I have been researching online but I cannot find a clear statement. Is a US-based company allowed to publish apps on Huawei App Store or does the ban forbid it?
The following table describes whether the services of registration, identity verification, Merchant Service, Payment Service, and Account Service are supported in each country or region for enterprise developers. A check (√) indicates that the service is supported.
We can see that Huawei does not ban forbid on US-based company enterprise developers. US enterprises support account registration, which means they can release applications.
For details about the application release process and specifications, see:
Official website.
Creating an App.
Copyright Qualification Review Requirements.
Sure you can if you get Copyright Certificate in china. But how to do that ? Well probably best would be to pay some chinese company for that so they basically will have copyright registered on them, otherwise looks like not so easy, because of great bureaucratic wall of China.
This is good guide that actually explains it quickly:
Can I get a Software Copyright Certificate if I’m not a Chinese company?
Yes, the copyright owner can be a foreign company or legal person, but
you must submit the legal proof certified by the local Chinese
consulate or notarized by the local notary office.
So basically you can and cannot, means that you cannot on your own, you need someone from china to help you. I believe that was their intention to make it more difficult for foreigners and more profitable for china businesses. And also let's not forget number of other special rules you have to obey in terms of app user interface and functionality to be accepted on mainland China.
https://medium.com/huawei-developers/the-ultimate-guide-to-register-software-copyright-certificates-in-china-45571448fc9f
Related
Recently I've received this email from Facebook about one of my apps after Data Security Checkup:
In working to create a great Platform experience for everyone, we ask developers to ensure the apps they build comply with our Platform Terms and Developer Policies. Your app APPNAME (AppId: **************) doesn't comply with the following:
Platform Terms 6.a.i.1: You must always have in effect and maintain administrative, physical, and technical safeguards that do the following: Meet or exceed industry standards given the sensitivity of the Platform Data
Please make the requested changes by 2021-11-23 at 12:00 PST.
Platform Terms 6.a.i.1 follows to Developer Data Security Best Practices Page and looks like industry standard.
My app uses Facebook Login with only read permissions for public data, like Instagram posts and comments. No any publishing or management.
What exactly Facebook expecting from me as single developer to update in my app? I have vps on Digital Ocean with server management via Serverpilot with all latest security updates etc. My host protected with CloudFlare Business Plan. I've provided all this info already but receiving bot/automated messages like this and have no idea what to do next. Please help?!
I recently published the application to Huawei Appgallery. Outside China approved. But in mainland China it was rejected. they asked me to provide The Computer Software Copyright Certificate.
How to i have The Computer Software Copyright Certificate to provide huawei appgallery?
All email information Huawei Appgallery sent is as follows:
Dear developer,
Thank you for contacting us!!
Your app failed the review. The detailed description and modification suggestions are as follows:
Detailed description: Your app failed the review due to lack of qualification documents for AV entertainment-music apps.
Modification suggestion: The Computer Software Copyright Certificate or APP Electronic Copyright Certificate must be provided for the audio-visual entertainment-music category.
For details about the copyright qualification review requirements, see https://developer.huawei.com/consumer/en/doc/distribution/app/30215
Your app did not provide the qualifications needed in Mainland China, the publishing in Mainland China and other countries or regions you have chosen to publish has been affected.
For specific qualifications,
Please refer to: https://developer.huawei.com/consumer/en/doc/30215
[Description]: We found that there is no related privacy statement in your app. The publishing in Mainland China and other countries or regions you have chosen to publish has been affected until all the requirements above are met. For more information, please refer to the rule 7.1 of "AppGallery Review Guidelines": https://developer.huawei.com/consumer/en/doc/distribution/app/50104
[Suggestion]: Please provide related privacy statement in your app.
In China, Computer software copyright (SCC) refers to the exclusive rights enjoyed by software developers in accordance with the copyright laws and is used to prove and protect the copyright of your mobile app. On the one hand, it’s a necessary certificate for some categories of apps, because it can prove the ownership of the app to the Chinese app stores. On the other hand, it can prevent your code from plagiarizing or pirating and is an important proof of app infringement.
Where to apply for Software Copyright Certificate?
The State Copyright Administration is in charge of the registration of the certificate in China, you can apply for it on the website of China Protection Center of China (http://www.ccopyright.com.cn/). And the applicant may register the computer software copyright by yourself self or entrust an agency to register the copyright.
