HBuilderX2.6.3+版本开始支持配置隐私政策提示框 HBuilderX3.1.10+版本优化template模式策略,解决应用市场检测到弹出隐私政策提示框之前读取mac地址和应用列表的问题 HBuilderX3.2.1+版本开始支持androidPrivacy.json文件配置隐私政策提示框,真机运行时也可生效 HBuilderX3.2.5+版本隐私政策提示框内容中的链接支持本地 html 页面地址 注意:目前设置custom模式策略,并不能完全避免在弹出隐私提示框之前,读取设备信息(如mac地址、应用列表等)的情况,主要原因是自定义模式隐私提示框并不能阻塞应用的生命周期,使用到一些三方SDK(如X5 Webview内核、UniPush等)在应用启动时会执行初始化操作,三方SDK这是可能会读取设备信息。碰到此问题的开发者请先使用template模式解决,我们后续会提供新的自定义隐私提示框样式解决方案。

请使用HBuilderX3.2.15+ 版本打包,并使用template配置隐私弹窗否则无法正常上架应用市场 uni小程序SDK暂时不支持uniapp自己配置隐私弹窗,需要宿主自行实现隐私弹窗

DCloud联合业内主流隐私合规检测厂商推出了uni隐私合规检测服务,可在线申请获取详细检测报告,详见:uni隐私合规检测

# 概述

根据工业和信息化部关于开展APP侵害用户权益专项整治要求,App提交到应用市场必须满足以下条件:

  • 应用启动运行时需弹出隐私政策协议,说明应用采集用户数据 这里将详细介绍如何配置弹出“隐私协议和政策”提示框
  • 应用不能强制要求用户授予权限,即不能“不给权限不让用” 如不希望应用启动时申请“读写手机存储”和“访问设备信息”权限,请参考:https://ask.dcloud.net.cn/article/36549

为了兼顾隐私政策提示框的易用性和灵活性,解决弹出隐私政策提示框之前可能弹出系统授权框的问题。Android平台提供了以下隐私政策提示配置策略:

  • template 使用原生提供的隐私政策模板提示框,应用启动时在splash界面弹出。
    • 优点:在系统授权提示框之前显示,用户点击确认后才会进入应用
    • 缺点:只能配置提示文本及链接地址,无法自定义提示框样式
  • none 不处理隐私政策 不提交到应用市场时使用

# DCloud数据采集说明

为了持续优化应用及提供统计报表功能,在运行过程中会采集应用启动时间、异常错误日志等数据,其中包含设备唯一识别码。

DCloud通过了国家信息安全等级保护三级,证书编号:11010813802-20001,保障相关数据的安全性 DCloud并非大数据公司,采集的数据是为开发者提供统计服务和产品持续优化,不包含个人隐私信息

Please inform users in the "Privacy Policy" that your app is developed based on DCloud uni-app (5+ App/Wap2App), and add the following reference terms

Our product is developed based on DCloud uni-app (5+ App/Wap2App), during the running of the application, you need to collect your device unique identification code (IMEI/android ID/DEVICE_ID/IDFA, SIM card IMSI information, OAID) to provide statistical analysis Service, and improve performance and user experience through application startup data and exception error log analysis, to provide users with better services. For details, please visit "DCloud User Terms of Service". (DCloud user terms of service hyperlink to: https://ask.dcloud.net.cn/protocol.html)

# 配置方式

# HBuilderX3.2.1及以上版本配置方式

Starting from HBuilderX3.2.1+, the androidPrivacy.json file has been added to configure the privacy policy prompt box, which supports real machine running and viewing effects, and also supports configuring some styles (such as background color, title color, button color, etc.) in androidPrivacy.json.

**Notice! Do not add comments to androidPrivacy.json, it will affect the display of the privacy policy prompt box! ! ! **

After checking, the androidPrivacy.json file will be automatically added to the project. You can double-click to open the custom configuration as follows:

