Safe App Standard

Published on 10 Jan 2024

The Safe App Standard (The Standard) is a recommended standard for mobile applications (apps), developed by the Cyber Security Agency of Singapore (CSA), in consultation with the industry partners from financial institutions, tech organisations, consultancy firms and government agencies.

The Standard provides a common benchmark and guidance to local app developers and providers on the necessary security controls and best practices to better protect their applications, and in turn, their end-users, against common malware and phishing attempts. Overall, the Standard will boost the security posture of mobile apps deployed in Singapore and enhance the protection of user data and app transactions. 

The Standard will also be updated in view of the evolving risk landscape. The first version of the Standard is targeted at apps that perform high-risk transactions; defined as those that allow transactions with some or full access to users’ financial accounts, which when compromised, can possibly result in significant monetary losses. These transactions include changes to financial functions such as registration of third-party payee details and increase of fund transfer limit. The Standard focuses on four critical areas commonly targeted by threat actors. These are: 

  • Authentication
  • Authorisation
  • Data-Storage (Data-at-rest), and
  • Anti-Tampering & Anti-Reversing
Developers of applications created and hosted in Singapore are encouraged to adopt CSA’s recommended Standard in their app development. By doing so, developers can ensure that their applications are secure, and their users are protected. Members of public can thus benefit from more secure online transactions.