Code of practice for app store operators and app developers

App Store Operators and App Developers listing apps on them should have a VDP (contact details/contact form); App Store Operators should verify that App Developers abide by these practices; App Store Operators should accept vulnerability disclosure reports on behalf of App Developers if they have not acknowledged the vulnerability - if the App Developer still fails to acknowledge the vulnerability, the App Store Operator should delist the app from its platform.