The government will ask app developers to sign up to a voluntary code of practice aimed at improving privacy and security for users.
Measures in the code of practice include sufficiently highlighting app security updates, providing privacy and security information to users clearly, and creating channels for security experts to report vulnerabilities.
For the next nine months, the government will work with app companies such as Google, Apple, Amazon, Microsoft and Samsung to encourage the adoption of the app rules.
It follows months of consultation with industry experts to establish an app code of practice.
“We’ve already strengthened our laws to boost security in consumers’ digital devices and the telecoms networks we rely on. Today we are taking steps to get app stores and developers to keep customers even safer in the online world,” said Julia Lopez, cyber minister.
App developers signing up to the government rules will agree to share security and privacy in a “user-friendly way”. Apps must still work even if optional permissions are not accepted, while app stores must have a security screening process.
While the app code is currently voluntary, the Department for Digital, Culture, Media and Sport (DCMS) is reviewing whether to extend current laws to the app space and whether regulation is needed to make the rules mandatory.
Paul Maddinson, NCSC director of national resilience and strategy, said: “By signing up to this code of practice, developers and operators can demonstrate how they are delivering security as standard, as well as protect users from malicious actors and vulnerable apps.”
Jake Moore, global cybersecurity advisor at ESET, said: “This is a huge step forward and will hopefully bring many apps in line with what is expected of them to make consumers and their data better protected. Proper vulnerability disclosure reporting will help with problems that inevitably arise and ensuring updates will help many apps which tend to get forgotten about when exploits are located.”