The UK government wants to increase its control over the App Store, Google Play, and other app stores. Newly proposed measures are aimed at increasing user privacy and security.
The proposals follow a review into the app store ecosystem conducted by the Department for Digital, Culture, Media and Sport (DCMS) from December 2020 to March 2022. The goal was to reduce the threat of “malicious and insecure apps to protect users whilst helping developers meet security and privacy best practice.”
Based on the review, the DCMS proposed a Code of Practice of App Store Operators and App Developers, which contains seven practical steps:
- Operators should approve and allow only legitimate apps on their stores, removing products that have been identified as malicious;
- Developers should create a “vulnerability disclosure process and policy,” while operators should have a special system to help users and researchers report vulnerabilities in apps;
- Developers should update their apps regularly to patch vulnerabilities and protect user privacy;
- App store operators should notify users when they remove the app, also informing them about the usage and storage of data, as well as the regularity of updates.
- Enterprise organizations should have an option to have their own private app stores, curated for their employees;
- Operators should set out security and privacy requirements for developers and their apps;
- Developers should be able to receive feedback from app store operators prior to the approval process, as well as get detailed feedback when the submission is rejected.
“[No] app should put our money and data at risk,” Cyber Security Minister Julia Lopez said in a statement on May 4. “That’s why the Government is taking action to ensure app stores and developers raise their security standards and better protect UK consumers in the digital age.”
The DCMS will now be collecting feedback from developers and app store operators until June 29.