Credit: PxHere

The government has proposed the implementation of what it describes as first-of-its-kind security rules for app stores – although adherence would remain on a voluntary basis.

A consultation has been launched on plans to introduce a “robust set of interventions” to protect consumers from “malicious apps”, including those designed to defraud users and infect their devices with malware.

“The main intervention the government is proposing at this initial stage is a voluntary code of practice for all app store operators and developers,” said the Department for Digital, Culture, Media and Sport. “This is because we recognise that the most effective current way of protecting users at scale from malicious and insecure apps, and ensuring that developers improve their practices, is through app stores.”

The makers of the smartphone market’s two dominant operating systems, Apple and Google, would – voluntarily – be subject to the new code, as would the operators of all other app stores for mobile devices, televisions and games consoles, the government said. This will include Amazon, Microsoft, Huawei and Samsung.

The code they will potentially be asked to sign up to will set out “baseline security and privacy requirements”, and would also require signatories to implement a “vulnerability reporting process for each app so flaws can be found and fixed quicker”. 

Related content

• DCMS seeks leader for smart device security policy team
• Digital minister says government will pass law to make smart devices safer ‘as soon as we can’
• Labour MP: If a device is called ‘smart’ – don’t buy it

Platforms will also be asked to provide more – and more accessible – information on “why an app needs access to users’ contacts and location”.

The proposals were announced in light of a new report from the National Cyber Security Centre that “identifies systemic vulnerabilities that have been used by attackers to exploit app stores”.

NCSC technical director Ian Levy said: “Our devices and the apps that make them useful are increasingly essential to people and businesses and app stores have a responsibility to protect users and maintain their trust. Our threat report shows there is more for app stores to do, with cybercriminals currently using weaknesses in app stores on all types of connected devices to cause harm. I support the proposed Code of Practice, which demonstrates the UK’s continued intent to fix systemic cybersecurity issues.”

The consultation process on the code of practice and other potential government interventions is open for responses until 11.45pm on 29 June.  All “stakeholders” in the app store sector are invited to participate, with DCMS especially keen to hear “from developers on the review and feedback processes they have encountered when creating apps on different app stores”.

Julia Lopez, minister for media, data and digital infrastructure, said: “Apps on our smartphones and tablets have improved our lives immensely – making it easier to bank and shop online and stay connected with friends. But no app should put our money and data at risk. That’s why the government is taking action to ensure app stores and developers raise their security standards and better protect UK consumers in the digital age.”