A new voluntary code of practice for app store operators and developers will ask them to boost security and privacy to better protect users, the Government has said.
The Department for Digital, Culture, Media, and Sport (DCMS) said the new measures would include requirements for those who sign up for it to have a reporting process for experts to flag issues and ensure security updates are properly highlighted to users, among other measures.
It said it would work with major firms including both Apple and Google – the two biggest app store operators – to support the implementation of the code over a nine-month period.
The rules are part of the Government’s National Cyber Strategy, a £2.6 billion scheme to boost the UK’s digital economy and cyber resilience.
Consumers should be able to trust that their money and data is in safe hands when using apps and these measures will not only boost our digital economy but also protect people from fraud— Cyber minister Julia Lopez
The Government said it was also exploring what current laws could be extended to cover apps and app stores, and whether regulation would be needed in order to mandate the code in the future.
“More people are using apps to pay bills, play games and stay in touch with loved ones, with so much of our day-to-day activities now online,” cyber minister Julia Lopez said.
“Consumers should be able to trust that their money and data is in safe hands when using apps and these measures will not only boost our digital economy but also protect people from fraud.
“We’ve already strengthened our laws to boost security in consumers’ digital devices and the telecoms networks we rely on. Today we are taking steps to get app stores and developers to keep customers even safer in the online world.”
Paul Maddinson, director of national resilience and strategy at the National Cyber Security Centre (NCSC), said: “Our devices and the apps we rely on are increasingly essential to everyday life, and it’s important that developers and store operators take steps to protect users.
“By signing up to this code of practice, developers and operators can demonstrate how they are delivering security as standard, as well as protect users from malicious actors and vulnerable apps.”