Government proposes ‘world-first’ new security regime for app stores

Written by Sam Trendall on 9 May 2022 in News
News

Consultation launched on code of practice for Apple, Google and others – although adherence would be voluntarily

Credit: PxHere

The government has proposed the implementation of what it describes as first-of-its-kind security rules for app stores – although adherence would remain on a voluntary basis.

A consultation has been launched on plans to introduce a “robust set of interventions” to protect consumers from “malicious apps”, including those designed to defraud users and infect their devices with malware.

“The main intervention the government is proposing at this initial stage is a voluntary code of practice for all app store operators and developers,” said the Department for Digital, Culture, Media and Sport. “This is because we recognise that the most effective current way of protecting users at scale from malicious and insecure apps, and ensuring that developers improve their practices, is through app stores.”

The makers of the smartphone market’s two dominant operating systems, Apple and Google, would – voluntarily – be subject to the new code, as would the operators of all other app stores for mobile devices, televisions and games consoles, the government said. This will include Amazon, Microsoft, Huawei and Samsung.

The code they will potentially be asked to sign up to will set out “baseline security and privacy requirements”, and would also require signatories to implement a “vulnerability reporting process for each app so flaws can be found and fixed quicker”. 


Related content


Platforms will also be asked to provide more – and more accessible – information on “why an app needs access to users’ contacts and location”.

The proposals were announced in light of a new report from the National Cyber Security Centre that “identifies systemic vulnerabilities that have been used by attackers to exploit app stores”.

NCSC technical director Ian Levy said: “Our devices and the apps that make them useful are increasingly essential to people and businesses and app stores have a responsibility to protect users and maintain their trust. Our threat report shows there is more for app stores to do, with cybercriminals currently using weaknesses in app stores on all types of connected devices to cause harm. I support the proposed Code of Practice, which demonstrates the UK’s continued intent to fix systemic cybersecurity issues.”

The consultation process on the code of practice and other potential government interventions is open for responses until 11.45pm on 29 June.  All “stakeholders” in the app store sector are invited to participate, with DCMS especially keen to hear “from developers on the review and feedback processes they have encountered when creating apps on different app stores”.

Julia Lopez, minister for media, data and digital infrastructure, said: “Apps on our smartphones and tablets have improved our lives immensely – making it easier to bank and shop online and stay connected with friends. But no app should put our money and data at risk. That’s why the government is taking action to ensure app stores and developers raise their security standards and better protect UK consumers in the digital age.”

 

About the author

Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@dodsgroup.com.

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Calls to expand biometrics watchdog to commercial entities
17 February 2023

Scotland’s world-first regime needs to go further, critics have claimed

Braverman floats criminalisation of ‘highly encrypted devices’
25 January 2023

Government consults on proposals to create new offences to clamp down on technologies it believes are enabling serious crime

Government warned over need to protect the metaverse in Online Safety laws
17 March 2023

Campaigners warn that ‘virtual actions are not adequately addressed’ by existing law or pending legislation

Sunak promises to protect tech supply chains as part of £5bn defence boost
14 March 2023

PM announces increase in funding to tackle threats posed by China and Russia