CSA releases updated ‘Safe App Standard’ version to enhance SG security posture

by

Azunta Gaviola

-

1 month ago

Get ready to explore the future of marketing and elevate your business! The ‘What’s NEXT in Marketing 2024-2025’ series is heading to Indonesia, Malaysia, the Philippines, Singapore, and Hong Kong. Don’t miss out!

Singapore – Aiming to strengthen the overall security posture of the country, the Cyber Security Agency of Singapore has recently released new guidelines to the ‘Safe App Standard 2.0’. This strategic move is an updated version of the January 2024 edition, which further protects app transactions and user data from mobile apps deployed in Singapore. 

As an upgraded version, SAS 2.0 specifically prioritises high-risk apps with transactions that could lead to significant financial losses. 

According to the agency, these high-risk transactions enable modifications to financial functions such as the registration of third-party payee information and the increase of fund transfer limits. 

It will also introduce four new key areas, including network communication, cryptography, code quality and exploit mitigations, and platform interactions. These enhancements are essential in providing app developers and owners with comprehensive guidelines to fortify the security of their mobile apps. 

Additions to the four key areas covered previously in the first version of the SAS also encompass (1) authentication, where multiple authentication factors, such as biometrics and cryptographic tokens, and securing user sessions are employed; (2) authorisation, where apps use permissions to manage user access to resources, features, and data, and users can grant the app permissions to use certain functions on their devices; (3) data storage that safeguards sensitive data in app servers and user devices against data theft; and lastly (4) anti-tampering and anti-reversing, where system controls prevent modifications to and the compromise of the app.

The new guidelines will also cover security controls in eight key areas to enhance mobile security. SAS 2.0, in particular, referenced established industry standards like those set by the Open Web Application Security Project, the European Union Agency for Network and Information Security, the Payment Card Industry Data Security Standard, and the National Institute of Standards and Technology.

This underwent further refinement after extensive consultations across a diverse range of stakeholders, including local government agencies, financial institutions, e-commerce companies, consultancy firms, cybersecurity firms, academic institutions, and technology companies. 

With the new guidelines, CSA strongly encourages developers of apps that are both developed and hosted in Singapore to adopt CSA’s SAS 2.0 in their app development. Adoption of this standard will fortify apps against common malware and phishing attacks.

 

Happening in Singapore on 19-20 February 2025, the ‘What’s NEXT in Marketing: Singapore 2025’ event presents an exceptional opportunity for marketers and industry leaders to talk about the future of marketing and drive success in the Singaporean market! Register now to secure your slot!
Join MARKETECH APAC and Bird for the ‘WhatsApp Marketing Masterclass‘ workshop and unlock effective strategies to engage and retain customers. Happening on 5 December 2024 at Sheraton Petaling Jaya, Malaysia—register your interest HERE!
Share

RECENT ARTICLES

CX leaders see AI-powered personalisation, CX fuel strong customer loyalty, higher retention rates: report
Mimecast welcomes David Sajoto as new vice president and general manager for APJ
Hitachi Vantara, NVIDIA HGX join forces to redefine AI infrastructure, launch Hitachi iQ
Netcore Cloud’s new partnership with Google Cloud to enhance marketing tech, customer engagement with AI
Prudential to drive digital transformation, elevate customer experience with launch of new AI lab in SG
Ellipse 3

RELATED ARTICLES

1_Group IB assists in police operations across SEA targeting cybercriminals in Android RAT campaign_11zon
CSA_UpTech (1)_11zon
NTT and CSA_UpTech_11zon
Ellipse 3

FEATURED ARTICLES

Haris Izmee assumes leadership at Equinix as managing director for Indonesia (1)_11zon
Defence at the digital frontier Mimecast’s Stanley Hsu on building resilience against fraud, cyber risks in Singapore’s e-commerce scene
Tech in Focus How SUSE accelerates innovation, strengthens security across enterprise-grade products through open-source solutions_11zon (1)

Subscribe to UpTech Media Newsletter

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.