The UK’s Department for Digital, Culture, Media & Sport has published voluntary security guidelines for app store operators and app developers. The voluntary code of practice offers eight principles: Ensure only apps that meet the code’s security and privacy baseline requirements are allowed on the app store; Ensure apps adhere to baseline security and privacy requirements; Implement a vulnerability disclosure process; Keep apps updated to protect users; Provide important security and privacy information to users in an accessible way; Provide security and privacy guidance to Developers; Provide clear feedback to developers; and Ensure appropriate steps are taken when a personal data breach arises.
- A good next step is using those same voluntary practices as evaluation criteria before acquiring software or cloud services.
- If you’re wondering where to get started providing guidance to your team developing mobile apps, this is good guidance. Note that these coding standards are also mapped to UK data protection laws, as well as provide guidance for enterprise app stores and will be updated in the future as risks change. Make sure that your guidance has similar mappings and is kept updated.
Read more in