Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam

Ministry of Digital Development and Information
  1. Home
  2. Newsroom
  3. Opening Address by SMS Tan Kiat How at the Mobile Security Roundtable at Singapore International Cyber Week (SICW) 2025 on 22 Oct 2025
Speeches

Opening Address by SMS Tan Kiat How at the Mobile Security Roundtable at Singapore International Cyber Week (SICW) 2025 on 22 Oct 2025

22 October 2025

  1. Good morning. Happy to be joining the Mobile Security Roundtable.

Key Message 1: Mobile malware-enabled scams threaten our digital way of life.

  1. Mobile apps have become essential to modern life. Businesses rely on them for essential operations and servicing clients. Daily, we use them to bank, see a doctor and stay in touch with friends and loved ones.

    1. We put almost our entire life, including personal data and sensitive information on our mobile devices.

  2. This is why attackers and scammers target our phones, using malicious apps and mobile malware as gateways to steal our money, personal data, and identities. A common method is to trick people into installing harmful apps that look useful or harmless.

    1. Once installed, these apps secretly take control of the phone. They can read messages, steal passwords, and even move money without the owner’s knowledge.

    2. In the first half of 2025, malware-enabled scams in Singapore rose sharply by 266% compared to the same period in 2024. Losses totalled about S$5.5 million.

    3. Victims were often between 50 and 64 years old, and many were first contacted on popular social media platforms such as Facebook and TikTok, before being persuaded to download malware that infected their phones.

    4. What is particularly striking this year is the way scammers have misused a perfectly legitimate developer tool called the Android Debug Bridge, or ADB.

    5. Designed to help developers test apps, ADB has been exploited to take remote control of the victims’ phones. Once inside, they can try breaking into apps, especially banking apps.

  3. The message is simple: this is real and serious. It affects all of us.

    1. These mobile-enabled scams don't just attack our devices, they undermine our trust in the digital services we depend on for our daily lives. Scammers are constantly finding new ways to compromise our technology.

    2. Protecting against such methods is essential for everyone, and everyone has a role to play.

Key Message 2: Singapore is taking decisive action to secure our mobile ecosystem and combat scams.

  1. This is why Singapore has rolled out comprehensive initiatives to protect our citizens from mobile threats and scam activities.

    1. Since 2019, IMDA has worked with telcos to block 100 million scam calls, 58,700 scam-linked mobile lines, and 12 million scam SMSes in the first half of 2025 alone.

    2. GovTech’s enhanced ScamShield app now provides active protection on WhatsApp and Telegram, serving 1.34 million users with 1.27 million scam checks and nearly 600,000 reports submitted.

    3. Last year, CSA partnered Google on the Enhanced Fraud Protection which automatically blocks suspicious apps before they can even be installed on Android phones. I am encouraged by the results. As of June this year, this collaboration has prevented over 2.49 million potentially malicious app installations across 550,000 devices in Singapore.

  2. Beyond blocking malicious apps, we also need to ensure that apps are built to be safe and resilient against attacks.

  1. Today, I am pleased to announce the launch of the Safe App Portal pilot.

    1. This new tool aims to provide developers with clear and actionable safety and security insights on their mobile apps. By simply uploading their apps, developers will get an automated safety scan, a clear safety rating, and recommendations on how to fix critical issues.

    2. With fewer vulnerabilities, apps will be more resilient against malware and other attacks. This means that the apps you download will have stronger safeguards built in, protecting your data, your money, and your peace of mind.

  2. In addition, we are harmonising global standards through a new Memorandum of Understanding between CSA and the App Defence Alliance.

    1. This collaboration seeks to establish common cybersecurity baselines for mobile apps and app stores, giving developers clear and consistent security requirements to meet not only in Singapore, but also around the world.

    2. As developers build in protections to meet these baseline security standards, the mobile ecosystem becomes safer for all. This enables everyone to live, work and connect more safely in the digital world.

  3. Together, these initiatives ensure that apps reaching Singaporeans will be more rigorously vetted for security vulnerabilities, creating a safer mobile environment for all users, and stronger protection of our personal data and money.

    1. In doing so, we are not only raising mobile security standards but also strengthening Singapore’s broader fight against scams and building deeper trust in our digital ecosystem.

Key Message 3: We need the tech community to join us in this mission.

  1. However, government initiatives alone cannot tackle this global challenge.

    1. Keeping our online space secure and Singaporeans safe from online harms like scams and cyberattacks requires constant vigilance. Going after cyber-attackers and closing vulnerabilities is a never-ending game of cat and mouse.

    2. The previous example of scammers abusing the ADB feature already shows how attackers will always continue to pivot and find new weaknesses in places that we would never have thought to look.

    3. The government can drive national efforts to strengthen our mobile defences against such attacks, but lasting change also requires the support and cooperation of all industry players.

  2. I call on the cybersecurity professionals, app developers, and industry leaders to embed security into all parts of the mobile app ecosystem and shape how mobile apps are designed, developed, tested, and brought to users.

  3. This requires a fundamental mindset shift, from working in silos to building solutions together. Let me share three ways we can practice this mindset shift.

    1. Firstly, to the security experts, who are skilled at uncovering vulnerabilities and fixing them;

      1. Doing that alone does not strengthen the ecosystem, because the knowledge often stays within our own circles.

      2. What truly uplifts the ecosystem is when we share that expertise, when we help developers understand security in simple, practical ways, and guide them to build safer apps themselves.

      3. So the role of the cybersecurity professionals and experts is not just to find flaws, but to grow a community that builds security into everything it creates.

    2. Next, many developer groups still focus on adding new features first and think about security as an afterthought.

      1. But security can be a feature too, one that makes apps safer and builds user trust. When an app protects people’s data against attacks, that is not just security work, that is good design.

      2. Developers and security teams should work together to build these safety features from the start, just like they do for speed or usability.

      3. It helps to think of security as something users can feel, not just something that runs in the background. A secure login, privacy controls that are easy to use, or a fraud alert that stops a problem before it happens, these are features that people will value and appreciate.

      4. When we build with security as part of the experience, not as an afterthought, we make apps that are not only useful, but truly trusted.

    3. Lastly, for our big tech players, such as mobile operating systems and app store owners, you have a critical role to play as well.

      1. Today, we still respond to new threats by adding more patches and rules. But that only helps us keep up with a problem, not stay ahead of it.

      2. These major players need to work closely with security experts and developers to create hardened, well-maintained software kits that are safe to use, so developers can build securely from the start.

      3. App stores can also feature apps that meet strong security standards, helping users identify and trust safer apps.

      4. This is how security becomes seamlessly built into the mobile ecosystem.

  4. Later, you will discuss exactly this in the panel session, “Can Cybersecurity and Dev Teams Work Together to Achieve Secure Innovation?”

    1. I urge you to bring bold ideas and concrete suggestions to that discussion.

    2. Only by working together and for each other can we close the gaps faster than attackers can exploit them.

Conclusion

  1. To conclude, our shared purpose is clear. We want citizens to use mobile apps with confidence, and we want businesses and developers to innovate safely.

  2. Together, we can make mobile apps safer for everyone and build a digital society grounded in trust and innovation.

  3. I look forward to a stimulating and fruitful discussion and exchange. I hope you find new ideas, new partnerships and new ways of keeping our digital space more cyber-secure and safe.

  4. Thank you.

Back to top