Analisis Keamanan Data Pribadi Pada Aplikasi Satusehat Berbasis Mobile Android Dengan Metode Statis Dan Dinamis

Authors

  • Qoyum Milati Tri Rejeki Unversitas Ahmad Dahlan

Keywords:

Application security, SatuSehat Mobile, Digital forensics, MobSF, NIST

Abstract

The government uses the PeduliLindungi application to prevent the spread of Covid-19, which has now transformed into SatuSehat Mobile. The SatuSehat Mobile application requires personal user data to run the application, but the increasing use of technology also increases the risk of cybercrime, so that users doubt the security of the application and user data on the application. This study aims to analyze security gaps in the SatuSehat Mobile and PeduliLindungi applications and user data through the application of static analysis and dynamic analysis methods.

This study uses static analysis and dynamic analysis with the National Institute of Standards and Technology digital forensic process consisting of collection, examination, analysis and reporting. The forensic tools used are the Mobile Security Framework (MobSF) and Intezer with the parameters of using dangerous permission, weak crypto, domain malware check and root detection. Collection of digital data from Android smartphones, examination includes selecting the necessary data from application files, analysis is carried out using the MobSF and Intezer tools, reporting writes findings and reports in a structured manner.

The results of the study showed that both applications contained 4 weak crypto, consisting of 1 high severity and 3 warning severity. SatuSehat Mobile application has 10 dangerous permissions (access_background_location, access_coarse_location, access_fine_location, camera, post_notifications, read_external_storage, read_media_audio, read_media_images, read_media_video, write_external_storage), while Pedulilindungi application has 9 dangerous permissions (access_background_location, access_coarse_location, access_fine_location, bluetooth_advertise, bluetooth_connect, bluetooth_scan, camera, read_external_storage, write_external_storage). Domain malware check and root detection of both applications have good status. Malicious malware was not detected in both applications. Users should disable permissions that are not required by the application's functionality to avoid exploitation.

Downloads

Download data is not yet available.

References

S. R. Andani, “Analysis of Information Security in Data Leaks in The PeduliLindungi Application,” Int. J. Informatics Comput. Sci., vol. 5, no. 3, pp. 246–249, 2021, doi: 10.30865/ijics.v5i3.3406.

“PeduliLindungi Resmi Berubah Menjadi SATUSEHAT,” https://promkes.kemkes.go.id/, 2023. https://promkes.kemkes.go.id/pedulilindungi-resmi-berubah-menjadi-satusehat#:~:text=Tepat pada tanggal 1 Maret,aplikasi kesehatan masyarakat SATUSEHAT Mobile. (accessed Mar. 05, 2023).

A. N. Dzulfaroh, “Saat Nomor KTP (NIK) Jokiwi Bocor,” 2021. https://www.kompas.com/tren/read/2021/09/04/170500165/saat-nomor-ktp-nik-jokowi-bocor-?page=all (accessed Jan. 15, 2023).

J. Nadhifah, “UPT Perpustakaan Perpustakaan Universitas Universitas Jember Jember,” Asuhan Keperawatan Pada AN.J Dan AN.Z Bronkopneumonia Dengan Masal. Keperawatan Ketidakefektifan Bersihan Jalan Nafas Di Ruang Bougenv. RSUD dr Haryoto LumajangTahun 2018, pp. 1–71, 2018.

V. Sargaiyan, M. Sapat, R. S. Yadav, S. Bhatele, S. S. Parihar, and A. H. Lanje, “Digital Forensics,” Int. J. Oral Care Res., vol. 5, no. 4, pp. 335–337, 2017, doi: 10.5005/jp-journals-10051-0127.

H. Wijayanto, D. Daryono, and S. Nasiroh, “Analisis Forensik Pada Aplikasi Peduli Lindungi Terhadap Kebocoran Data Pribadi,” J. Teknol. Inf. dan Komun., vol. 9, no. 2, p. 11, Nov. 2021, doi: 10.30646/tikomsin.v9i2.572.

A. Eka Dewi Melania, I. Gunawan, J. Teknik Elektro Jurusan Informatika ab Sekolah Tinggi Teknologi Ronggolawe, and P. Korenspondensi, “Analisis Keamanan Aplikasi Android Non Playstore Dengan Metode Digital Forensik Pendekatan Statis Dan Dinamis,” vol. 15, no. 2, pp. 29–34, 2021, [Online]. Available: https://m.apkpure.com.

V. Baryamureeba, F. Tushabe, K. Penelitian, and F. Digital, “Proses Investigasi Digital yang Disempurnakan Model,” 2004.

H. Dalziel and A. Abraham, Automated Security Analysis of Android and iOS Applications with Mobile Security Framework. Waltham: Syngress Publication, 2015.

G. Koala, D. Bassolé, A. Zerbo/Sabané, T. F. Bissyandé, and O. Sié, “Analysis of the impact of permissions on the vulnerability of mobile applications,” Lect. Notes Inst. Comput. Sci. Soc. Telecommun. Eng. LNICST, vol. 311 LNICST, no. February, pp. 3–14, 2020, doi: 10.1007/978-3-030-41593-8_1.

G. Leurent and T. Peyrin, “From collisions to chosen-prefix collisions application to full SHA-1,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 11478 LNCS, pp. 527–555, 2019, doi: 10.1007/978-3-030-17659-4_18.

F. Kurniawan, A. Kusyanti, and H. Nurwarsito, “Analisis dan Implementasi Algoritma SHA-1 dan SHA-3 pada Sistem Autentikasi Garuda Training Cost,” J. Pengemb. Teknol. Inf. dan Ilmu Komput., vol. 1, no. 9, pp. 803–812, 2017, [Online]. Available: http://j-ptiik.ub.ac.id/index.php/j-ptiik/article/view/247

H. Sibyan, “Implementasi Enkripsi Basis Data Dengan Algoritma Dengan Algoritma MD5 (Message Digest Algorithm 5) dan Vigenere Cipher,” Ppkm I, vol. 5, pp. 114–121, 2017.

Downloads

Published

2025-03-08

How to Cite

Tri Rejeki, Q. M. (2025). Analisis Keamanan Data Pribadi Pada Aplikasi Satusehat Berbasis Mobile Android Dengan Metode Statis Dan Dinamis. Jurnal Ilmu Komputer Dan Sistem Informasi (JIKOMSI), 8(1), 1-11. Retrieved from https://ejournal.sisfokomtek.org/index.php/jikom/article/view/4187

Issue

Vol. 8 No. 1 (2025): Edisi Maret

Section

Articles

License

Copyright (c) 2025 Qoyum Milati Tri Rejeki

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.