{
  "version": "1",
  "prompt": "template",
  "title": "服务协议和隐私政策",
  "message": "  请你务必审慎阅读、充分理解“服务协议”和“隐私政策”各条款,包括但不限于:为了更好的向你提供服务,我们需要收集你的设备标识、操作日志等信息用于分析、优化应用性能。<br/>  你可阅读<a href=\"\">《服务协议》</a>和<a href=\"\">《隐私政策》</a>了解详细信息。如果你同意,请点击下面按钮开始接受我们的服务。",
  "buttonAccept": "同意并接受",
  "buttonRefuse": "暂不同意",
  "hrefLoader": "system",
  "backToExit":"false",
  "second": {
    "title": "确认提示",
    "message": "  进入应用前,你需先同意<a href=\"\">《服务协议》</a>和<a href=\"\">《隐私政策》</a>,否则将退出应用。",
    "buttonAccept": "同意并继续",
    "buttonRefuse": "退出应用"
  },
  "disagreeMode":{
    "support": false,
    "loadNativePlugins": false,
    "visitorEntry": false,
    "showAlways": false
  },
  "styles": {
    "backgroundColor": "#00FF00",
    "borderRadius":"5px",
    "title": {
      "color": "#ff00ff"
    },
    "buttonAccept": {
      "color": "#ffff00"
    },
    "buttonRefuse": {
      "color": "#00ffff"
    },
    "buttonVisitor": {
      "color": "#00ffff"
    }
  }
}
  • version 隐私政策版本号,如果应用升级后希望重新弹出隐私政策提示框,则需要设置新版本
  • prompt 是否使用原生隐私政策提示框,值为“template”表示使用,“none”表示不使用
  • title 隐私政策提示框标题文本内容
  • message 隐私政策提示框正文内容,支持富文本richtext类型字符串,支持a/font/br等节点,点击a链接会调用内置页面打开其href属性中链接地址。 注意:务必配置此提示内容,参考上面示例内容并修改《服务协议》和《隐私政策》链接地址
  • buttonAccept 模板提示框上接受按钮的文本,默认值为“同意”
  • buttonRefuse 模板提示框上拒绝按钮的文本,默认不显示此按钮
  • hrefLoader HX 3.4.13之后版本新增,system 使用系统webview 打开隐私协议链接,默认使用uni-app内置web组件 隐私政策提示框中的链接地址加载方式,可取值:system-表示使用系统浏览器打开;default-表示使用应用内置webview页面打开。默认值为default。 注意:可能有些检测机构认为webview会读取隐私信息,这时可以配置为system来解决此问题
  • disagreeMode 用户不同意隐私协议的响应配置 具体配置及说明查看https://uniapp.dcloud.io/app-disagreemode
    • support 用户拒绝隐私协议后,是否直接进入游客模式,默认false关闭
    • loadNativePlugins 表示在disagreeMode模式是否加载uni原生插件,true表示加载;false表示不加载(此时调用uni.requireNativePlugin加载插件扩展Module返回undefined,扩展组件Component也无法使用)。默认值为true。
    • visitorEntry Supported after HBuilderX version 3.6.7, the default is false, when set to true, the privacy agreement pop-up window will appear the visitor mode button
    • showAlways HBuilderX 3.6.10 版本后支持,默认false 标记用户拒绝协议后,下次启动是否继续弹出,默认false,拒绝后不弹出
  • second 配置二次确认提示框显示内容,message属性值不为空时弹出二次确认提示框
    • title 二次确认提示框上的标题
    • message 二次确认提示框上的内容,支持富文本richtext类型字符串
    • buttonAccept 二次确认提示框上接受按钮的文本
    • buttonRefuse 二次确认提示框上拒绝按钮的文本
  • styles 配置隐私政策提示框样式
    • backgroundColor 提示框背景颜色,#RRGGBB格式字符串
    • borderRadius 提示框背景圆角半径,单位为px(逻辑像素)
    • title 提示框标题样式,其下仅支持color属性配置文本颜色,值为#RRGGBB格式字符串
    • buttonAccept 接受按钮样式,其下仅支持color属性配置文本颜色,值为#RRGGBB格式字符串
    • buttonRefuse 拒绝按钮样式,其下仅支持color属性配置文本颜色,值为#RRGGBB格式字符串
    • buttonVisitor HX 3.6.7 版本后支持,游客模式按钮样式,其下仅支持color属性配置文本颜色,值为#RRGGBB格式字符串

uni-app项目可以使用uni原生插件能支持更多自定义隐私政策提示框样式,可参考:https://ext.dcloud.net.cn/plugin?id=5581

# HBuilderX3.2.0及以下版本配置方法

打开项目的manifest.json文件,切换到“源码视图”项

  • uni-app项目 在 "app-plus" -> "privacy" 节点下添加 prompt节点
  • 5+ App项目 在 "plus" -> "privacy" 节点下添加 prompt节点

privacy节点数据格式如下:

