the same as that in the privacy policy. Personal information is deleted or anonymized upon expiration.
    5. Before processing personal information about minors under the age of 14, consent shall be obtained from the minors' parents or other guardians.
    6. If personal information is processed for personalized recommendation or big data analysis, end users shall be notified and authorization from end users shall be obtained before related service functions are implemented.
    7. If sensitive personal information needs to be processed, obtain the consent from end users.
    8. If cross-border transfer of personal information is required, security assessment must be conducted according to the methods and standards formulated by the Cyberspace Administration of China and relevant departments under the State Council, and the transfer must comply with relevant requirements. In addition, the consent from end users shall be obtained.
    9. Users can smoothly exercise rights as a personal data subject, such as checking, copying, modifying, and deleting personal information.

Personal Information Entrusted for Processing

Before connecting to or using an APM data collection SDK, you are required to inform users of the SDK name, SDK provider name, categories of personal information to be collected, purposes for using the information, and privacy policy link, and obtain the users' consent or other legal bases. You can provide the terms in the following ways:

  • In text

    Third-party SDK: APM data collection SDK (iOS/Android/HarmonyOS/web/WeChat/Baidu/DingTalk/Alipay/quick apps)

    Third-party company name: Huawei Cloud Computing Technologies Co., Ltd.

    Personal information to be collected: device model/name/disk/memory/brand/CPU, OS name/version, app version/name/process/thread, and Wi-Fi status

    Purpose: To collect app performance data and report the data to APM.

    Privacy policy link: Privacy Statement of APM Data Collection SDKs

    In a table

Third-Party SDK

Third-Party Company

Personal Data to Be Collected

Purpose

Link to Privacy Statement

APM data collection SDK (iOS/Android/HarmonyOS/web/WeChat/Baidu/DingTalk/Alipay/quick apps)

Huawei Cloud Computing Technologies Co., Ltd.

Device model/name/disk/memory/brand/CPU, OS name/version, app version/name/process/thread, and Wi-Fi status

To collect app performance data and report the data to APM.

Privacy Statement of APM Data Collection SDKs

Permission Requirements

When providing services, the SDK complies with the principle of least permission. You need to apply for system permissions as required and obtain users' consent.

Permission

Description

Purpose

Obtaining the network status

Obtains the network status.

To check whether the current network connection is valid.

Obtaining the Wi-Fi status

Obtains the Wi-Fi status.

To obtain the Wi-Fi access status.

Requirements of Delayed Initialization

To prevent apps from processing users' personal information before obtaining users' consent, Huawei provides the APMSDK.start() API for SDK initialization. Your app can call this API to initialize the SDK only when users agree that.

Requirements of Minimum Functions

Huawei SDK provides configuration capabilities for extended functions and optional personal information processing. You can enable or disable related functions based on your service requirements by compiling files.

Protecting Personal Information Subjects' Rights

To ensure that users can easily access, copy, modify, and delete their personal information, Huawei provides related APIs in the SDK. You can then call these APIs to execute users' requests for accessing, copying, modifying, and deleting personal information.