CSA releases updated ‘Safe App Standard’ version to enhance SG security posture

by

Azunta Gaviola

-

2 weeks ago

Get ready to explore the future of marketing and elevate your business! The ‘What’s NEXT in Marketing 2024-2025’ series is heading to Indonesia, Malaysia, the Philippines, Singapore, and Hong Kong. Don’t miss out!

Singapore – Aiming to strengthen the overall security posture of the country, the Cyber Security Agency of Singapore has recently released new guidelines to the ‘Safe App Standard 2.0’. This strategic move is an updated version of the January 2024 edition, which further protects app transactions and user data from mobile apps deployed in Singapore. 

As an upgraded version, SAS 2.0 specifically prioritises high-risk apps with transactions that could lead to significant financial losses. 

According to the agency, these high-risk transactions enable modifications to financial functions such as the registration of third-party payee information and the increase of fund transfer limits. 

It will also introduce four new key areas, including network communication, cryptography, code quality and exploit mitigations, and platform interactions. These enhancements are essential in providing app developers and owners with comprehensive guidelines to fortify the security of their mobile apps. 

Additions to the four key areas covered previously in the first version of the SAS also encompass (1) authentication, where multiple authentication factors, such as biometrics and cryptographic tokens, and securing user sessions are employed; (2) authorisation, where apps use permissions to manage user access to resources, features, and data, and users can grant the app permissions to use certain functions on their devices; (3) data storage that safeguards sensitive data in app servers and user devices against data theft; and lastly (4) anti-tampering and anti-reversing, where system controls prevent modifications to and the compromise of the app.

The new guidelines will also cover security controls in eight key areas to enhance mobile security. SAS 2.0, in particular, referenced established industry standards like those set by the Open Web Application Security Project, the European Union Agency for Network and Information Security, the Payment Card Industry Data Security Standard, and the National Institute of Standards and Technology.

This underwent further refinement after extensive consultations across a diverse range of stakeholders, including local government agencies, financial institutions, e-commerce companies, consultancy firms, cybersecurity firms, academic institutions, and technology companies. 

With the new guidelines, CSA strongly encourages developers of apps that are both developed and hosted in Singapore to adopt CSA’s SAS 2.0 in their app development. Adoption of this standard will fortify apps against common malware and phishing attacks.

 

Happening in Singapore on 19-20 February 2025, the ‘What’s NEXT in Marketing: Singapore 2025’ event presents an exceptional opportunity for marketers and industry leaders to talk about the future of marketing and drive success in the Singaporean market! Register now to secure your slot!
Discover the latest trends in business communication from over 473 billion interactions in Infobip‘s ‘Conversational experience trends 2024‘ report. Mobile messaging, chat apps, and social media lead in customer engagement. Download here for FREE!

 

Share

RECENT ARTICLES

JD.com to offer free shipping options in Malaysia, Thailand with recent market expansion
Blackpanda, CSA team up for Singapore’s cybersecurity emergency response, insurance
Singapore introduces ‘Global Finance and Technology Network’ to strengthen global financial connectivity
Singtel, Western Union sign conditional agreement sale of mobile wallet Dash
Retailers face increased fraud risks as cyber threats target e-commerce space: report
Ellipse 3

RELATED ARTICLES

1_Group IB assists in police operations across SEA targeting cybercriminals in Android RAT campaign_11zon
CSA_UpTech (1)_11zon
NTT and CSA_UpTech_11zon
Ellipse 3

FEATURED ARTICLES

Haris Izmee assumes leadership at Equinix as managing director for Indonesia (1)_11zon
Defence at the digital frontier Mimecast’s Stanley Hsu on building resilience against fraud, cyber risks in Singapore’s e-commerce scene
Tech in Focus How SUSE accelerates innovation, strengthens security across enterprise-grade products through open-source solutions_11zon (1)

Subscribe to UpTech Media Newsletter

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.