UK government proposes new code of practice to enhance app security and privacy

UK government seeks to implement a new code of practice around app security and privacy as malicious and poorly developed apps threaten the security of organisations and users.

mobile banking / online banking / FinTech / financial network / finance app
ipopba / Getty Images

The UK government is calling for input from the technology sector on enhancing security and privacy requirements for app stores and app development. The consultation period will run until June 19, 2022, and comes as a new report from the UK’s National Cyber Security Centre (NCSC) revealed that apps containing malicious malware or those that have been poorly developed are putting users at significant risk. The UK government therefore aims to establish a new code of practice which will set out baseline security and privacy requirements for apps, which it said forms part of its National Cyber Strategy to ensure UK citizens are more secure online.

UK government proposes new code of practice for app security

Under new proposals, app stores for smartphones, game consoles, TVs and other smart devices could be asked to commit to a new code of practice to boost app security and privacy standards, which would be the first such measure in the world, stated a press release on the UK government’s website. “The proposed code would require stores to have a vulnerability reporting process for each app so flaws can be found and fixed quicker. They would need to share more security and privacy information in an accessible way including why an app needs access to users’ contacts and location,” it added.

The government has encouraged stakeholders to provide their views on the proposed interventions, including the content of the proposed code and whether additional proposals should be taken forward. The government said it would also welcome views, particularly from developers, on the review and feedback processes they have encountered when creating apps on different app stores, along with data which illustrates the financial and wider impact of implementing the code of practice. The feedback will inform UK government policy and its next steps, which it will share later in the year.

Commenting, Cybersecurity Minister Julia Lopez said, “Apps on our smartphones and tablets have improved our lives immensely – making it easier to bank and shop online and stay connected with friends. But no app should put our money and data at risk. That’s why the government is taking action to ensure app stores and developers raise their security standards and better protect UK consumers in the digital age.”

Cybercriminals target insecure app vetting processes with malware

A new report published by the NCSC has illustrated how cybercriminals and other attackers target weaknesses within the app vetting processes to infect users with malware for either financial or privacy impacting outcomes. “While all app stores share the same threat profile, mobile app stores are the most commonly targeted due to the sheer number of smartphone users, and the wealth of data stored on modern smartphones,” the report read. “Users of third-party mobile app stores are particularly vulnerable, due to their lack of robust vetting processes,” it added.

A tough code of practice could be key in reducing the likelihood of malicious apps getting through vetting processes, the report continued. NCSC Technical Director Ian Levy commented that app stores have a responsibility to protect users and maintain trust. “Our threat report shows there is more for app stores to do, with cybercriminals currently using weaknesses in app stores on all types of connected devices to cause harm. I support the proposed code of practice, which demonstrates the UK’s continued intent to fix systemic cybersecurity issues.”

Copyright © 2022 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022