The Australian Communications Consumer Action Network (ACCAN) has urged the government to set stronger cybersecurity rules for app stores, arguing that voluntary codes fail to protect consumers.
In its submission to the Department of Home Affairs on the proposed Voluntary Code of Practice for App Store Operators and App Developers, ACCAN made it clear that consumer safety cannot be left to commercial incentives alone. The proposed code, based on a UK model, was described as inadequate for addressing the scale of risks Australians face online.
Currently, app store security protections are not keeping pace with the billions Australians spend in these marketplaces. In 2024, Australians spent an estimated $4.15 billion on in-app payments through Apple’s App Store and Google Play. Despite this, harmful and exploitative apps — from fleeceware to subscription traps — continue to appear.
According to ACCAN, operators like Apple and Google act as digital gatekeepers, controlling which apps are available but failing to prevent scams, theft of personal information, or manipulative design practices. As the ACCC’s Digital Platform Services Inquiry noted, this dominance leaves consumers with little influence over the risks they face.
Stronger, enforceable regulations are seen as essential. ACCAN’s recommendations include mandatory notice-and-action mechanisms for scam reporting, verification of app developers and advertisers, public reporting on mitigation efforts, and accessible internal dispute resolution processes. An independent ombuds scheme is also on the table to provide external redress.
Read more: ACCAN warns government could lose billions in spectrum license revenue
These measures, ACCAN argues, should work hand-in-hand with broader reforms to the Privacy Act 1988. Updating consent rules and redefining personal information would close loopholes that currently undermine consumer protection. Security and privacy, in this view, are inseparable goals.
The organisation also stressed that app store regulation should complement competition reforms being considered by Treasury. In markets dominated by just two global companies, cybersecurity should not be used as an excuse to stifle fair competition. Instead, interoperability, data portability, and fair treatment of compliant developers should go hand in hand with stronger security rules.
The debate is not limited to technical measures. Effective communication between app platforms, regulators, and the public will be vital. Transparency reports, clear user guidance, and accessible complaint channels will help build consumer confidence. In an age where social media amplifies both praise and criticism of digital services, public trust hinges on open, accountable communication.
For ACCAN, the message is simple: cybersecurity is not a niche technical concern but a public interest issue that affects privacy, safety, and the integrity of Australia’s digital economy. With the right framework, the country has an opportunity to lead globally in protecting consumers in the app marketplace.
