Code of practice for app store operators and app developers
This code of practice sets out minimum security and privacy requirements for app store operators and app developers.
Documents
Details
13 October 2023: update
An updated version of the code of practice was published on 13 October 2023.
This is the latest version and should be used from now on by app store operators and app developers.
Applications (“apps”) are increasingly essential to everyday life and work. Apps are primarily accessed via app stores across a range of devices, including desktops, smartphones, smart TVs, games consoles, smart speakers and wearables. The UK government has investigated the app ecosystem and found a range of threats relating to malicious and poorly developed apps.
The government’s intention is to ensure consumers are protected from online threats by taking forward a robust set of interventions which are proportionate, pro-innovation and future-facing.
Following a public consultation, the government has developed this updated code of practice for all app store operators and app developers.
The code sets out the minimum security and privacy requirements which should be followed by app store operators and app developers. The government strongly believes this code will help protect users from malicious and poorly developed apps.
For more information, please see:
- the press notice from the launch of the original version of the code of practice
- the government’s response to the call for views
- the written ministerial statement to Parliament.
To view all documents relating to app security and privacy, please visit the app security and privacy collection page.
This work is part of the government’s £2.6 billion National Cyber Strategy which is helping to protect and promote the UK digital economy. A key part of this is improving cyber resilience across the economy and making sure the technology we use every day at home and at work is secure.
Updates to this page
Published 9 December 2022Last updated 24 October 2023 + show all updates
-
To accommodate implementation of the updated Code, we have extended the implementation period. We have made it clear that the implementation period has been extended by nine months to June 2024. Other minor typos have also been corrected.
-
An updated version of the Code of Practice has been added to this page. This is the latest version.
-
First published.