China’s Ministry of Industry and Information Technology (MIIT) has ordered the rectification of 107 apps, including a live-streaming platform from smartphone maker Xiaomi and hotel booking apps for Shangri-La and IHG, over violations related to excessive data collection and app permissions in an ongoing effort to rein in the usage of consumer data. The list also includes an app from American hotel chain Super 8, the online clinical service from Chinese insurer Taikang, and two apps from Offcn Education Technology Co, one of the major companies that provides tutoring for civil servant and public school teacher qualification exams, according to an MIIT statement on Friday. The apps were found to have “illegally collected individual data”, “forced users to turn on notifications” or “forcefully, frequently and excessively requested permissions”. China’s foreign listing rules that mandate data reviews apply to Hong Kong The MIIT also listed 13 software development kits over the illegal collection of user data. The kits include those for Baidu’s location service, ByteDance’s advertising platform Ocean Engine, and NetEase QiYu, an intelligent customer service and marketing solution under video gaming giant NetEase. The MIIT said the software’s behaviour violated several laws, including the Cybersecurity Law and the Personal Information Protection Law, which went into effect last November. The ministry told the companies to correct the problems by February 25 or face punishment, which was unspecified. The companies named did not immediately respond to requests for comment. The MIIT, along with the Cyberspace Administration of China (CAC), has been exercising its increasingly broad authority to rein in a once freewheeling internet sector. Calling out app developers over data practices has been a regular occurrence since 2019. The MIIT has issued 21 different lists of problematic apps in the last three years, with the latest one being the first of 2022. To date, the regulator has singled out more than 1,800 apps for illegally collecting user information, requesting excessive permissions or misleading customers. In the past, most of the listed apps were allowed to continue operating. A small percentage were permanently shut down. Last May, a new MIIT regulation started holding application providers accountable for collecting excessive user data unrelated to their core services and forcing users to give uninformed consent to how their data is used. The regulation defined for the first time what types of personal information are necessary for the basic functions and services of mobile apps in 39 categories, including messaging, online shopping, payments, ride-hailing, short video, live streaming and mobile games. The CAC has also been responsible for identifying apps that violate data collection rules. It has implemented a strict new data security regulation , as well, which requires a cybersecurity review of any company handling the data of more than 1 million users – a relatively low threshold in a market of 1 billion internet users – before seeking a public listing overseas, including Hong Kong.