CSA Releases New List of Recommended Security Apps to Boost Mobile Device Protection
Shortlisted Apps Underwent New Tests to Assess Effectiveness
The Cyber Security Agency of Singapore (CSA) has released a new list of recommended security apps to help members of the public identify suitable apps to download to better safeguard their mobile devices against prevalent phishing and malware attacks.
2. CSA first launched a list of recommended security apps in September 2023. Since then, CSA has reviewed this list and conducted a series of tests on 18 unique apps across Android and iOS devices. The tests referenced those that were carried out by established industry third-party test bodies such as AV Test and AV Comparatives. The apps were evaluated based on their performance in four categories, namely a. malware detection, b. phishing detection, c. network detection and d. device integrity checks. Of these, network detection and device integrity checks are new categories added in this review. Six security apps made the list (see attached infographics).
3. The Four Categories
a. Malware detection involves the installation of the security app in devices and testing its ability to detect various malware samples – including original, rehashed and obfuscated samples. This process evaluates how well the app identifies disguised threats before they can compromise the device, making it crucial as a first layer of protection against a range of malware such as spyware and dropper1.
b. Phishing detection is essential for identifying and blocking deceptive websites or suspicious URLs. The test involves accessing selected phishing links across different environments, such as via in-app browsers, dedicated browsers such as Chrome for Android users and Safari for iOS users or through a URL checker provided by the app. This is important as users will be alerted by the app when they attempt to access spoofed websites that can lead to identity theft or financial loss.
c. Network detection focuses on the security app’s ability to detect and alert users to common network-based attacks, such as Secure Sockets Layer (SSL) stripping and SSL decryption which are attempts to access or steal encrypted data. This methodology involves the simulation of such attacks to test whether the app can detect and alert the user to such attacks. This capability is important to protect users from data interception attacks targeting users’ financial details and login credentials.
d. Device integrity checks assess whether the security app can detect device settings that could potentially compromise the user’s security. The focus is on unauthorised rooting and jailbreaking modifications which could provide cybercriminals with privileged access to the device’s operating system. Other features such as the capability to detect the absence of authentication measures on the device such as biometrics also formed part of the assessment. These ensure that users are alerted to vulnerabilities in their device settings and help to secure the user’s mobile device environment.
4. CSA has assessed that for selected apps to be effective, they are required to score 50 percent and above in detecting malware and phishing attacks, given the stringent testing on the apps’ detection capabilities of malicious files and phishing sites at various stages. For the two newly introduced categories: network detection and device integrity checks, the criteria is a pass in either categories. This approach provides a balanced evaluation of new categories while ensuring effectiveness on the primary categories. Security apps marked as “Not Applicable” (NA) in a category indicates that the feature was not present at the time of testing. Apps must be minimally available in the Google Play Store or Apple App Store for their respective operating systems.
5. Mr Chua Kuan Seah, Deputy Chief Executive, Cyber Security Agency of Singapore said, “Cybercriminals are constantly devising new tactics to trick us and this is why installing security apps continues to be important. CSA has expanded the testing criteria for security apps to ensure that they are able to protect against rapidly evolving malware and phishing attacks. This list is intended as a reference to aid users in choosing which security app to download based on their needs and budget. CSA will continue to work with industry professionals and developers on improving solutions for the public to defend themselves against cybercriminals.”
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
