Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal EDUMATIC: Jurnal Pendidikan Informatika
Faozi, Rizal Aglal
Unknown Affiliation
Computer Science & IT Education

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Security Maturity Assessment of Indonesian Android Mobile Banking Apps using MobSF and OWASP Faozi, Rizal Aglal; Majid, Nuur Wachid Abdul; Widodo, Suprih
Jurnal Pendidikan Informatika (EDUMATIC) Vol 10 No 1 (2026): Edumatic: Jurnal Pendidikan Informatika (IN PRESS)
Publisher : Universitas Hamzanwadi

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.29408/edumatic.v10i1.33285

Abstract

The rapid expansion of mobile banking in emerging economies has increased exposure to client-side security risks, while MASVS-based security maturity benchmarking of conventional banking applications remains underrepresented in the literature. This study conducts a standard-based comparative security maturity assessment of two major Indonesian Android banking applications, BRImo and myBCA. APK files obtained from the Google Play Store were analysed using Static Application Security Testing with the Mobile Security Framework (MobSF) and evaluated against OWASP MASVS Level 2 and MASVS-R. MobSF scores were interpreted as relative indicators of security maturity based on severity-weighted findings across multiple domains. The results reveal a clear divergence in maturity levels. Although both applications demonstrate strong network-layer protection, BRImo exhibits structural weaknesses in storage, cryptography, platform interaction, and resilience domains, indicating fragmented defence-in-depth implementation. In contrast, myBCA shows more consistent cross-domain control integration. This study contributes an MASVS-based security maturity benchmarking approach and provides conceptual evidence that formal regulatory compliance may coexist with inconsistent client-side technical implementation. The findings offer analytically transferable insights for developers, security auditors, and regulators in rapidly digitalising financial ecosystems.
Co-Authors Nuur Wachid Abdul Majid Suprih Widodo, Suprih