App2China's Logo

Tuhu Automotive Service app cited for illegal collection of personal information

Insight · May 13th, 2025

On May 6, the Cyberspace Administration of China (CAC) announced that 15 apps and 16 SDKs had violations in the collection and use of personal information.

The apps named included the Moji Weather TV Edition, NetEase’s Youdao Premium Courses app, and Tuhu Automotive Service (途虎养车) app. The action, carried out pursuant to the Cybersecurity Law, the Personal Information Protection Law, and other regulations, focused on issues such as failing to clearly disclose personal information collection rules and failing to accurately specify the functional scope of SDKs.

Notably, the Tuhu Automotive Service app was included in the notice because it failed to accurately list the purposes, methods, and scope of personal information collection and use by SDKs. As a company that frequently uses SDKs in the automotive services sector, inadequate compliance can easily raise market concerns.

Tuhu is one of the leading integrated online and offline platforms for automotive service in China. Tuhu had over 126 million registered users on its flagship “Tuhu Automotive Service” app and online interfaces. Its platform is the largest car owner community amassed by automotive service providers in China.

Industry insiders pointed out that SDKs, as third-party plug-ins widely embedded in apps, can become major hotspots for data leaks if poorly managed. In the automotive services field, data leaks can readily expose personal privacy such as car owners’ geolocation and vehicle information.

The CAC emphasized that the relevant app and SDK operators must complete rectification within 15 working days from the date of this notice. Those that fail to complete rectification on time will be ordered removed from app stores.

China’s domestic compliance requirements for app data security and personal information protection are increasingly stringent, with many apps facing penalties and takedowns every month. Many foreign app developers hoping to make their mark in the Chinese market must gain a deep understanding of China’s compliance requirements. Any app listed on domestic app marketplaces is subject to strict store reviews and frequent government spot checks; if non-compliance is discovered, you must address it promptly.

A common scenario involves receiving an official rectification notice from the regulators(usually by the deadline of 15 days): For issues such as inappropriate permission use by the app, insufficient privacy rights disclosures, or incorrect display of legal entity information. If the rectification notice not be handled promptly or correctly, the regulators may report the issue, force app stores to remove the app, and revoke the ICP record, which could result in serious business disruption. Restoring access will take several weeks or even months and incur significant cost.

App2China is a professional app distribution service provider. We offer comprehensive compliance support, helping you complete pre-listing compliance reviews and handle subsequent compliance issues. With years of experience in compliance maintenance, we help clients stay aligned with evolving regulations. In case of regulatory incidents, we notify clients within 4 hours and provide recommended solutions. Over the past several years, we have successfully responded to more than 50 regulatory incidents, ensuring uninterrupted business operations for our clients in China.

If you want to bring your outstanding app into China’s vast market, please contact us so we can discuss how App2China can help you accomplish this with ease.

Interested in the China market or our services? Check out our website or contact us for details.
Back to the insight