The UK to establish security and privacy code for app stores and developers

The UK government has published new proposals to establish a security and privacy code for app store operators and developers building apps for smartphones, game consoles, TVs, and other smart devices available to UK users.

 

The first such measure enacted globally by a government, the proposed code will require app stores to have a vulnerability reporting process for each of their apps to ensure flaws can be found and fixed quicker, the Department for Digital, Culture, Media, and Sport said in a statement on Wednesday.

 

Furthermore, app developers and store owners would be required to share more security and privacy information in an easily accessible manner, such as explaining why an app needs access to a user’s contacts and location.

 

The guidelines would affect developers and store operators, including tech giants Apple, Google, Amazon, Huawei, Microsoft, and Samsung. Until June 29, 2022, the government is seeking input from businesses and experts on the new security and privacy requirements. The government will consider the comments and respond later this year.

 

According to UK Cyber Security Minister Julia Lopez, Apps on smartphones and tablets have greatly improved people’s lives by making it easier to bank, shop online, and stay in touch with friends. However, no app should put money or data at risk. The government is taking steps to ensure that app stores and developers raise their security standards to better protect UK consumers in the digital age.

 

According to a report published by the National Cyber Security Centre (NCSC), people’s data and finances are increasingly at risk from apps containing malicious malware created by cyber-criminals and poorly developed apps with vulnerabilities that hackers exploit. Furthermore, according to a government review of app stores released in December 2020, some developers fail to follow best security practices when developing apps, and well-known app stores do not share clear security requirements with developers.