The new report emphasizes that malware poses a threat to people’s data and money.
The National Cybersecurity Center found that hundreds of thousands of people may have been exposed to fraudulent programs containing malware created by cybercriminals, as well as poorly designed programs that could be compromised by hackers who exploit software vulnerabilities.
It says that while millions of people use apps every day for shopping, banking and video calling, there are a few rules governing the security of the technology or online stores where they are sold.
To provide better consumer protection, the government is launching a call for technology industry views regarding increased security and privacy requirements for firms operating in app stores and developers creating programs.
Under the new proposals, app stores for smartphones, game consoles, TVs and other smart devices could be asked to adopt a new code of practice that sets out basic security and privacy requirements. The government said it would be the first such measure in the world.
Developers and store operators who make the program available to users from the UK will be covered. This includes Apple, Google, Amazon, Huawei, Microsoft and Samsung.
The proposed code requires stores to have a vulnerability reporting process for each application so that bugs can be found and fixed faster. They will need an affordable way to share additional information about security and privacy, including why the program needs access to users ’contacts and locations.
Cybersecurity Minister Julia Lopez said: “Apps on our smartphones and tablets have greatly improved our lives by making banking and online shopping easier, and keeping in touch with friends.
“But no app should jeopardize our money and data. That’s why the government is taking steps to ensure that app stores and developers raise their security standards and better protect UK consumers in the digital age. ”
The NCSC report found that all types of app stores face similar cyber threats, and the most notable problem is malware: corrupted software that can steal data and money and mislead users.
For example, last year, some Android phone users downloaded apps that contained Triada and Escobar malware in various third-party app stores. This has led to cybercriminals remotely taking control of people’s phones and stealing their data and money by signing them up for premium subscription services without the person’s knowledge.
The NCSC report says the government’s proposed code of practice will have a positive impact and reduce the chances of malicious applications reaching consumers on a variety of devices.
NCSC CTO Ian Levy said: “Our tools and programs that make them useful are becoming increasingly important to people, and businesses and app stores are responsible for protecting users and maintaining their trust.
“Our threat report shows that app stores can do more, as cybercriminals are currently using vulnerabilities in app stores on all types of connected devices to do harm.
“I support the proposed Code of Practice, which demonstrates the UK’s continued intention to address systemic cybersecurity issues.”
The code follows a government review of app stores launched in December 2020, which found that some developers do not follow best practices in app development, while well-known app stores do not share clear security requirements with developers.