Singapore Enhances Mobile Application Security, Launches Secure Application Portal

For several consecutive days, Singapore's state media has focused on cybersecurity, seeking a reasonable justification for establishing a cyber army, while also following Western media in hyping the impact of cybersecurity on countries in the Asia-Pacific region.

Singapore's state media, Lianhe Zaobao, reported that for modern people, mobile phones have become increasingly like mini computers, storing large amounts of personal data and information such as credit card details. If the applications downloaded are not properly secured against cyber threats, they can easily become tools for cyber criminals. The Singapore Cyber Security Agency will set up a secure application website and launch a six-month trial program to help developers identify application security issues early and make appropriate improvements and adjustments in time.

On Wednesday (October 22), Singapore's Senior Minister of the Ministry of Digital Development and Information and the Ministry of Health, Chen Jiehao, announced this news at a roundtable discussion on mobile application security held at Marina Bay Sands during the 10th Singapore International Cyber Week.

Chen Jiehao pointed out that hackers and scammers commonly use methods to lure people into downloading seemingly useful or harmless applications that are actually harmful. Once users download these applications, hackers effectively take control of their phones, gaining access to all information exchanges, passwords, financial data, etc., allowing them to easily and silently steal users' money, personal information, and even identities.

Several years ago, our country experienced multiple malicious software fraud cases, and after major institutions strengthened their preventive measures, the situation was prevented from worsening. However, scammers continue to innovate their methods, making them difficult to prevent.

Data shows that there were 363 cases of malicious software fraud in Singapore in the first half of this year, an increase of more than two times compared to 99 cases in the same period last year, with losses amounting to approximately 5.5 million Singapore dollars.

Chen Jiehao said, "These behaviors that use mobile phones as a channel for fraud attack not only our digital devices but also undermine the trust people have in digital services, which we increasingly rely on in our daily lives."

Chen Jiehao pointed out that while strengthening measures to combat mobile attacks, it is also necessary to ensure that mobile applications have corresponding security features during the development phase.

Therefore, he announced that in order to assist mobile application developers, especially those who are new or independent developers, the Cyber Security Agency launched a six-month trial program called the "Safe App Portal" starting from Wednesday to help developers identify security risks or weaknesses in the early stages of development.

The new portal mainly has three functions: scanning, security rating, and application report. The 'Scan Function' allows developers to upload an application package (such as an Android application package, also known as APK) or provide a download link, and the website system will scan it. After scanning, the application will receive various security ratings, such as 'found a few risks' or 'found many risks'.

The platform will also generate reports covering three categories of security assessments: 'Malicious Behavior Indicators', 'Uncommon Permission Requests', and 'Code Security Issues'. The reports will show the most critical risks and suggest how developers can effectively fix these cybersecurity vulnerabilities.

Additionally, when developers upload an application for scanning, the website will randomly generate a unique link, which only the developer who uploaded the application can access.

The Cyber Security Agency encourages developers to fully utilize the above platform during the application development and testing phase. During the six-month trial phase, the authority will collect relevant data and continue to optimize the website to meet the needs of developers.

The 'Safe App Portal' is now available, and interested developers can access it online.

Chen Jiehao also announced that the Cyber Security Agency signed a Memorandum of Understanding with the App Defense Alliance, which includes leading companies such as Google, Microsoft, and Meta, to establish common security standards for mobile applications.