CSA issues Safe Standard App to provide guidance on enhancing security of mobile applications

30 January 2024

On 10 January 2024, the Cyber Security Agency of Singapore (“CSA”) published the Safe Standard App (“SSA”). Developers of applications (“apps”) created and hosted in Singapore are encouraged to adopt CSA’s recommended SSA in their app development.

Developed by CSA in consultation with industry partners from financial institutions, tech organisations, consultancy firms, and government agencies, the SSA is a recommended standard for mobile apps, providing a baseline of security controls for mobile app developers and providers to follow.

The recommendations and suggestions set out in the SSA aim to assist developers in mitigating against a broad spectrum of cybersecurity threats and protect their apps from the latest mobile scams and mobile malware exploits. With increasingly prevalent mobile app usage, many users could be exposed to potential risks such as monetary loss and unauthorised access to their confidential data. The SSA is targeted at apps that perform high-risk transactions, defined as those that allow transactions with some or full access to users’ financial accounts which, when compromised, can possibly result in significant monetary losses. Such transactions include changes to financial functions such as registration of third-party payee details and increase of fund transfer limit.

Currently, the SSA focuses on four critical areas commonly targeted by threat actors: authentication, authorisation, data storage (data-at-rest), and anti-tampering and anti-reversing. The SSA will be updated in view of the evolving risk landscape. Future iterations will see the SSA expand to address security best practices and guidelines for the entire mobile app stack.

Reference materials

The following materials are available on the CSA website www.csa.gov.sg:

• CSA press release
• Publication - Safe App Standard
• Infographic - Safe App Standard

There is a dedicated webpage on the SSA within the CSA website.