Configuring Mobile Security Framework for Static Analysis

Pesatnya perkembangan aplikasi android, terutama aplikasi di bidang e-commerce dan transaksi jual beli online yang populer di Indonesia, memaksa pengguna untuk memberikan izin untuk menggunakan fitur dan layanan aplikasi selama pemasangan dan pasca pemasangan. Kurangnya pemahaman pengguna akan resiko dari izin akses yang diminta oleh aplikasi sebelum atau setelah melakukan instalasi menjadikan celah pada keamanan data pengguna untuk mengakses fitur pada perangkat smartphone seperti kamera, media penyimpanan, kontak, akun dan fitur lainnya.Â Logical Extraction MethodÂ menjadi metode yang digunakan untuk mendapatkan data aplikasi dengan mengakusisi seluruh data file sistem pada smartphone menggunakan bantuan toolsÂ MOBILedit Forensic, TWRP (Team Win Recovery Project), dan Aplikasi Migrate. Akusisi data dari masing-masing aplikasi akan diambil Android Package File (APK) yang digunakan untuk proses analisis secara statis dengan menggunakanÂ Tools ForensicÂ MobSF (Mobile Security Framework). Berdasarkan hasil analisis yang dilakukan pada tiga aplikasi teratas e-commerce terdapat 51 izin akses dan dari tiga aplikasiÂ e-commerceÂ terpopuler di Indonesia dengan tingkat keamanan paling berbahaya dengan 49 izin akses, 7 izin akses normal dan 1 izin akses tanda tangan. Aplikasi lazada terdapat 21 izin akses berbahaya yang tidak diketahui pengguna sedangkan aplikasi Tokopedia terdapat 4 izin akses berbahaya yang tidak diketahui pengguna dan aplikasi Blibli.com terdapat 1 izin akses berbahaya yang tidak diketahui pengguna. Berdasarkan temuan celah keamanan dapat disimpulkan bahwa aplikasi e-commerce yang digunakan oleh penggunanya memungkinkan pula disisipi sebuahÂ malwareÂ atau virus sejenis yang berpeluang dalam penggambilan data pribadi penggunanya.Â Â The rapid development of android applications, especially applications in the field of e-commerce and online buying and selling transactions that are popular in Indonesia, force users to give permission to use the features and services of the application during installation and post-installation. Lack of user understanding of the risk of access permissions requested by the application before or after installation creates a gap in the user's data security to access features on smartphone devices such as cameras, storage media, contacts, accounts, and other features. Logical Extraction Method is a method used to obtain application data by acquiring all system file data on smartphones using the help of MOBILedit Forensic tools, TWRP (Team Win Recovery Project), and Migrate Applications. Data acquisition from each application will be taken by Android Package File (APK) which is used for the static analysis process using Tools Forensic MobSF (Mobile Security Framework). Based on the results of an analysis conducted on the top three e-commerce applications there are 51 access permits and of the three most popular e-commerce applications in Indonesia with the most dangerous level of security with 49 access permits, 7 normal access permits, and 1 signature access permit. The Lazada application has 21 dangerous access permits that the user does not know while the Tokopedia application has 4 dangerous access permits that the user does not know and the Blibli.com application has 1 dangerous access permit that the user does not know about. Based on the findings of a security hole, it can be concluded that the e-commerce application used by its users also allows the insertion of a malware or virus that has the opportunity to capture the user's personal data.

Download Full-text

ANALISIS STATIS MENGGUNAKAN MOBILE SECURITY FRAMEWORK UNTUK PENGUJIAN KEAMANAN APLIKASI MOBILE E-COMMERCE BERBASIS ANDROID

Sebatik ◽

10.46984/sebatik.v24i1.920 ◽

2020 ◽

Vol 24 (1) ◽

pp. 22-28

Author(s):

Cholis Hanifurohman ◽

Deanna Durbin Hutagalung

Keyword(s):

Mobile Security ◽

Security Framework ◽

Root Detection

Pengguna internet di Indonesia setiap tahunnya mengalami peningkatan yang terus naik. Peningkatan yang pesat ini diiukuti juga dengan penggunaan internat menggunakan perangkat mobile. Hal ini memberikan dampak positif ke beberapa sektor bisnis seperti jual beli online dan juga memicu munculnya beragam aplikasi mobile khususnya pada platform android. Oleh karena itu perlu dilakukan analisis keamanan terhadap aplikasi dengan melakukan pengujian/pengukuran terhadap tingkat keamanan aplikasi. Tujuan dari penelitian ini adalah untuk meningkatkan pemahaman kepada pengguna aplikasi mobile e-commerce terhadap celah-celah keamanan aplikasi mobile e-commerce dan memberikan metode dalam melakukan analisis statis menggunakan Mobile Security Framework (MobSF) untuk melakukan pengujian keamanan terhadap aplikasi mobile e-commerce khususnya yang berbasis android. Analisis statis dilakukan dengan melakukan anailis terhadap kelemahan kriptografi (weak crypto), SSL bypass, penggunaan dangerous permission, hardcode secret, root detection dan domain malware check. Metode yang digunakan dalam melakukan anailis adalah Mobile Security Framework (MobSF). Sistem ini mempunyai tiga fase, yaitu kebutuhan perencanaan, proses desain RAD dan fase implementasi. Hasil analisis keamanan keamanan yang dilakukan pada aplikasi mobile e-commerce yaitu SP, TP, LZ, BL dan SR yang merupakan lima besar mobile e-commerce berbasis android paling populer di Indonesia menunjukkan bahwa beberapa celah keamanan masih terdapat dari di kelima aplikasi hasil tersebut yang perlu diketahui baik oleh pengguna maupun pengembang aplikasi.

