CSA releases updated ‘Safe App Standard’ version to enhance SG security posture

by

Azunta Gaviola

-

11 months ago

The ‘What’s NEXT in Marketing 2025’ series is making waves in Singapore, the Philippines, Hong Kong, Indonesia, and Malaysia. Join us in shaping the future of marketing!

Singapore – Aiming to strengthen the overall security posture of the country, the Cyber Security Agency of Singapore has recently released new guidelines to the ‘Safe App Standard 2.0’. This strategic move is an updated version of the January 2024 edition, which further protects app transactions and user data from mobile apps deployed in Singapore. 

As an upgraded version, SAS 2.0 specifically prioritises high-risk apps with transactions that could lead to significant financial losses. 

According to the agency, these high-risk transactions enable modifications to financial functions such as the registration of third-party payee information and the increase of fund transfer limits. 

It will also introduce four new key areas, including network communication, cryptography, code quality and exploit mitigations, and platform interactions. These enhancements are essential in providing app developers and owners with comprehensive guidelines to fortify the security of their mobile apps. 

Additions to the four key areas covered previously in the first version of the SAS also encompass (1) authentication, where multiple authentication factors, such as biometrics and cryptographic tokens, and securing user sessions are employed; (2) authorisation, where apps use permissions to manage user access to resources, features, and data, and users can grant the app permissions to use certain functions on their devices; (3) data storage that safeguards sensitive data in app servers and user devices against data theft; and lastly (4) anti-tampering and anti-reversing, where system controls prevent modifications to and the compromise of the app.

The new guidelines will also cover security controls in eight key areas to enhance mobile security. SAS 2.0, in particular, referenced established industry standards like those set by the Open Web Application Security Project, the European Union Agency for Network and Information Security, the Payment Card Industry Data Security Standard, and the National Institute of Standards and Technology.

This underwent further refinement after extensive consultations across a diverse range of stakeholders, including local government agencies, financial institutions, e-commerce companies, consultancy firms, cybersecurity firms, academic institutions, and technology companies. 

With the new guidelines, CSA strongly encourages developers of apps that are both developed and hosted in Singapore to adopt CSA’s SAS 2.0 in their app development. Adoption of this standard will fortify apps against common malware and phishing attacks.

Step into a world where creativity meets cutting-edge tech at MARKETECH APAC’s Advertising Technology Asia 2025! Coming to the Philippines on 9 September, be at the forefront of the adtech revolution—register now!
The NEXT Awards 2025 is here, and we’re seeking the most innovative marketing campaigns from Indonesiathe Philippines, Malaysia, Singapore and Asia Pacific. Submit your entry today and showcase your best work!
Share

RECENT ARTICLES

Concentrix acquires SAI Digital, expanding digital commerce, CX solutions in APAC
OutSystems appoints Muralee Kanagaratnam as regional VP for partners & alliances for APAC regional expansion
Singapore leads global AI adoption but faces shadow AI concerns
StarHub, Vectra AI introduce advanced cybersecurity solutions in Singapore
Revolut expands Google Cloud partnership to support global fintech growth
Ellipse 3

RELATED ARTICLES

1_Group IB assists in police operations across SEA targeting cybercriminals in Android RAT campaign_11zon
CSA_UpTech (1)_11zon
NTT and CSA_UpTech_11zon
Ellipse 3

FEATURED ARTICLES

Haris Izmee assumes leadership at Equinix as managing director for Indonesia (1)_11zon
Defence at the digital frontier Mimecast’s Stanley Hsu on building resilience against fraud, cyber risks in Singapore’s e-commerce scene
Tech in Focus How SUSE accelerates innovation, strengthens security across enterprise-grade products through open-source solutions_11zon (1)

Subscribe to UpTech Media Newsletter

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.

Video Title Here: The Indonesian on-ground activation status

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos.