Welcome to the latest revision of appsecuritymapping.com – a home for comparing application security requirements, recommendations and standards.

A visualised example of the mapping
Click on the paperclip or four line icons to access more information about the source document and provision information.

Our Approach
The process of identifying relevant standards and guidance documents commenced with DSIT providing a list of documents for review. Copper Horse then expanded the list by performing open-source research to extend the list of included documents. A quality assurance review was taken to assess if the standard or recommendation should be shortlisted for mapping. The shortlisting process also involved a review of websites whose primary security focus was mobile apps and app stores.
With a shortlist of research material, requirements were mapped against the eight principles from the UK Government’s Code of Practice for App Store Operators and App Developers. It must be noted that these mappings are based on Copper Horse’s own judgement and it’s possible that others may have a different view as to which principle a requirement may map against. The goal was to understand where there are commonalities and where there were areas with less coverage.
We recognise that other standards have been produced by BSI/ISO which can be accessed by the BSI website but these were out of scope as they require a user to purchase a licence, more info on this can be found on the FAQ page.
Updates
February 2026
Requirements are now mapped against the eight principles in the UK Government’s Code of Practice for App Store Operators and App Developers as opposed to the previously used 14 provisions created by Copper Horse. The previous set of mapping can be found in the Mapping Archive. The list of document mapped is as follows:
- Six new documets
- Eight updated documents
- One document unchanged
New documents mapped, see the new list of mapped documents here.
February 2023 release v2
New documents from the UK Government – Code of practice for app store operators and app developers and the European Telecommunications Standards Institute (ETSI) – TS 103 732 V1.1.1 Consumer Mobile Device Protection Profile along with updates to the National Information Assurance Partnership (NIAP) – Protection Profile for Application Software document from v1.2 to v1.3 and the Android Developers App security best practices documentation has added additional requirements since we last published in September 2021.
We are constantly monitoring the app security mapping landscape and will add any further candidate documents as they become available. Where possible we will remap data when new revisions are released.
