Governance and legislation

Prior to 2022, apps were unregulated and not required to meet any standards (Ford et al., 2022). In 2022, the UK government developed a Voluntary Code of Practice (UK government, 2022) for app developers and app stores containing eight principles to ensure the safety of app users. The Voluntary Code of Practice forms part of the UK’s National Cyber Strategy (2022) and states that app developers must ensure that the security of users is prioritised when it comes to malicious apps and that security and privacy information is clearly communicated and accessible (UK government, 2022). Apps are available to download from official app stores like the Apple Store and Google Play, which serve as ‘centralised and trusted locations’ (UK Government, 2022). App store developers are required to ensure that apps are vetted and that they have appropriate levels of security and privacy in place. In terms of legal compliance, app developers must comply with General Data Protection Regulation (GDPR) regulations as per the Data Protection Act 2018. This is a set of EU rules to ensure data protection and privacy for users. Under the Voluntary Code of Practice (UK Government, 2022), apps developers need to share security and privacy information in a user-friendly and transparent way, and users should be able to disable certain access permissions.