Launch of the Safe App Portal Pilot
The Safe App Portal (“the Portal”) pilot was unveiled by the Cyber Security Agency of Singapore (CSA) at the Mobile Security Roundtable during Singapore International Cyber Week (SICW). The pilot will run for a period of six months, starting from 22nd October 2025.
The Portal is an online tool that aims to provide clear and actionable safety and security insights on mobile apps. By empowering developers to build more secure apps, the Portal aims to strengthen the baseline security of mobile apps and enhance public confidence in Singapore’s digital ecosystem.
Quokka is proud to power the engine behind the Portal and support ongoing efforts to enhance the cybersecurity of mobile applications. The Safe App Portal is now live and accessible at https://go.gov.sg/safeappportal.
The Need for Effective Mobile App Security
As cybercriminals increasingly exploit weaknesses in app security to conduct malware and phishing attacks, mobile devices have become prime targets for cyber threats. Stronger mobile app security is hence needed to better protect users from the threat of financial losses and privacy breaches.
The panel discussion hosted at the SICW’s Mobile Security Roundtable also expanded on this growing need for more effective mobile app security, which is inhibited by a disconnect between cybersecurity and mobile app developers. Titled “Can Cybersecurity and Dev Teams Work Together to Achieve Secure Innovation?“, the panel convened leading developers, security strategists, and testing experts, including Head of Solutions Engineering at Quokka, Mr Ilya Dreytser, to share their unique industry perspectives.
Following the panel, Mr Dreytser commented, “The panel revealed a significant opportunity to foster better collaboration between security and development teams. More must be done by security professionals to better communicate security insights in a simple and practical manner, to guide developers in building secure apps from the ground up.”
Inside the Safe App Portal
The Portal is designed to provide mobile app developers, particularly novice or independent developers, with actionable security insights that help them identify and address security weaknesses early in the development process.
The Portal offers three core functions:
- App Scan – Developers can upload their mobile app package (e.g. APK file) or provide a download link (e.g. URL) to perform an automated safety and security scan.
- Safety Rating – Each scanned app receives a color-coded Safety Rating, providing a quick overview of its security posture:
- Green: Minimal Risks Found – No malicious indicators detected, with low-risk security posture.
- Yellow: Some Risks Found – Suspicious behaviors or notable weaknesses observed; review and remediate where appropriate.
- Red: Excessive Risks Found – Strong signs of malicious traits or critical security issues; remediation strongly advised.
- App Report – Each app scan produces a detailed report that highlights the most critical risks and provides recommendations for effective remediation across three key pillars:
- Indicators of Malicious Behavior – malware signature and pattern detection, and app authenticity verification.
- Uncommon Permission Requests – identifying uncommon access to permissions or sensitive data compared to category norms.
- Code Security Weaknesses – flagging insecure coding practices that elevate exploit risk.
Verified developers can also access full remediation reports to guide further improvements.
Creating Safer Apps for Everyone
Quokka fully supports CSA’s call on developers to use the Portal as part of their development and testing processes. By integrating security into apps from the start, developers will be taking the first proactive step towards improving app resilience against cyberattacks, which is essential for creating a safer mobile app ecosystem for all.
“The launch of the Safe App Portal pilot represents our shared mission and commitment to empower developers to build secure, resilient apps,” said Dana Waldman, CEO of Quokka. “By improving the security posture of apps, developers are not only protecting users, but also enhancing the trust and credibility of their business. We know this as users ultimately want apps they can trust.”
We invite all mobile app developers to visit and use the Portal at https://go.gov.sg/safeappportal.
About Quokka
Quokka is a mobile security company trusted by Fortune 500 companies and governments worldwide to reduce their mobile attack surface. Formerly known as Kryptowire, the company was founded in 2011 and is the first and now longest-standing mobile app security solution for the US Federal Government. Quokka’s mobile app risk intelligence uncovers what others miss—malicious behaviors, colluding apps, privacy risks, and compliance gaps. Leveraging AI-powered engines, Quokka cuts through the noise to deliver visibility and control over mobile app threats. Learn more at www.quokka.io.
About the Cyber Security Agency of Singapore (CSA)
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes.
CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg.
