View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 9, 2022

Developers ignoring ‘best practice’ on mobile app security – Digital Minister

DCMS calls for developers and app stores to sign up to voluntary code of conduct to help protect consumers from malware.

By Claudia Glover

Some developers are ignoring best practices around mobile app security, leaving consumers at risk of cyberattack, the UK’s Digital Minister has said. Julia Lopez’s comments come as app stores and developers are being asked to sign up to a new voluntary code of conduct launched by the government to protect users from malware hidden in unsafe or malicious applications. 

The DCMS is releasing a code of conduct for mobile application stores. (Photo by Tada Images/Shutterstock)

The Department for Digital, Culture, Media and Sport (DCMS) has launched what it calls a “world-leading code of practice” for mobile application stores which it says will help stop hackers stealing vital data from smartphones.

In a report, also published today following a consultation on app security, Lopez said a review conducted by DCMS found “malicious and poorly developed apps continue to be accessible to users” of the most popular app stores – Apple’s App Store and Google Play. “Therefore it is evident that some developers are not following best practice when creating apps,” she added.

DCMS releases app store code of conduct

To combat this risk, the new DCMS code of conduct will require apps to have a process for security experts to report software vulnerabilities to developers, and ensure security updates are highlighted properly to users. Security and privacy information will also need to be clearly provided.

Lopez added the launch of the code of practice was designed to dovetail with other measures the government has taken to boost the UK’s cybersecurity, which have included new security measures for connected devices and networks and amendments to NIS regulations, which protect critical national infrastructure.

“We’ve already strengthened our laws to boost security in consumers’ digital devices and the telecoms networks they rely on,” she said. “Today we are taking steps to get app stores and developers to keep customers even safer in the online world”.

Paul Maddinson, director of national resilience and strategy, at the National Cyber Security Centre, said: “Our devices and the apps we rely on are increasingly essential to everyday life, and it’s important that developers and store operators take steps to protect users.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“By signing up to this code of practice, developers and operators can demonstrate how they are delivering security as standard, as well as protect users from malicious actors and vulnerable apps.”

The cybersecurity risks posed by mobile apps

Mobile apps are an increasingly popular way to deliver malware, and Tech Monitor recently reported on how the SharkBot banking trojan malware was being spread via fake updates to antivirus and cleaner apps.

There has been a 500% jump in mobile malware delivery attempts in Europe this year according to research from security company Proofpoint. Common techniques used by criminals include smishing, where victims receive phishing attempts via text, as well as malicious or unsafe application downloads.

Google Play is far more susceptible to infiltration by cybercriminals than the Apple App Store, the report says, because it takes a more open approach than its rival. The platform is currently open to multiple smaller app stores, which allows users to easily sideload apps from anywhere on the internet.

Read more: Apple and Google face CMA mobile browser probe

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.