The use of mobile devices is one aspect of information technology that is now expanding quickly. In recent years, the use of mobile applications has increased in various areas of Indonesian society. However, cybercrimes such as data leaks are also increasing in Indonesia. One of them is the case of data theft in mobile commerce applications in Indonesia, where as many as more than 90 million user records were illegally traded by hackers on dark web sites. The mobile commerce application also stores sensitive user data for use in its business processes, such as email, passwords, addresses, telephone numbers, and account numbers. The goal of this study is to evaluate and identify security vulnerabilities or loopholes that could harm providers and users of the Android-based mobile commerce application using the Mobile Security Framework (MOBSF) and the OWASP Mobile Application Security Testing Guide (MASTG). This research was carried out in five stages: preparation, data collection, mapping the application (mapping vulnerabilities), exploitation, and reporting. The results of the study found that the mobile commerce application has a security gap issue in the data storage range in the parameter (MSTG-STORAGE-5) and in the authentication architecture range in the parameter (MSTG-AUTH-5 and MSTG-AUTH-6).
Copyrights © 2023