App stores on smartphones, games consoles, TVs and other devices could be asked to commit to a new code of practice setting out baseline security requirements, under new proposals put forward by the Government.
The Department for Digital, Culture, Media and Sport (DCMS) has asked for views from the tech sector on the plans.
They propose placing new security and privacy requirements on app developers as well as app stores, including compelling stores to have a vulnerability reporting process for every app and requiring more transparency from apps as to why they want access to personal information such as contact lists or a user’s location.
The plans come in response to a report from the National Cyber Security Centre (NCSC), which warns that personal data and finances are at risk because of fraudulent apps containing malicious software or poorly-developed apps which can be compromised by hackers.
DCMS said that despite the UK app market being worth £18.6 billion, there are few rules governing the security around the apps and the stores which host them – although all the major app stores do have their own terms of service and content rules.
“Apps on our smartphones and tablets have improved our lives immensely – making it easier to bank and shop online and stay connected with friends,” cyber security minister Julia Lopez said.
“But no app should put our money and data at risk. That’s why the Government is taking action to ensure app stores and developers raise their security standards and better protect UK consumers in the digital age.”
The NCSC said the proposed code of practice would help reduce the risk of malicious apps reaching consumers.
“Our devices and the apps that make them useful are increasingly essential to people and businesses and app stores have a responsibility to protect users and maintain their trust,” NCSC technical director Dr Ian Levy said.
“Our threat report shows there is more for app stores to do, with cybercriminals currently using weaknesses in app stores on all types of connected devices to cause harm.
“I support the proposed code of practice, which demonstrates the UK’s continued intent to fix systemic cybersecurity issues.”
DCMS said its call for views would be open until the end of June, with a response to the feedback then published later this year.