    "privacy": {
      "prompt": "template",  //可取值template、none
      "template": { //prompt取值为template时有效,用于配置模板提示框上显示的内容
      }
    }
  • prompt
    • template
    • none 不弹出隐私政策提示框
  • template json格式,可选,模板提示框上显示的内容

# 模板提示框

This prompt box will be displayed on the Splash page before the application starts, and the user will only enter the application after clicking the agree button

You can use the following configuration template prompt box content

    "privacy": {
      "prompt": "template",
      "template": {
        "title": "服务协议和隐私政策",
        "message": "  请你务必审慎阅读、充分理解“服务协议”和“隐私政策”各条款,包括但不限于:为了更好的向你提供服务,我们需要收集你的设备标识、操作日志等信息用于分析、优化应用性能。<br/>  你可阅读<a href=\"\">《服务协议》</a>和<a href=\"\">《隐私政策》</a>了解详细信息。如果你同意,请点击下面按钮开始接受我们的服务。",
        "buttonAccept": "同意",
        "buttonRefuse": "暂不同意",
        "second": {
          "title": "温馨提示",
          "message": "  进入应用前,你需先同意<a href=\"\">《服务协议》</a>和<a href=\"\">《隐私政策》</a>,否则将退出应用。",
          "buttonAccept": "同意并继续",
          "buttonRefuse": "退出应用",
        }
      }
    }
  • title The title on the template tooltip, the default is "Service Agreement and Privacy Policy"
  • message The content on the template prompt box, the richtext type string, supports nodes such as a/font/br, and clicking the a link will call the built-in page to open the link address in its href attribute.
    • HBuilderX3.2.5 and below the href attribute of a link only supports network addresses, starting with http: or https:, such as "https://www.dcloud.io/privacy.html"
    • The href attribute of HBuilder3.2.5 and above a link supports local address, relative to the application root directory, such as "static/privacy.html" Note: Be sure to configure this prompt content, refer to the above example content and modify the "Service Agreement" and "Privacy Policy" link address
  • buttonAccept The text of the accept button on the template tooltip, the default value is "Agree", **Note: The accept button is set to "I get it" and it will fail the review when it is listed in some app markets. **
  • buttonRefuse The text of the reject button on the template tooltip, this button is not displayed by default
  • second HBuilderX3.1.12+ version newly supports the second confirmation prompt of the privacy prompt box, which is used to configure the display content of the second confirmation prompt box. When the message attribute value is not empty, the second confirmation prompt box will pop up
  • title The title on the second confirmation prompt
  • message The content on the second confirmation prompt box, supports richtext type strings
  • buttonAccept the text of the accept button on the second confirmation prompt box
  • buttonRefuse the text of the reject button on the secondary confirmation prompt

Submit cloud package after configuration to take effect

Provides 5+ APIs to set/get status:

  • Get consent to privacy policy Reference specification: plus.runtime.isAgreePrivacy When the application starts, this API is called to check the status, and if the user does not agree, a custom privacy policy prompt box will pop up.
  if(!plus.runtime.isAgreePrivacy()){
    //Pop up a custom privacy policy prompt box
  }
  • Set to agree to the privacy policy Reference Specification: plus.runtime.agreePrivacy It is used in the custom privacy policy prompt interface. When the user clicks the "Agree" button, this API needs to be called to set the status
  • Set to disagree with privacy policy Reference: plus.runtime.disagreePrivacy It is used in the custom privacy policy prompt interface. When the user clicks the "Disagree" button, this API needs to be called to set the status.

Note: Before users agree to the privacy policy, do not call APIs that may pop up the system authorization box, such as location (plus.geolocation), recording (plus.audio.getRecorder), etc.

# No tooltip

When the value of the prompt attribute is set to none, it means that the privacy policy prompt box is not displayed. This mode can be used if not submitting to the app market.

# Offline packaging configuration method

HBuilderX3.2.1+ version adds androidPrivacy.json configuration privacy policy prompt box, the priority is higher than native environment configuration, HBuilderX3.2.1+ version recommends using androidPrivacy.json to replace the offline packaging configuration in this chapter


Configure the privacy provider mode in the AndroidManifest.xml applied in the native project, and add the meta-data node data under the application node, as follows:

<application>
<meta-data
            android:name="DCLOUD_PRIVACY_PROMPT"  android:value="template"/>
</application>

android:value can be "template", "none".

