Regulatory scrutiny over mobile applications infringing on user rights has intensified in recent years. Recently, several mobile apps operated by financial institutions were publicly flagged, including three from banks, with one app standing out for being cited for five separate violations.
Seven Financial Institution Mobile Apps Flagged, Including 3 from Banks
On July 9th, information from the National Cybersecurity Notification Center revealed that the National Computer Virus Emergency Response Center had detected 72 mobile applications illegally collecting and using personal information during a testing period from May 20th to June 22nd, 2026.
A review shows that 7 of these 72 apps belong to financial institutions, with 3 originating from banks. These banks represent different types, including a joint-stock bank, a foreign bank, and a rural commercial bank, covering two mobile apps and one WeChat mini-program.
Notably, the "Minsheng Bank Corporate Account e+" WeChat mini-program was cited for five issues, which is relatively uncommon. The violations are: 1) Failing to prominently notify users of the privacy policy upon first launch; obtaining consent by default; making the privacy policy difficult to access; and not clearly informing users of the data handler's name, contact details, and data retention period. 2) Collecting personal information or enabling relevant permissions before obtaining user consent. 3) Failing to handle complaints and reports within promised timeframes and not establishing a convenient mechanism for users to exercise their rights. 4) Not establishing specific rules for processing minors' personal information and failing to obtain separate guardian consent for collecting such data. 5) Not implementing corresponding security technical measures like encryption or de-identification.
The "HSBC Bank" app was cited for one issue: failing to inform users and obtain separate consent when providing personal information to other data handlers, including details about the recipient and the purpose, method, and type of data sharing; and sharing user information with third parties without consent or anonymization.
The "Taicang Rural Commercial Bank Mobile Banking" app was cited for two issues: 1) Its privacy policy did not itemize the purposes, methods, and scope of personal information collection for the app and any third-party code or plugins. 2) The same violation as the HSBC app regarding sharing information with other data handlers without proper notification and consent.
Thus, aside from the shared violation between the HSBC and Taicang Rural Commercial Bank apps, the issues cited for these three banking applications do not overlap.
The "Minsheng Bank Corporate Account e+" WeChat mini-program is a simple integrated account service for corporate clients, offering functions like account opening procedures, progress tracking, pending tasks, document submission, and branch location search.
The "HSBC Bank" app is HSBC China's mobile banking application for mainland China, featuring account services, global account management, and wealth management.
The "Taicang Rural Commercial Bank Mobile Banking" app belongs to Jiangsu Taicang Rural Commercial Bank.
Beyond these three banking apps, four other flagged apps belong to other financial institutions, including futures and securities firms. These are: the "Tonghuashun Stocks" WeChat mini-program (2 issues) from Zhejiang Tonghuashun Cloud Software; the "Great Wall Securities" WeChat mini-program (2 issues) from Great Wall Securities Co., Ltd.; the "Ping An Securities" WeChat mini-program (1 issue) from Ping An Securities Co., Ltd.; and the "Minsheng Micro Hall" WeChat mini-program (3 issues) from Minsheng Futures Co., Ltd.
Mini-Programs Also Classified as Apps, Minsheng Bank's Tops Current 2026 List
Among the seven flagged financial institution apps, only two are traditional installable applications, while the other five are WeChat mini-programs. According to national regulations, WeChat mini-programs are classified within the App category. Therefore, financial institutions must also comply with laws governing the collection and use of personal information when developing and operating such mini-programs.
For banks, apps are crucial for customer acquisition and marketing, while users benefit from convenient financial services. However, persistent issues with apps illegally collecting personal information continue to cause user concerns.
Available statistics for 2026 show multiple banking apps have been flagged so far. On February 3rd, the Agricultural Development Enterprise Bank app was cited for 1 issue. On April 30th, apps or mini-programs from Hubei Bank, Changshu Rural Commercial Bank, Xingfu Village Bank, Wuhan Rural Commercial Bank, and Jiangsu Rural Commercial Bank were flagged for 1 to 3 issues each. On June 3rd, mini-programs from Guilin Bank Credit Card and Inner Mongolia Bank were cited for 1 and 2 issues, respectively. The recent notification adds three more apps to this list.
It is noteworthy that among banking apps flagged in 2026 to date, most were cited for only 1 or 2 issues. The Minsheng Bank Corporate Account e+ mini-program stands out with the highest number of issues. Looking back at the 29 banking apps flagged throughout 2025, only one—the Leshan Commercial Bank app—was also cited for 5 issues. This makes the Minsheng Bank mini-program's five-issue citation a rare occurrence, matching last year's high.
The China Internet Finance Association, in a February 2026 notice on self-regulation of mobile financial client software for 2025, highlighted that some app operators frequently introduce new problems and risks during version updates. This indicates financial institutions need to strengthen their focus on these areas during app operation and maintenance.