Skip to main content

App Security and Privacy Code of Practice: Response to Call for Views

Volume 724: debated on Friday 9 December 2022

I am pleased to inform the House that the Government have published two documents titled “Code of Practice for App Store Operators and App Developers” and “Call for Views Response on App Security and Privacy Interventions”. This follows on from a call for views held between 4 May and 29 June 2022 where we sought feedback on our proposed interventions to protect users’ security and privacy from malicious and poorly developed apps.

We are publishing a world-first voluntary code of practice that sets minimum security and privacy requirements for app store operators and app developers. Given that people's lives are dependent on apps to use services, such as online banking, health and entertainment services, this code is essential as malicious and poorly designed apps continue to be accessible to users on app stores which can result in the loss of personal data, money and access to devices. This work will help deliver an objective within the national cyber strategy to reduce the cyber risk at source by ensuring that app stores—and app developers—follow better levels of cyber security.

This code will improve the security and privacy practices of both developers and operators and therefore ensure that apps are more suitably built. The code, and the eight principles within it, have been informed by feedback from operators, developers and security experts following the call for views, and received support from a vast majority of respondents. It has been thoroughly tested to ensure it strikes an appropriate balance in protecting users whilst also not overly burdening operators and developers. Furthermore, the code will ensure that more information about an app’s data practices is conveyed to users so they can make informed decisions when deciding whether to download an app.

Given the global nature of cyber security issues and digital markets, we plan to prioritise creating international alignment on the code’s security and privacy requirements. We will do this by engaging with international counterparts to promote the need for the requirements, particularly in the context of future competition regulation, and explore the viability of creating an international standard based on the code.

I will place a copy of both the “Code of Practice for App Store Operators and App Developers” and “Call for Views Response on App Security and Privacy Interventions” in the Libraries of both Houses.