List the detailed process for obtaining Software Copyright Certificate
For individual registering, the process can be divided into five phases: Fill in the application form → submit the application documents → accept the application → examination → to obtain the registration certificate; If you have an agent to help you, just provide the materials directly to the institution, and they will handle the application for you.
What materials are required to register a Software Copyright Certificate?
The application documents for software copyright registration shall include:
Ø Application form for software copyright registration;
Ø Software identification materials;
Ø Identity certificate of the applicant;
Ø Identity certificate of the contact person;
Once you got that,You may upload it directly in console-App service-AppGallery Connect-my apps-select your app-version information-copyright information--upload certificates -resubmit your app for review.
For more detail about the Computer software copyright, please send an email to gochina#huawei.com.
And you can also refer this link to get The Complete Guide to Software Copyright Certificates in China.
It's not possible to release apps on mainland china for indie developer. It should be clearly stated that china blocks foreign software developers so we don't waste time on this.
I was asked by facebook to submit my app for an app review to get further access to some fields in their Graph API. I have done so and today I got a message from them:
The permissions and features review for (my app name) is complete.
Next, we'll verify your business. To do this, you may need to provide
documentation like a business license or utility bill.
The problem is that I have no company and therefore no documents to prove that I have one. I have created and launched this app as an individual and I just want access to few fields from their Graph API.
Please what should I do? I wanted to write them directly, but I haven't found something through what I can contact them.
New limitations
This is the new Facebook's policy. It looks like access to for example user_friends will be now limited to companies which can afford to implement advanced security systems.
Their requirements seem to be similar to the new European regulation - GPDR. These breaking changes are most likely caused by recent lawsuit related with Facebook & Cambridge Analytica and Mark Zuckerberg's promises during his testimony in Congress.
Facebook requires now to verify your business for some permissions:
If you don't pass app or business review, you will loose access to these APIs after August 1, 2018.
Influence on mobile applications
It's a really bad news for small applications, most likely it will kill Facebook integration.
They don't even provide any form to contact and discuss it, when you click on "support" you are forwarded to support page for Facebook Analytics.
If you have a small company and creating apps for fun, their terms are very demanding and could cause a huge problems for your business in the future. Therefore you should decide if it's worth to risk in exchange of displaying friends.
Interesting things about their requirements
When you start business verification process, it asks about company details, if you provide these, you will be asked to sign a contract with Facebook. I encourage to read carefully their terms, because they ask you to:
provide them from time to time upon a written request access to your books, records, agreements, services, facilities etc. which relate to user data in order to audit your security mechanisms and procedures,
cover review costs and expenses if they detect any noncompliance with their terms or security requirements.
Good luck to small apps...
References
Facebook Login Changelog - here you can check which permission requires app review, business verification and contract,
contract with Facebook is not published, you will receive it when you start a business verification,
short overview of Mark Zuckerberg's promises,
post on my blog with this answer,
from Facebook Login Changelog:
In order to help protect people's data, we're now requiring that an increased number of permissions go through the App Review process. For certain permissions, we are also requiring business verification and a contract between your business and Facebook. Businesses can be verified by providing forms of documentation including utility bills, business licenses, certificates of formation, articles of incorporation, tax ID numbers, and others. The contract introduces additional security requirements and other provisions around data.
August 6, 2019 - Update
Finally, the time has come. Permissions were supposed to stop working on August 1, 2018, but actually Facebook has given one extra year. Yesterday I received this e-mail:
As of September 4, 2019, MY_APP_NAME will no longer have access to the
following permissions or features:
user_friends
I was asked by facebook to submit my app for an app review to get further access to some fields in their Graph API. I have done so and today I got a message from them:
The permissions and features review for (my app name) is complete.
Next, we'll verify your business. To do this, you may need to provide
documentation like a business license or utility bill.
The problem is that I have no company and therefore no documents to prove that I have one. I have created and launched this app as an individual and I just want access to few fields from their Graph API.
Please what should I do? I wanted to write them directly, but I haven't found something through what I can contact them.
New limitations
This is the new Facebook's policy. It looks like access to for example user_friends will be now limited to companies which can afford to implement advanced security systems.
Their requirements seem to be similar to the new European regulation - GPDR. These breaking changes are most likely caused by recent lawsuit related with Facebook & Cambridge Analytica and Mark Zuckerberg's promises during his testimony in Congress.
Facebook requires now to verify your business for some permissions:
If you don't pass app or business review, you will loose access to these APIs after August 1, 2018.
