CSA Unveils Safe App Portal Pilot

The Cyber Security Agency of Singapore (CSA) has unveiled the “Safe App Portal” (“the Portal”) Pilot which will run for a period of six months. The Portal is an online tool that aims to provide clear and actionable safety and security insights on mobile apps. It is designed to help developers build more secure apps, strengthen the baseline security of mobile apps, and enhance public confidence in Singapore’s digital ecosystem. This was announced by Mr Tan Kiat How, Senior Minister of State for Digital Development and Information, at the Singapore International Cyber Week (SICW) 2025.

2.           Mobile apps are now integral to our daily lives, as they are used for banking, shopping and communication needs, among others. However, with the increasingly rapid deployment of mobile apps, cybercriminals are also exploiting security weaknesses in these apps to conduct phishing and malware attacks. Hence, it is necessary to improve app security to protect users from potential financial loss and privacy breaches.

3.           The Portal is designed for mobile app developers, particularly novice or independent developers, to identify and address security weaknesses early in the development process. It offers three core functions:

              a. App Scan – Developers can upload their mobile app package (e.g., APK file) or provide a download link (e.g. URL) to perform an automated safety and security scan.

              b. Safety Rating – Each scanned app receives a Safety Rating indicating its overall security posture, namely “Minimal Risks Found”, “Some Risks Found”, or “Excessive Risks Found”. This provides developers with a quick view of their app’s security posture.

              c. App Report – Each scan produces a detailed report covering three categories of security assessments. They are (a) indicators of malicious behaviour, (b) uncommon permission requests, and (c) code security issues. The report highlights the most critical risks within these three categories and provides recommendations to help developers remediate them effectively.

4. The Portal evaluates app safety and security risks in alignment with established industry standards, including those from the Open Web Application Security Project (OWASP), MITRE Corporation, and Android security guidelines. It has also been refined through consultations with a diverse range of stakeholders, including government agencies, financial institutions, e-commerce companies, technology firms, academic institutions, and mobile app development companies.

5. Following initial consultations with selected developers, the pilot phase will now make the Portal publicly available for the first time, allowing any developer to use the tool and provide feedback. CSA will continue collecting data on usability from this broader user base to guide refinements that better meet the needs of developers during its potential full rollout.

6. CSA encourages developers to tap on this Pilot in their app development and testing phases. Building security considerations from the start will reduce the apps’ likelihood of being compromised, reduces vulnerabilities, and raises the security hygiene levels. In addition, members of the public can be assured that they are downloading safer apps, thereby contributing to a more secure mobile ecosystem in Singapore.

7. The Safe App Portal Pilot can be accessed here.

*** End ***

About the Cyber Security Agency of Singapore

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes.

CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg.