The UK government has thrown down the gauntlet to app store operators and developers, requesting they sign up to a voluntary code of conduct designed to enhance user security and privacy.
In what it described as a “world-first” today, the Department for Digital, Culture, Media and Sport (DCMS) said the rules would help to reduce consumers’ exposure to malicious and bug-ridden apps.
The code will stipulate that app store operators and/or developers:
Share security and privacy information in a user-friendly way with consumers, such as where user data is stored and when the app was last updated Allow their apps to work even if a user chooses to disable optional functionality and permissions, such as location tracking Have a “robust and transparent” vetting process to ensure only apps that meet a minimum security and privacy baseline are published Provide clear feedback to developers when an app is not published on their store for security or privacy reasons Have a vulnerability disclosure process, such as a contact form Ensure developers keep their apps up to date to reduce the number of vulnerabilities
The government acknowledged that many app store operators and developers already adhere to many of these rules. However, it will also look at where current laws may need to be tweaked and/or where regulation is needed to improve security in the industry.
Over the coming nine months, the DCMS will work with companies such as Apple, Google, Amazon, Huawei, Microsoft, LG, Epic Games, Nintendo, Valve, Sony and Samsung