Influence on mobile applications
It's a really bad news for small applications, most likely it will kill Facebook integration.
They don't even provide any form to contact and discuss it, when you click on "support" you are forwarded to support page for Facebook Analytics.
If you have a small company and creating apps for fun, their terms are very demanding and could cause a huge problems for your business in the future. Therefore you should decide if it's worth to risk in exchange of displaying friends.
Interesting things about their requirements
When you start business verification process, it asks about company details, if you provide these, you will be asked to sign a contract with Facebook. I encourage to read carefully their terms, because they ask you to:
provide them from time to time upon a written request access to your books, records, agreements, services, facilities etc. which relate to user data in order to audit your security mechanisms and procedures,
cover review costs and expenses if they detect any noncompliance with their terms or security requirements.
Good luck to small apps...
References
Facebook Login Changelog - here you can check which permission requires app review, business verification and contract,
contract with Facebook is not published, you will receive it when you start a business verification,
short overview of Mark Zuckerberg's promises,
post on my blog with this answer,
from Facebook Login Changelog:
In order to help protect people's data, we're now requiring that an increased number of permissions go through the App Review process. For certain permissions, we are also requiring business verification and a contract between your business and Facebook. Businesses can be verified by providing forms of documentation including utility bills, business licenses, certificates of formation, articles of incorporation, tax ID numbers, and others. The contract introduces additional security requirements and other provisions around data.
August 6, 2019 - Update
Finally, the time has come. Permissions were supposed to stop working on August 1, 2018, but actually Facebook has given one extra year. Yesterday I received this e-mail:
As of September 4, 2019, MY_APP_NAME will no longer have access to the
following permissions or features:
user_friends
A few days ago, I received the following email from address paypal#paypal.com and with subject "IMMEDIATE ATTENTION REQUIRED: PayPal service upgrades.".
I have reason to believe it is a phishing attempt. Please find my notes in the end and try to justify why I'm right or wrong.
The only part of the mail that I removed was my name in the third line.
PayPal service upgrades.
,
As we have previously communicated to you, PayPal is upgrading the
certificate for www.paypal.com to SHA-256. This endpoint is also used
by merchants using the Instant Payment Notification (IPN) product.
This upgrade is scheduled for 9/30/2015; however, we may need to
change this date on short notice to you to align to the industry
security standard.
You’re receiving this notification because you’ve been identified as a
merchant who has used IPN endpoints within the past year. If you have
not made the necessary changes, we urge you to do so right away to
avoid a disruption of your service!
Because these changes are technical in nature, we advise that you
consult with your individuals responsible for your PayPal integration.
They will be able to identify what, if any, changes are needed. Please
share this email and the hyperlinks below with your technical contact
for evaluation.
Testing in the Sandbox is one of the best ways to make sure your
integration works. Sandbox endpoints have been upgraded to accept
secure connections by the SHA-256 Certificates.
Full technical details can be found in our Merchant Security System
Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change
microsite contains a schedule of our service upgrade plan.
Thanks for your patience as we continue to improve our services.
Please do not reply to this email. We are unable to respond to
inquiries sent to this address. For immediate answers to your
questions, visit our Help Center by clicking "Help" on any PayPal
page. Copyright © 2014 PayPal. All rights reserved. PayPal (Europe)
S.á r.l. et Cie, S.C.A., Société en Commandite par Actions. Registered
office: 22-24 Boulevard Royal, L-2449, Luxembourg, R.C.S. Luxembourg B
118 349.
Here's why I think it's fake:
They just address the customer by name, no "Dear" etc.
Copyright 2014? strange...
The phrase "we may need to change this date on short notice to you to align to the industry security standard" has a minor mistake (IMO, although I'm not a native English speaker) and doesn't sound like a company's policy. Talking about maybe changing a date is not professional.
The subject... come on, caps?
The links are to a strange domain, the certificate of which is issued by a different company than paypal.com's. One serves a pdf.
I think it's a pretty elaborate phishing attempt, but it strikes me that in online discussions about it (dating back many months), representatives of various companies treat it as legit.
So, am I missing something?
Yes that is a Legitimate email from PayPal.
For additional details, see this recent Stack Question:
How can I tell if my paypal certificate is SHA-256?
The PayPal Merchant Technical Support Site has additional information on the Certificate Upgrade and how to test your server.
Also if you ever wonder if an email is from PayPal you can forward the email to Spoof#paypal.com or the new email Review#paypal.com.