cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

UK government reveals voluntary code of practice to boost app security

Following a period of industry consultation earlier this year, the UK government has outlined a new, voluntary code of practice governing the security and privacy of apps and app stores.

user icon David Hollingworth
Thu, 15 Dec 2022
UK government reveals voluntary code of practice to boost app security
expand image

The aim is to provide better outcomes for app users by requiring stakeholders — app developers and app store providers to proactively address malware applications, and to be more transparent when it comes to the data collected by an app, and how it is used.

The code of practice covers a range of devices, from smartphones to game consoles and smart TVs. Julia Lopez MP, Minister of State for Media, Data, and Digital Infrastructure, believes the code is about building trust.

“Consumers should be able to trust that their money and data is in safe hands when using apps and these measures will not only boost our digital economy but also protect people from fraud,” Lopez said in a release.


“We’ve already strengthened our laws to boost security in consumers’ digital devices and the telecoms networks we rely on. Today, we are taking steps to get app stores and developers to keep customers even safer in the online world.”

The code of practice, which can be found here, has eight core points:

  1. Ensure only apps that meet the code’s security and privacy baseline requirements are allowed on the app store.
  2. Ensure apps adhere to baseline security and privacy requirements.
  3. Implement a vulnerability disclosure process.
  4. Keep apps updated to protect users.
  5. Provide important security and privacy information to users in an accessible way.
  6. Provide security and privacy guidance to developers.
  7. Provide clear feedback to developers.
  8. Ensure appropriate steps are taken when a personal data breach arises.

The UK government plans to introduce the code of practice over a nine-month period of implementation, working with companies such as Amazon, Apple, Google, Microsoft, Epic Games, Nintendo, and Samsung. During this period, operators are expected to report back on the process — failure to do so will lead to further investigation and research by the UK government.

The UK is also hoping to promote the code with international partners, and that app store operators and developers will want to publicly affirm they are working within the code of practice.

The program is part of the UK’s wider National Cyber Strategy, which aims to increase the country’s cyber resilience and boost security standards in business.

“Our devices and the apps we rely on are increasingly essential to everyday life, and it’s important that developers and app store operators take steps to protect users,” said Paul Maddinson, NCSC Director of National Resilience and Strategy.

“By signing up to this code of practice, developers and operators can demonstrate how they are delivering security as standard, as well as protect users from malicious actors and vulnerable apps.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.