App stores code of practice proposed to protect users from malicious apps

App stores across devices would be required to boost security standards to better protect consumers under proposed new rules.
The App Store on an Apple iPhone 6s (PA)
PA Archive
Martyn Landi4 May 2022

App stores on smartphones, games consoles, TVs and other devices could be asked to commit to a new code of practice setting out baseline security requirements, under new proposals put forward by the Government.

The Department for Digital, Culture, Media and Sport (DCMS) has asked for views from the tech sector on the plans.

They propose placing new security and privacy requirements on app developers as well as app stores, including compelling stores to have a vulnerability reporting process for every app and requiring more transparency from apps as to why they want access to personal information such as contact lists or a user’s location.

The plans come in response to a report from the National Cyber Security Centre (NCSC), which warns that personal data and finances are at risk because of fraudulent apps containing malicious software or poorly-developed apps which can be compromised by hackers.

DCMS said that despite the UK app market being worth £18.6 billion, there are few rules governing the security around the apps and the stores which host them – although all the major app stores do have their own terms of service and content rules.

“Apps on our smartphones and tablets have improved our lives immensely – making it easier to bank and shop online and stay connected with friends,” cyber security minister Julia Lopez said.

“But no app should put our money and data at risk. That’s why the Government is taking action to ensure app stores and developers raise their security standards and better protect UK consumers in the digital age.”

The NCSC said the proposed code of practice would help reduce the risk of malicious apps reaching consumers.

“Our devices and the apps that make them useful are increasingly essential to people and businesses and app stores have a responsibility to protect users and maintain their trust,” NCSC technical director Dr Ian Levy said.

“Our threat report shows there is more for app stores to do, with cybercriminals currently using weaknesses in app stores on all types of connected devices to cause harm.

“I support the proposed code of practice, which demonstrates the UK’s continued intent to fix systemic cybersecurity issues.”

DCMS said its call for views would be open until the end of June, with a response to the feedback then published later this year.

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in