** When configuring the prompt box using the "template" template, you need to configure the prompt box content as follows** Configure the default language content in strings.xml in the res/values directory of the native project (this file must be configured in order to be compatible with user settings for clearing different languages). Chinese also needs to create the strings.xml file in the res/values-zh directory and configure the Chinese content.

# Template tooltip

Please add the following fields to the strings.xml of the native project to configure the content of the template prompt box.

<resources>
    <string name="dcloud_privacy_prompt_title">弹窗标题</string>
    <string name="dcloud_privacy_prompt_accept_button_text">接收按钮文字配置字段(不存在该字段,即使用默认内容“同意”)</string>
    <string name="dcloud_privacy_prompt_refuse_button_text">拒绝按钮文字配置字段(没有该字段或该字段内容为空,拒绝按钮不显示)</string>
    <string name="dcloud_privacy_prompt_message"><Data><![CDATA[弹窗内容,如果内容中有富文本,请将内容放入cdata下,如当前配置]]></Data></string>
</resources>

# Secondary confirmation prompt box

HBuilderX 3.1.12+ version adds support for the second confirmation function of the template privacy prompt box. When the user selects the "Reject" button when clicking the privacy template prompt box, and the dcloud_second_privacy_prompt_message configuration of the second confirmation prompt box is not empty, a second confirmation prompt box will pop up.

Please add the following fields to the strings.xml of the native project to configure the content of the secondary confirmation prompt box.

    <string name="dcloud_second_privacy_prompt_title">二级弹窗标题</string>
    <string name="dcloud_second_privacy_prompt_accept_button_text">接收按钮文字配置字段(不存在该字段,即使用默认内容“确定”)</string>
    <string name="dcloud_second_privacy_prompt_message"><![CDATA[协议内容]]></string>
    <string name="dcloud_second_privacy_prompt_refuse_button_text">拒绝按钮文字配置字段(没有该字段或该字段内容为空,拒绝按钮不显示)</string>

# globalization

HBuilderX3.2.12+ version androidPrivacy.json supports internationalization

  • uni-app项目 可参考page.json文件国际化方式处理,详见:uni-app项目 pages.json 国际化
  • 5+ App项目 The internationalization configuration in the form of uni-app is not supported. You can add Locales to the fields that need internationalization in the androidPrivacy.json file. The example is as follows:
{
    "prompt": "template",
    "buttonAccept" : "默认接受按钮文本"
}

Add buttonAcceptLocales to handle the internationalized text of buttonAccept, as follows

{
    "prompt": "template",
    "buttonAccept" : "默认接受按钮文本",
    "buttonAcceptLocales": {
        "en": "英文接受按钮文本",
        "zh-Hans":"中文简体接受按钮文本",
        "zh-Hant": "中文繁体接受按钮文本"
    }
}

# 隐私协议内容需要注意的问题

It is necessary to inform users in the "Privacy Policy" that your app is developed based on DCloud uni-app (5+ App/Wap2App), and add the following reference terms:

Our product is developed based on DCloud uni-app (5+ App/Wap2App), during the running of the application, you need to collect your device unique identification code (IMEI/android ID/DEVICE_ID/IDFA, SIM card IMSI information, OAID) to provide statistical analysis Service, and improve performance and user experience through application startup data and exception error log analysis, to provide users with better services.

In addition, the third-party SDK used needs to be supplemented in the privacy policy, refer to:

# uni-app integrates third-party SDK by default

Please refer to the document Privacy compliance clauses for each functional module of the Android platform

# uni native plugin

If the application uses the uni native plugin, you need to pay attention to the following points:

  • Please check the Privacy and Permission Statement in the plugin details page when using the plugin. (What sdk does the plugin use? What user information is obtained? All should be provided by the plugin author and filled in Privacy, Permission Statement)
  • Add the third-party SDK information used in the plugin to the user privacy agreement. For example, Baidu positioning is integrated. It is necessary to describe the integration of Baidu positioning SDK in the privacy agreement. Obtained xxx user information! Used for xxx.
  • If you find that the plug-in obtains user information but the plug-in details page does not provide a Privacy and Permission Statement, please contact the plug-in developer or feedback with us to supervise and supplement.

# Other

The "Privacy Policy" must be very clear and comprehensive (do not use vague and unclear words that may collect and understand user information) the purpose, method and scope of collecting users' personal information. If the application uses related functions such as "address book" and "SMS", please describe it according to the application business scenario.