Safe App Standard 2.0

Published on 15 Oct 2024

The Safe App Standard 2.0 (SAS 2.0) is an updated version of the first SAS published in January 2024. SAS 2.0 is a recommended standard for mobile applications (apps), aimed at establishing a common benchmark for local app developers and owners by providing comprehensive guidance on implementing essential security controls and best practices.

Developed by the Cyber Security Agency of Singapore (CSA), SAS 2.0 was refined and finalised following extensive consultations with a diverse range of stakeholders, such as local government agencies, financial institutions, e-commerce companies, consultancy firms, cybersecurity firms, academic institutions, and technology companies. 

The primary focus of SAS 2.0 is to safeguard high-risk apps with transactions that could result in significant financial losses. These high-risk transactions allow for modifications to financial functions, including the registration of third-party payee information and increase of fund transfer limits. By adopting these controls outlines in SAS 2.0, developers can better protect app transactions and user data, ultimately strengthening the overall security posture of mobile apps deployed in Singapore.

SAS 2.0 covers the following eight cybersecurity areas:

  • Authentication
  • Authorisation
  • Data-Storage (Data-at-rest),
  • Anti-Tampering & Anti-Reversing,
  • Network Communication (Data-in-transit),
  • Cryptography,
  • Code Quality & Exploit Mitigations, and
  • Platform Interactions.

Developers of apps that are both developed and hosted in Singapore are strongly encouraged to adopt CSA’s SAS 2.0 in their app development. Adoption of this standard will fortify apps against common malware and phishing attacks. Consequently, this leads to a more secure environment for online financial transactions, which will instil greater confidence in app transactions among members of the public.