The Application of Mobile Security Framework (MOBSF) and Mobile Application Security Testing Guide to Ensure the Security in Mobile Commerce Applications
DOI:
https://doi.org/10.37034/jsisfotek.v5i2.231Keywords:
Mobile Devices, Mobile Applications, MOBSF, SecurityAbstract
The use of mobile devices is one aspect of information technology that is now expanding quickly. In recent years, the use of mobile applications has increased in various areas of Indonesian society. However, cybercrimes such as data leaks are also increasing in Indonesia. One of them is the case of data theft in mobile commerce applications in Indonesia, where as many as more than 90 million user records were illegally traded by hackers on dark web sites. The mobile commerce application also stores sensitive user data for use in its business processes, such as email, passwords, addresses, telephone numbers, and account numbers. The goal of this study is to evaluate and identify security vulnerabilities or loopholes that could harm providers and users of the Android-based mobile commerce application using the Mobile Security Framework (MOBSF) and the OWASP Mobile Application Security Testing Guide (MASTG). This research was carried out in five stages: preparation, data collection, mapping the application (mapping vulnerabilities), exploitation, and reporting. The results of the study found that the mobile commerce application has a security gap issue in the data storage range in the parameter (MSTG-STORAGE-5) and in the authentication architecture range in the parameter (MSTG-AUTH-5 and MSTG-AUTH-6).
References
Kurniawan, C., & Trianto, N. (2021). Security Assessment on the XYZ Android Mobile Application With Reference to the OWASP Mobile Top Ten 2016 Vulnerabilities. Info Kripto, 15(1), 11–18. https://doi.org/10.56706/ik.v15i1.2
DataReportal. (2022). DataReportal – Global Digital Insights. Datareportal. https://datareportal.com/reports/digital-2022-indonesia
Darmawan, J., Wijaya, A. H., Hakim, L., & Tannady, H. (2021, February). Comparing Freeman Chain Code 4 Adjacency Algorithm and LZMA Algorithm in Binary Image Compression. In Journal of Physics: Conference Series (Vol. 1783, No. 1, p. 012045). IOP Publishing.
Fathur, M. (2020). Tokopedia's Responsibility for Data Leakage. National Conference on Law Studies (NCOLS), 2(1), 43–60.
Hanifurohman, C., & Hutagalung, D. D. (2020). Static Analysis Using the Mobile Security Framework for Testing the Security of Android-Based E-Commerce Mobile Applications. Sebatik, 24(1), 22–28. https://doi.org/10.46984/sebatik.v24i1.920
Tannady, H., Andry, J. F., Suyoto, Y. T., & Herlian, A. (2020). Business Architecture of Public Guest Service for University Using TOGAF ADM Framework. Technology Reports of Kansai University, 62(5), 2421-2428.
Hermawan, K., Iskandar, A. A., & Hartono, R. N. (2011). Development of ECG signal interpretation software on Android 2.2. 2011 2nd International Conference on Instrumentation, Communications, Information Technology, and Biomedical Engineering, 259–264.
Indarta, Y., Ranuharja, F., Ashari, I. F., Sihotang, J. I., Simarmata, J., Harmayani, H., Algifari, M. H., Muslihi, M. T., Mahmudi, A. A., Fatkhudin, A., & others. (2022). Cyber Security: Challenges in the Era of the Industrial Revolution 4.0. Yayasan Kita Menulis.
Meisarah, F., Octiva, C. S., Sucipto, P. A., Satyaninrum, I. R., & Bakri, A. A. (2023). Improving Student Text Writing Ability by Utilizing the Use of Augmented Reality Feature. Jurnal Sistim Informasi dan Teknologi, 5(1), 129-134.
Negi, C., Mishra, P., Chaudhary, P., & Vardhan, H. (2021). A Review and Case Study on Android Malware: Threat Model, Attacks, Techniques and Tools. Journal of Cyber Security and Mobility, 10(1), 231–260. https://doi.org/10.13052/jcsm2245-1439.1018
Kumar, G. S., Priyadarshini, R., Parmenas, N. H., Tannady, H., Rabbi, F., & Andiyan, A. (2022, November). Design of Optimal Service Scheduling based Task Allocation for Improving CRM in Cloud Computing. In 2022 Sixth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC) (pp. 438-445). IEEE.
Parulian, S., Pratiwi, D. A., & Cahya Yustina, M. (2021). Cyber Attack Threats and Solutions in Indonesia. Telecommunications, Networks, Electronics, and Computer Technologies (TELNECT), 1(2), 85–92. http://ejournal.upi.edu/index.php/TELNECT/
Putri, A. S., & Zakaria, R. (2020). Mapping analysis of the largest e-commerce in Indonesia based on the Digital economy power model. Seminar Dan Konferensi Nasional IDEC, 1–14.
Gunawan, F. E., Andry, J. F., Tannady, H., & Sebastian, B. (2020). Evaluation and measurement of automobile service and maintenance company performance using cobit framework and balanced scorecard. Evaluation, 62(07).
Rohmah, R. N. (2022). Efforts to Build Cyber Security Awareness among E-commerce Consumers in Indonesia. Cendekia Niaga: Journal of Trade Development and Studies, 6(1), 1–11.
Anwar, C., & Riyanto, J. (2019). Perancangan Sistem Informasi Human Resources Development Pada PT. Semacom Integrated. International Journal of Education, Science, Technology, and Engineering, 2(1), 19-38.
Widyarto, E. Y., & Anwar, C. (2022). Build Social Networks-Based Audio Engineering (Design And Build An Audio-Based Social Network). Eduvest-Journal of Universal Studies, 2(1), 48-54.
Yumnun, L., Kusyanti, A., & Kartikasari, D. (2020). Implementation of the OWASP Mobile Security Testing Guide (MSTG) for Security Testing on Android-Based Applications. Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer, 3(11), 10579–10585.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Jurnal Sistim Informasi dan Teknologi
This work is licensed under a Creative Commons Attribution 4.0 International License.
