Singapore’s Ministry of Communications and Information (MCI) has unveiled safety recommendations aimed at apps involved in high-risk monetary transactions. The Cyber Security Agency of Singapore (CSA) released the new Safe App Standard, offering guidance to app developers and providers on essential security controls and best practices to safeguard their applications against common malware and phishing threats.
In response to a recent advisory from the Singapore Police reporting 83 victims and losses exceeding S$155,000 to a phishing scam impersonating DBS bank, the MCI’s minister, Josephine Teo, emphasized the importance of the Safe App Standard. Teo stated that the standard is designed to minimize the risk of malicious actors exploiting vulnerabilities in app design, ensuring the protection of user data and transactions across various applications, including e-commerce platforms.
The CSA’s standards highlight the need for developers to incorporate malware detection capabilities into their apps, citing its effectiveness in thwarting unauthorized transactions facilitated by compromised devices. The four critical areas targeted by threat actors, as outlined in the standard, include user identity validation (authentication), user access rights verification (authorization), protection of sensitive data integrity and confidentiality, and implementation of anti-tampering and anti-reversing security controls.
The guidelines draw inspiration from established industry standards, including the Open Web Application Security Project, the Payment Card Industry Data Security Standard, and the European Union Agency for Network and Information Security. The CSA anticipates updating the Standard to address evolving risks in the future, reflecting its commitment to staying ahead of the dynamic cybersecurity landscape.