New portal for developers to test mobile app safety, combat malware and phishing

SINGAPORE – Mobile app developers can now use an online tool to identify and fix security weaknesses in products before they are launched, to prevent cyber criminals from conducting phishing and malware attacks.

The Safe App Portal was launched on Oct 22, and the pilot project will last for the next six months, said the Cyber Security Agency of Singapore (CSA) in a statement on Oct 22.

Apps uploaded on the portal will be scanned for safety and security risks, and assessed for indicators of malicious behaviour, uncommon permission requests and code security issues.

A report provided to the developer will include recommendations for remediation, said CSA, adding that each scanned app will receive a colour-coded safety rating.

Green indicates minimal risks found with no malicious indicators detected, while yellow indicates some suspicious behaviours or notable weaknesses.

Red indicates strong signs of malicious traits and critical security issues, and that remediation is strongly advised.

Such a tool is necessary owing to a lack of resources for some software development firms, and a knowledge gap between developers and cyber-security experts on the importance of app safety, said experts on the second day of Singapore International Cyber Week on Oct 22. “A lot of smaller development shops don’t have dedicated security teams, so that is a big problem,” said Mr Eugene Liderman, Google’s director of product for Android security and privacy, during a panel discussion on mobile security, at the Sands Expo and Convention Centre.

Many developers might also view security features as “friction” that slows down the app development process, which is not the correct mindset to have, said fellow panellist Ilya Dreytser, head of solutions engineering at mobile security company Quokka.

The portal is meant to be used at the app development and testing phase, said CSA, adding that building security considerations from the start minimises vulnerabilities and will reduce the apps’ likelihood of being compromised.

As mobile apps are used for essential services such as banking and communications, they are also being exploited as gateways to steal money, data and identities, said Senior Minister of State for Digital Development and Information Tan Kiat How in his address before the panel discussion.

Victims in Singapore lost about $5.5 million to malware-enabled scams in the first half of 2025.

The number of cases also rose sharply by 266 per cent, compared with the same period in 2024, according to midyear figures released by the police in August.

“(Victims) were often between 50 and 64 years old, and many were first contacted on popular social media platforms such as Facebook and TikTok, before being persuaded to download malware that infected their phones,” said Mr Tan.

Initiatives like the portal will help ensure that apps used by Singaporeans are more vigorously vetted for vulnerabilities, and will create a stronger cyber-protection system, he added.

However, lasting change requires the cooperation of all industry players besides the Government, and Mr Tan urged cyber-security professionals and app developers to work closer together.

Security experts need to share their knowledge of uncovering and fixing vulnerabilities beyond their own circles, and help developers understand security in simple and practical ways, he said.

He also called on developer groups to prioritise security when creating new app features, instead of leaving it as an afterthought.

“It helps to think of security as something users can feel, not just something that runs in the background,” said Mr Tan.

“A secure login, privacy controls that are easy to use, or a fraud alert that stops a problem before it happens – these are features that people will value and appreciate.”

Big tech players such as app store owners and those that own mobile operating systems should also work closely with developers and security experts to create software kits that are safe to use, for developers to build safely from the start, said Mr Tan. “App stores can also feature apps that meet strong security standards, helping users identify and trust safer apps,” he added.

“This is how security becomes seamlessly built into the mobile ecosystem.”

The Safe App Portal was developed and refined through consultations with stakeholders such as government agencies, financial institutions, e-commerce companies, technology firms, academic institutions and app development companies, said CSA.

The agency added that it will continue collecting feedback that will guide refinements to the portal, which can help better meet developers’ needs during the portal’s potential full roll-out.

Future plans for the portal will be shared at a later date.

During a separate event at the conference, Minister of State for Home Affairs Goh Pei Ming spoke about the need for increased cooperation between the public and private sectors in tackling the local scam scourge.

He cited local bank representatives who are co-located at the Anti-Scam Command, so that they can provide real-time assistance to the police in stopping the transfer of illicit funds as quickly as possible.

“I would like to encourage even more industry partners to join our Anti-Scam Command,” said Mr Goh. “For instance, we are keen to co-locate with digital payment token service providers to improve the recovery of crypto assets.”