<![CDATA[The government uses the PeduliLindungi application to prevent the spread of Covid-19, which has now transformed into SatuSehat Mobile. The SatuSehat Mobile application requires personal user data to run the application, but the increasing use of technology also increases the risk of cybercrime, so that users doubt the security of the application and user data on the application. This study aims to analyze security gaps in the SatuSehat Mobile and PeduliLindungi applications and user data through the application of static analysis and dynamic analysis methods. This study uses static analysis and dynamic analysis with the National Institute of Standards and Technology digital forensic process consisting of collection, examination, analysis and reporting. The forensic tools used are the Mobile Security Framework (MobSF) and Intezer with the parameters of using dangerous permission, weak crypto, domain malware check and root detection. Collection of digital data from Android smartphones, examination includes selecting the necessary data from application files, analysis is carried out using the MobSF and Intezer tools, reporting writes findings and reports in a structured manner. The results of the study showed that both applications contained 4 weak crypto, consisting of 1 high severity and 3 warning severity. SatuSehat Mobile application has 10 dangerous permissions (access_background_location, access_coarse_location, access_fine_location, camera, post_notifications, read_external_storage, read_media_audio, read_media_images, read_media_video, write_external_storage), while Pedulilindungi application has 9 dangerous permissions (access_background_location, access_coarse_location, access_fine_location, bluetooth_advertise, bluetooth_connect, bluetooth_scan, camera, read_external_storage, write_external_storage). Domain malware check and root detection of both applications have good status. Malicious malware was not detected in both applications. Users should disable permissions that are not required by the application's functionality to avoid exploitation.]]>
