Docs Center Compliance Guide Developer Community
Jiguang Docs > JPush > Best Practice Guide > Handling privacy compliance issues
Jiguang Docs > JPush > Best Practice Guide > Handling privacy compliance issues

Privacy compliance handling

Last updated:2025-04-18
Privacy compliance handling

Main approach

    1. Update the SDK to the latest version.
    1. Reference the Jiguang Privacy Policy in your privacy terms.
    1. Add calls for compliance authorization APIs. See Privacy policy and compliance guide.

  • Requirements before enabling push

  • Before the user agrees to the privacy terms:

  • If the user has not agreed, you must call JCollectionAuth.setAuth(context, false) to tell the SDK not to enable push.

  • (JCore 5.0.4 and above no longer require calling setAuth(context, false), but you must ensure no SDK APIs are called before user consent.)

  • Do not call any Jiguang SDK APIs, including JPushInterface, JCoreInterface, JCollectionAuth, or vendor interfaces such as JPluginPlatformInterface. Huawei must not configure <meta-data android:name="push_kit_auto_init_enabled" android:value="true"/>.

  • After the user agrees to the privacy terms:

  • If the user has agreed or triggers consent, call JCollectionAuth.setAuth(context, true) to enable push.

  • If setAuth(context, false) was never called (e.g. on JCore 5.0.4+ without explicitly setting false), you do not need to call setAuth(context, true); the SDK handles authorization automatically.

Sample code:

// Change 1: call setAuth before enabling push boolean isPrivacyReady; // set based on whether privacy consent dialog was shown if(!isPrivacyReady){ // Versions before JCore 5.0.4 must explicitly set false if (JCoreInterface.getJCore SDKVersionInt() < 504) { // 5.0.4 = 504 JCollectionAuth.setAuth(context, false); } // Do not initialize SDK when unauthorized on any version return; } JPushInterface.init(); // Change 2: after user agrees to privacy policy and you enable push // JCore 5.0.4+ handles auth automatically; explicit true is optional JCollectionAuth.setAuth(context, true); 
          
// Change 1: call setAuth before enabling push
boolean isPrivacyReady; // set based on whether privacy consent dialog was shown
if(!isPrivacyReady){
    // Versions before JCore 5.0.4 must explicitly set false
 if (JCoreInterface.getJCore SDKVersionInt() < 504) { // 5.0.4 = 504
 JCollectionAuth.setAuth(context, false);
 }
 // Do not initialize SDK when unauthorized on any version
 return;
}
JPushInterface.init();
 

// Change 2: after user agrees to privacy policy and you enable push
// JCore 5.0.4+ handles auth automatically; explicit true is optional
JCollectionAuth.setAuth(context, true);
This code block is shown in the floating window

Privacy policy

Jiguang SDK privacy policy

After integrating the JPush SDK, normal operation collects necessary end-user information for message delivery. Disclose JPush SDK name, company name, personal information types and purposes, collection methods, and privacy policy links in your App privacy policy based on your integration.We recommend confirming the JPush SDK version and modules you use, determining data exchanged from the privacy policy and compliance guide, and disclosing JPush SDK information to users in text or list form in your App privacy policy.
See: JPush SDK privacy policy disclosure requirements and examples

Third-party SDK privacy policies

If you integrate vendor channels through the JPush SDK (Android), add vendor channel privacy policy disclosures in your Privacy Policy.
See: Third-party privacy policy disclosure reference

Common MIIT issue handling

MIIT issue type Detailed description Jiguang recommendation
Illegal collection of personal information Device MAC address read without user consent; privacy policy does not clearly state rules for MAC, installed app list, and IMEI collection 1. Ensure the privacy policy fully discloses personal information types, purposes, etc.

2. Ensure no APIs are called before user consent.

3. One-click login is essentially mobile number login and requires IMEI/IMSI; it is post-authorization behavior and does not affect privacy compliance.
- Privacy policy pre-checked by default at registration/login Use explicit user click to "agree" to the privacy policy
- No reject button when agreeing to privacy policy Add "Reject" or "Disagree" at the consent step
Excessive collection of personal information Location read every hour in background without notice or consent, not necessary for service 1. State collection purposes in the privacy policy.

2. If no reasonable use case, close related endpoints per MIIT requirements.
Improper use of personal information IMEI, IMSI, device MAC sent to third-party SDKs without notice or consent See Main approach
Frequent self-start and associated start Self-start and associated start without notice, consent, or reasonable scenario 1. Explain reasonable scenarios in the privacy policy (e.g. to improve delivery, we may enable associated start to keep the app active. To disable: Settings - Apps - App launch management - select your app - disable associated start).
2. Disable related start endpoints
Forced, frequent, excessive permissions Storage permission on first launch; app loops on denial Request permissions only when features are used, not on first launch
- "My" tab requests permissions with no related service Do not request permissions unrelated to services. If required, explain in the privacy policy
Forced personalized push Personalized push indicated but no opt-out or close mechanism Provide in-app options for users to disable personalized push
Was this document helpful?

Copyright 2011-2026, jiguang.cn, All Rights Reserved. 粤ICP备12056275号-13 Shenzhen Hexun Huagu Information Technology Co., Ltd.

Open in Docs Center