Insights Government publishes voluntary Code of Practice for app store operators and app developers

Contact

In May 2022, the Government launched a public consultation on app security and privacy interventions. The proposals included the introduction of baseline security and privacy requirements for app developers and app store operators via a voluntary Code of Practice.

The Government received 59 responses to the consultation. Most respondents supported all principles within the voluntary Code of Practice and the need for the Code. There was broad support for commencing work to explore how the Code could be put on a regulatory footing in the future. The Government says that it has taken on board respondents’ feedback to produce the updated Code and determine its next steps.

Under the code, app store operators and developers will need to:

  • share security and privacy information in a user-friendly way with consumers; examples include when an app is made unavailable on an app store, when an app was last updated and the locations where users’ data are stored and processed for each app;
  • allow their apps to work even if a user chooses to disable optional functionality and permissions, such as preventing the app accessing a microphone or knowing a user’s location;
  • have a robust and transparent app vetting process in place which ensures only apps which meet the code’s minimum security and privacy rules are published on their stores;
  • provide clear feedback to developers when an app is not published on their store for security or privacy reasons;
  • have a vulnerability disclosure process in place, such as a contact form, so software flaws can be reported and resolved without being made publicly known for malicious actors to exploit; and
  • ensure developers keep their apps up to date to reduce the number of security vulnerabilities in apps.

The Government says that it is collaborating with international partners to develop international support for the code and will explore the possibility of creating an international standard for apps and app stores. For a link to the new Code of Practice and for links to the outcome to the consultation and the Government’s response, as well as the Government’s press release, click here.