The Cyberspace Administration of China has published a draft list of ways that app operators illegally collect personal information. It is intended to serve as a reference for authorities to assess apps and punish those found guilty of misconduct.
Illegal behaviors include failing to remind users to read privacy policies when they install or use the apps, and collecting personal information for illegitimate purposes.
Apps must specify why they are asking users for sensitive information, such as an ID number or credit card number, and are barred from collecting personal information without the users' consent.
The draft also says apps may not collect personal information that is not related to the functioning of the app.
The collection of personal information of users under the age of 14 requires the consent of their guardian.
The draft will be open for public comment until May 26.
The China Consumers Association issued a report in November on the protection of personal information by 100 popular mobile apps. About 90 of the apps were suspected of over-collecting personal information.
Apps mentioned in the report include Qunar, an online travel company; bike-sharing platform Ofo; photo-editing company Meitu; Alipay; and Migu Video.
Locations, address lists and mobile phone numbers were the main items excessively collected. Other include photos, property information, transaction records, online browsing records, education information and vehicle information, according to the report.
According to another report from the association in August based on 5,458 questionnaires from app users, about 85 percent of those surveyed had personal information leaked, including for sales calls, phone fraud and spam.
Nearly 70 percent of respondents believed that their private information was unnecessary to the functioning of the app.
When installing and using apps, about 18 percent of respondents always read the privacy policy, about 56 percent read it sometimes and about 26 percent never read it.
Wang Sixin, director of the center for cyberlaw and intellectual property at Communication University of China, said the list, in specifying illegal behaviors, provides a standard for app operators to check and correct their procedures.
It is also conducive to building an equal relationship between the operators and users, he said, as well as a guide to help users protect themselves.
Xinhua contributed to this story.