Published on 10 Jan 2024
1. The Cyber Security Agency of Singapore (CSA) has today published a recommended standard that will help local app developers and providers enhance mobile app security. Billed the “Safe App Standard” (the “Standard”), it provides a common benchmark and guidance to local app developers and providers on the necessary security controls and best practices to better protect their applications, and in turn, their end-users, against common malware and phishing attempts1. Overall, the Standard will boost the security posture of mobile applications deployed in Singapore and enhance the protection of user data and app transactions.
2. According to CSA’s 2022 Cybersecurity Awareness Survey, over eight in 10 of 1,051 respondents reported installing utility applications such as banking, e-commerce and transportation applications on their mobile devices. With increasingly prevalent mobile app usage, many users could be exposed to potential risks such as monetary loss and unauthorised access to their confidential data.
3. The Safe App Standard will also be updated in view of the evolving risk landscape. The first version of the Standard published today is targeted at applications that perform high-risk transactions; defined as those that allow transactions with some or full access to users’ financial accounts, which when compromised, can possibly result in significant monetary losses. These transactions include changes to financial functions such as registration of third-party payee details and increase of fund transfer limit. The Standard focuses on four critical areas commonly targeted by threat actors. These are:
4. The Safe App Standard was developed by referencing established industry standards. These include the Open Web Application Security Project, the Payment Card Industry Data Security Standard and European Union Agency for Network and Information Security. The Standard was finalised after consultation with various organisations, including local government agencies, financial institutions, e-commerce companies, consultancy firms and technology companies.
5. Developers of applications created and hosted in Singapore are encouraged to adopt CSA’s recommended Standard in their app development. By doing so, developers can ensure that their applications are secure, and their users are protected. Members of public can thus benefit from more secure online transactions.
*** End ***
1 The Safe App Standard can be downloaded at here.
About the Cyber Security Agency of Singapore
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. For more news and information, please visit www.csa.gov.sg.
For media clarifications
Chen Jingxuan
Assistant Director, Communications and Engagement Office
Cyber Security Agency of Singapore
Email: chen_jingxuan@csa.gov.sg