Singapore has released guidelines designed to help developers adopt the necessary security controls and best practices to better protect users from common malware and phishing attacks.
The benchmark, called the Safe App Standard, will provide a common benchmark to guide local developers on the steps they can take to strengthen the security of their mobile apps, said the Cyber Security Authority of Singapore (CSA). The move is aimed at strengthening the security posture of mobile apps in Singapore and protecting user data and app transactions, the government agency said.
Related article: 9 major mobile security threats and how to avoid them
Citing figures from its 2022 Cybersecurity Awareness Survey, CSA said 80% of respondents have utility apps installed on their mobile devices, such as banking, e-commerce and transportation apps. “The use of mobile apps is becoming increasingly popular, potentially exposing many users to potential risks including financial loss and unauthorized access to sensitive data.”
Safe App Standard is designed for apps that perform high-risk transactions or allow transactions with partial or full access to a user’s financial account. The agency said that a breach of this data could result in significant financial losses, and that such transactions could involve financial functions such as registering third-party beneficiary details or increasing fund transfer limits. It added that this includes changes.
The 46-page Safe App Standard document outlines steps to take in four key areas commonly targeted by attackers: authentication, authorization, data storage, and tamper and reverse prevention.
Mobile apps typically utilize various forms of authentication, including biometrics and multi-factor authentication code generators. Therefore, when used to verify user identity and provide legitimate access, it is important that such mechanisms are secure and implemented in accordance with industry best practices.
Also: 5 easy tips to improve the security of your Android smartphone today
Authorization also runs in parallel with authentication security, making it an important line of defense for mobile apps when determining access to relevant resources within the app.
Anti-tamper security controls such as anti-malware detection and anti-keystroke capture also provide additional protection against malicious attempts to compromise or tamper with your mobile app. Developers who integrate these features make it more difficult for attackers to break into their apps.
CSA said the Safe App Standard was designed with reference to established industry standards, including the Open Web Application Security Project, the Payment Card Industry Data Security Standard, and the European Union Network and Information Security Agency.
It has also been fine-tuned based on consultation with a range of organizations including local governments, financial institutions, e-commerce operators, consultancies and technology vendors.
Related article: Singapore government recognizes rise in security incidents due to increased data sharing
Although the guidelines are not mandatory, CSA encourages app developers in Singapore to adopt the recommended standards to ensure the safety of their apps and protect users when conducting online transactions. .
Communications and Information Minister Josephine Teo said the standard would help developers “design security”, such as built-in malware detection, to reduce the risk that threat actors could exploit weaknesses in apps.
He said if the standard proves useful, it could become mandatory in the future.
CSA added that standards will be updated as the threat landscape evolves.