Government proposes ‘world-first’ new security regime for app stores

Written by Sam Trendall on 9 May 2022 in News
News

Consultation launched on code of practice for Apple, Google and others – although adherence would be voluntarily

Credit: PxHere

The government has proposed the implementation of what it describes as first-of-its-kind security rules for app stores – although adherence would remain on a voluntary basis.

A consultation has been launched on plans to introduce a “robust set of interventions” to protect consumers from “malicious apps”, including those designed to defraud users and infect their devices with malware.

“The main intervention the government is proposing at this initial stage is a voluntary code of practice for all app store operators and developers,” said the Department for Digital, Culture, Media and Sport. “This is because we recognise that the most effective current way of protecting users at scale from malicious and insecure apps, and ensuring that developers improve their practices, is through app stores.”

The makers of the smartphone market’s two dominant operating systems, Apple and Google, would – voluntarily – be subject to the new code, as would the operators of all other app stores for mobile devices, televisions and games consoles, the government said. This will include Amazon, Microsoft, Huawei and Samsung.

The code they will potentially be asked to sign up to will set out “baseline security and privacy requirements”, and would also require signatories to implement a “vulnerability reporting process for each app so flaws can be found and fixed quicker”. 


Related content


Platforms will also be asked to provide more – and more accessible – information on “why an app needs access to users’ contacts and location”.

The proposals were announced in light of a new report from the National Cyber Security Centre that “identifies systemic vulnerabilities that have been used by attackers to exploit app stores”.

NCSC technical director Ian Levy said: “Our devices and the apps that make them useful are increasingly essential to people and businesses and app stores have a responsibility to protect users and maintain their trust. Our threat report shows there is more for app stores to do, with cybercriminals currently using weaknesses in app stores on all types of connected devices to cause harm. I support the proposed Code of Practice, which demonstrates the UK’s continued intent to fix systemic cybersecurity issues.”

The consultation process on the code of practice and other potential government interventions is open for responses until 11.45pm on 29 June.  All “stakeholders” in the app store sector are invited to participate, with DCMS especially keen to hear “from developers on the review and feedback processes they have encountered when creating apps on different app stores”.

Julia Lopez, minister for media, data and digital infrastructure, said: “Apps on our smartphones and tablets have improved our lives immensely – making it easier to bank and shop online and stay connected with friends. But no app should put our money and data at risk. That’s why the government is taking action to ensure app stores and developers raise their security standards and better protect UK consumers in the digital age.”

 

About the author

Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@dodsgroup.com.

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

MPs offer Elon Musk opportunity to ‘address critiques in public’
11 May 2022

Billionaire invited to appear before parliamentary committee

Ransomware: Cabinet minister sounds alarm over ‘greatest cyberthreat to the UK’
16 May 2022

Steve Barclay urges greater reporting of attacks

Minister: ‘Exact alignment to EU law is not a requirement for data adequacy’
19 April 2022

Treasury faces parliamentary questions about potential risks of planned regulatory reforms

Sunak asks Royal Mint to create government-backed NFT
8 April 2022

Chancellor also unveils plans to regulate so-called stablecoins, but critics accuse under-fire minister of ‘poorly judged gimmick’