The Government says that it is vital that apps are built to security and privacy best practice to protect the data and privacy of individuals and organisations. Accordingly, from December 2020 to March 2022, it conducted a review into the app store ecosystem. The review, published by the National Cyber Security Centre (NCSC), found that fraudulent apps containing malicious malware created by cyber criminals and poorly developed apps continue to be accessible to users, putting their data and money at risk. Therefore, it is evident that some developers are not following best practice when creating apps. All app stores share a common threat profile with malware contained within apps the most prevalent risk. Additionally, prominent app store operators are not adequately signposting app requirements to developers and providing detailed feedback if an app or update is rejected.

The main intervention the Government is proposing at this initial stage is a voluntary Code of Practice for all app store operators and developers. The Government says that it recognises that, currently, the most effective way of protecting users at scale from malicious and insecure apps, and ensuring that developers improve their practices, is through app stores. The call for views closes on 29 June 2022. To read the Government’s press release in full, click here. To access the NCSC review, click here. To access the call for views, click here.