SecureApp Launch Part 1 | What is SecureApp?

As end-users we’re hyper aware of the vulnerabilities that we are exposed to, if we click a phishing link, reply to a suspicious email, or recycle the same Password123 across every account.

We open ourselves up to become easy targets for attackers on the hunt for weak links.

When it comes to the applications we download, and populate with sensitive personal, financial and even location-based data, we innately trust that the application is secure. But this is far from the case.

In fact, there are an estimated nine million apps available in app stores around the world, and in the current unregulated application security environment, only the minority have the appropriate security measures in place.

On 22^nd April, Secarma spoke with Michelle Kradolfer, National Secured by Design Manager for the Police Crime Prevention Initiative, to discuss the risk to end-users in the unsecured application landscape, and what businesses, and app developers must do to take-action.

What is Secured by Design?

Secured by Design (SBD) is a Police Crime Prevention Initiative that seeks to improve the security of buildings and their immediate surroundings. SBD provides businesses with an accreditation on behalf of the UK police service, for products and services that have met the police preferred specifications.

Thirty years ago SBD focused on physical security. Anything that would prevent physical crimes such as locks, doors, windows, lighting and fences, would be given the SBD approved accreditation.

In 2026, the security landscape has evolved beyond recognition, and advances in technology mean that many of the physical security products now have a cyber or IoT component.  

Michelle said: “Our ethos has always been:

How do you ensure the product has been built as safely as possible?

What standards does it meet?

What testing does it go through?

“We had to apply the same thing to the cyber component, because if you have a smart lock for example, it can be built to be as physically safe as possible, but if there’s a cyber element that can be easily hacked, then it doesn’t matter how physically secure it is. The entire environment needs to be looked at and tested appropriately.”

Where does SecureApp fit into the Secure by Design ecosystem?

Enter, the Secure Connected Devices and SecureApp certifications, to the Secured by Design initiative. Both the physical device and the application must be tested and certified, to secure the entire eco-system of connected products.

The SecureApp framework was created alongside the foreign commonwealth development office (FCDO) and the National Centre for Violence Against Women and Girls, to prioritise safety and privacy.

In partnership with Secarma, the SBD team ensures that apps are tested against existing OWASP standard, and once approved, will receive the police preferred specification.

Jennifer Williams, Managing Director at Secarma, said: “We’ve always tested apps, that’s our core business activity, so I was really happy when Michelle approached us to see if we could help develop this scheme and secure the entire eco-system.

“We look at what standards already exist, to make sure that we could do a really good job of testing an app against something that was independent, and already existed. We use the ASVS standard at Level 1, so we’re covering a baseline of application security.

“We don’t need the highest standard of security, what we need is a good baseline and to make sure that all apps that go through this scheme are recognised as having met best practice and covered the basics of cyber hygiene.”

Crucially, SecureApp is designed to enable better products that don’t detract from the features and functionality of the application. The certification follows practices that the developers should be taking into consideration when designing an application, as standard.

Which businesses will benefit from SecureApp and Secure by Design?

Personal safety has been amongst the key drivers for SecureApp, as well as addressing gaps that exist in the security IoT infrastructure.

Michelle explained that while certified apps now span a range of industries, a personal safety app was the first to achieve both the SecureApp and the SBD accreditation.

“They have an app specifically for their personal safety, that sends alerts from the location of the user to their emergency contact list, or the authorities if needed. It also collects evidence, if anything should happen.

“We have a video doorbell and smart locks that have gained accreditation too.

“This is applicable to every single app on the market. It doesn’t matter what functions or features you have. SecureApp ensures that:

• The end-user can operate within the app as safely as possible
• The app has been built to ensure that it reduces the threat posed by the most common cyber-attacks”

In part two, we will hear more from Michelle and Jennifer about the process to becoming both SecureApp and Secured by Design accredited.

Can’t wait till part two? You’re in luck, simply tune in to the webinar on-demand now, to hear all the full discussion, and start your journey to SecureApp certification.