Government proposes ‘world-first’ new security regime for app stores

Written by Sam Trendall on 9 May 2022 in News

Consultation launched on code of practice for Apple, Google and others – although adherence would be voluntarily

Credit: PxHere

The government has proposed the implementation of what it describes as first-of-its-kind security rules for app stores – although adherence would remain on a voluntary basis.

A consultation has been launched on plans to introduce a “robust set of interventions” to protect consumers from “malicious apps”, including those designed to defraud users and infect their devices with malware.

“The main intervention the government is proposing at this initial stage is a voluntary code of practice for all app store operators and developers,” said the Department for Digital, Culture, Media and Sport. “This is because we recognise that the most effective current way of protecting users at scale from malicious and insecure apps, and ensuring that developers improve their practices, is through app stores.”

The makers of the smartphone market’s two dominant operating systems, Apple and Google, would – voluntarily – be subject to the new code, as would the operators of all other app stores for mobile devices, televisions and games consoles, the government said. This will include Amazon, Microsoft, Huawei and Samsung.

The code they will potentially be asked to sign up to will set out “baseline security and privacy requirements”, and would also require signatories to implement a “vulnerability reporting process for each app so flaws can be found and fixed quicker”. 

Related content

Platforms will also be asked to provide more – and more accessible – information on “why an app needs access to users’ contacts and location”.

The proposals were announced in light of a new report from the National Cyber Security Centre that “identifies systemic vulnerabilities that have been used by attackers to exploit app stores”.

NCSC technical director Ian Levy said: “Our devices and the apps that make them useful are increasingly essential to people and businesses and app stores have a responsibility to protect users and maintain their trust. Our threat report shows there is more for app stores to do, with cybercriminals currently using weaknesses in app stores on all types of connected devices to cause harm. I support the proposed Code of Practice, which demonstrates the UK’s continued intent to fix systemic cybersecurity issues.”

The consultation process on the code of practice and other potential government interventions is open for responses until 11.45pm on 29 June.  All “stakeholders” in the app store sector are invited to participate, with DCMS especially keen to hear “from developers on the review and feedback processes they have encountered when creating apps on different app stores”.

Julia Lopez, minister for media, data and digital infrastructure, said: “Apps on our smartphones and tablets have improved our lives immensely – making it easier to bank and shop online and stay connected with friends. But no app should put our money and data at risk. That’s why the government is taking action to ensure app stores and developers raise their security standards and better protect UK consumers in the digital age.”


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

Government urged to update product safety standards for internet age
15 May 2023

Parliamentary committee laments pace of progress so far in changing rules

Interview: CDDO chief Lee Devlin on the ‘move from being disruptive to collaborative’
23 May 2023

In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...

HMRC launches £140m procurement to support comms digitisation
26 April 2023

Five-year contract will cover all incoming and outgoing messages and ambition to operate in ‘similar ways to leading private sector companies’

Government formally unveils annual independent cyber audits for all departments
24 April 2023

Ministerial announcement follows initial examinations of Home Office and business department earlier this year

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...