The cybersecurity industry is being urged to submit feedback on UK government proposals to place new security requirements on app store operators and developers.
The consultation period for the plans ends at 11.45 pm BST on Wednesday, June 29, meaning industry experts have just days to submit their views before the government moves forward with the new code of practice.
The proposals were published last month to provide stronger security and privacy protections for app users. A report published in May by the National Cyber Security Centre (NCSC) found that people’s data and finances are at growing risk from apps: both fraudulent apps containing malicious malware created by cyber-criminals and poorly developed apps with vulnerabilities that hackers are exploiting.
Additionally, a government review of app stores launched in December 2020 found that some developers fail to follow best security practices when creating apps, while well-known app stores do not share clear security requirements with developers.
The new code of practice would place numerous new requirements on app store operators and developers. These include requiring app stores to have a vulnerability reporting process for each of their apps to ensure flaws can be found and fixed quicker. In addition, app developers and store operators would be obliged to share more security and privacy information in an accessible way, such as explaining why an app requires access to users’ contacts and location.
All app stores for smartphones, game consoles, TVs and other smart devices making apps available to UK users would be asked to commit to the new code of practice. This includes tech giants like Apple, Google, Amazon, Huawei, Microsoft and Samsung.
The government gave stakeholders eight weeks to submit feedback and views on the new code. Therefore, it is crucial that as many cybersecurity experts offer their insights as possible to ensure the government considers the industry’s perspective when finalizing the new rules.