Government seeks industry views on code of practice for app store operators and developers

The UK Government is seeking the views of organisations operating in the tech sector on proposals aimed at making apps safer and more secure for users.

A report published by the National Cyber Security Centre has revealed that malicious apps downloaded by hundreds of thousands of users have put people’s personal data and financial security at risk.

The report found the cyber threats to be broadly similar regardless of the kind of organisation providing the app, with the most prominent problem being malware – corrupted software that can steal data and money and mislead users.

The government has drawn up plans for a code of practice that would set minimum security and privacy requirements for app store operators and developers with the aim of better protecting users from hackers.

The code would apply to developers and store operators whose apps are made available to UK users, meaning big-name organisations including Apple, Google, Amazon, Huawei, Microsoft and Samsung would be covered.

Cyber security minister Julia Lopez said: “Apps on our smartphones and tablets have improved our lives immensely - making it easier to bank and shop online and stay connected with friends. But no app should put our money and data at risk.

“That’s why the government is taking action to ensure app stores and developers raise their security standards and better protect UK consumers in the digital age.”

Ian Levy, technical director at the National Cyber Security Centre, that as apps are becoming far more prominent in day-to-day life “there is more for app stores to do, with cyber criminals currently using weaknesses in app stores on all types of connected devices to cause harm”.

“I support the proposed Code of Practice, which demonstrates the UK’s continued intent to fix systemic cybersecurity issues,” he said.

The code follows a government review of app stores launched in December 2020 that found some developers are not following best practice in developing apps while well-known app stores do not share clear security requirements with developers.

App developers, app store operators and security and privacy experts are being encouraged to provide feedback to inform the government’s work in this area, with the call for view running until the end of June.

The consultation is available on the government’s website.