<![CDATA[This study evaluates the security of the Mobile Application for the Palm Oil Harvest Information System using static and dynamic analysis through the Mobile Security Framework (MobSF). The research is motivated by the high risk of exploitation in APK-based applications and the lack of in-depth security assessments for applications that manage farmers’ operational data. Static analysis was conducted to identify structural weaknesses, including the use of debug certificates, enabled debugging mode, a low minimum SDK version (minSdkVersion), and exported components without proper protection. The initial results showed an App Security Score of 43/100 (Medium Risk), which increased to 67/100 (Low Risk) after configuration improvements were applied. Dynamic analysis was then performed to assess application security during runtime. The results indicated that the client side was relatively secure, with HTTPS-encrypted communication and no logging of sensitive data. However, dynamic analysis revealed vulnerabilities on the server side, where several backend endpoints could be accessed without authentication and without parameter validation, leading to potential risks of Broken Access Control and Insecure Direct Object Reference (IDOR). The findings confirm that static improvements are effective in strengthening the structural security of the application. Nevertheless, reinforcing authentication, authorization, and request validation mechanisms on the backend API remains essential to ensure comprehensive security before deployment in an operational environment. Unlike previous studies that generally focus only on vulnerability mapping, this study evaluates the effectiveness of security mitigation in a step-by-step manner by demonstrating improvements in static analysis scores and re-validating the results through dynamic analysis. Therefore, this research provides a more comprehensive security assessment of mobile applications by covering both client-side and backend aspects.]]>