Download Full-text

Automated Security Analysis of Android and iOS Applications with Mobile Security Framework

Network Security ◽

10.1016/s1353-4858(16)30044-7 ◽

2016 ◽

Vol 2016 (5) ◽

pp. 4

Keyword(s):

Security Analysis ◽

Mobile Security ◽

Security Framework

Download Full-text

Deconstructing Turkey’s “Open Door” Policy towards Refugees from Syria

MIGRATION LETTERS ◽

10.33182/ml.v12i3.275 ◽

2015 ◽

Vol 12 (3) ◽

pp. 209-225 ◽

Cited By ~ 14

Author(s):

Burcu Togral Koca

Keyword(s):

Human Rights ◽

Civil War ◽

Border Studies ◽

Open Door ◽

Open Door Policy ◽

Security Framework ◽

Liberal Policy ◽

The Way

Turkey has followed an “open door” policy towards refugees from Syria since the March 2011 outbreak of the devastating civil war in Syria. This “liberal” policy has been accompanied by a “humanitarian discourse” regarding the admission and accommodation of the refugees. In such a context, it is widely claimed that Turkey has not adopted a securitization strategy in its dealings with the refugees. However, this article argues that the stated “open door” approach and its limitations have gone largely unexamined. The assertion is, here, refugees fleeing Syria have been integrated into a security framework embedding exclusionary, militarized and technologized border practices. Drawing on the critical border studies, the article deconstructs these practices and the way they are violating the principle of non-refoulement in particular and human rights of refugees in general.

Download Full-text

A Practical Biometric Random Number Generator for Mobile Security Applications

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences ◽

10.1587/transfun.e100.a.158 ◽

2017 ◽

Vol E100.A (1) ◽

pp. 158-166 ◽

Cited By ~ 1

Author(s):

Alper KANAK ◽

Salih ERGÜN

Keyword(s):

Random Number ◽

Random Number Generator ◽

Mobile Security ◽

Number Generator ◽

Security Applications

Download Full-text

Security issues in Mobile Computing

International Journal of Advanced Research in Computer Science and Software Engineering ◽

10.23956/ijarcsse.v8i4.620 ◽

2018 ◽

Vol 8 (4) ◽

pp. 13

Author(s):

Kartik Khurana ◽

Harpreet Kaur ◽

Ritu Chauhan ◽

Shalu Chauhan ◽

Shaveta Bhatia ◽

...

Keyword(s):

Mobile Computing ◽

Mobile Devices ◽

Mobile Communication ◽

Internet Access ◽

Mobile Security ◽

Security Issue ◽

Security Issues

Now a day’s mobile communication has become a serious business tool for the users. Mobile devices are mainly used for the applications like banking, e-commerce, internet access, entertainment, etc. for communication. This has become common for the user to exchange and transfer the data. However people are still facing problems to use mobile devices because of its security issue. This paper deals with various security issues in mobile computing. It also covers all the basic points which are useful in mobile security issues such as categorisation of security issues, methods or tactics for success in security issues in mobile computing, security frameworks.

Download Full-text

Static Analysis of Functionally Graded Cantilever Beam Using Finite Element Method

i-manager’s Journal on Future Engineering and Technology ◽

10.26634/jfet.4.4.174 ◽

2009 ◽

Vol 4 (4) ◽

pp. 54-56

Author(s):

N. V. Ramesh Maganti ◽

◽

Mohan Rao N. ◽

Keyword(s):

Finite Element Method ◽

Finite Element ◽

Static Analysis ◽

Cantilever Beam ◽

Functionally Graded ◽

Element Method

Download Full-text

Effects of openings on the seismic behavior and performance level of concrete shear walls

10.31224/osf.io/phfyd ◽

2019 ◽

Author(s):

Hossein Alimohammadi ◽

Mostafa Dalvi Esfahani ◽

Mohammadali Lotfollahi Yaghin

Keyword(s):

Static Analysis ◽

Cross Section ◽

Seismic Behavior ◽

Shear Walls ◽

Shear Wall ◽

Constant Cross Section ◽

Added Resistance ◽

Different Shapes ◽

And Performance ◽

Abaqus Software

In this study, the seismic behavior of the concrete shear wall considering the opening with different shapes and constant cross-section has been studied, and for this purpose, several shear walls are placed under the increasingly non-linear static analysis (Pushover). These case studies modeled in 3D Abaqus Software, and the results of the ductility coefficient, hardness, energy absorption, added resistance, the final shape, and the final resistance are compared to shear walls without opening.

Download Full-text

Electronic fee collection. Security framework

10.3403/30261651 ◽

2013 ◽

Keyword(s):

Security Framework

Download Full-text