Share this article on:
Following a period of industry consultation earlier this year, the UK government has outlined a new, voluntary code of practice governing the security and privacy of apps and app stores.
The aim is to provide better outcomes for app users by requiring stakeholders — app developers and app store providers — to proactively address malware applications, and to be more transparent when it comes to the data collected by an app, and how it is used.
The code of practice covers a range of devices, from smartphones to game consoles and smart TVs. Julia Lopez MP, Minister of State for Media, Data, and Digital Infrastructure, believes the code is about building trust.
“Consumers should be able to trust that their money and data is in safe hands when using apps and these measures will not only boost our digital economy but also protect people from fraud,” Lopez said in a release.
“We’ve already strengthened our laws to boost security in consumers’ digital devices and the telecoms networks we rely on. Today, we are taking steps to get app stores and developers to keep customers even safer in the online world.”
The code of practice, which can be found here, has eight core points:
The UK government plans to introduce the code of practice over a nine-month period of implementation, working with companies such as Amazon, Apple, Google, Microsoft, Epic Games, Nintendo, and Samsung. During this period, operators are expected to report back on the process — failure to do so will lead to further investigation and research by the UK government.
The UK is also hoping to promote the code with international partners, and that app store operators and developers will want to publicly affirm they are working within the code of practice.
The program is part of the UK’s wider National Cyber Strategy, which aims to increase the country’s cyber resilience and boost security standards in business.
“Our devices and the apps we rely on are increasingly essential to everyday life, and it’s important that developers and app store operators take steps to protect users,” said Paul Maddinson, NCSC Director of National Resilience and Strategy.
“By signing up to this code of practice, developers and operators can demonstrate how they are delivering security as standard, as well as protect users from malicious actors and vulnerable apps.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.