<![CDATA[This study evaluates the implementation of data security and privacy mechanisms in the Catatmak mobile application, a local personal finance tool. It addresses the increasing risks associated with the handling of sensitive user data, particularly in digital financial platforms used by the general public. A qualitative method was employed, using semi-structured interviews with the main developer of the app, who also oversees the system’s technical infrastructure. The interview explored data collection policies, encryption and authentication mechanisms, as well as role-based access control. In parallel, static and dynamic security assessments were conducted using Mobile Security Framework (MobSF) and the OWASP Application Security Verification Standard (ASVS). Results indicate that Catatmak enforces key security practices including HTTPS encryption, OTP-based login, encrypted cloud storage, and RBAC-based access segmentation. Despite these efforts, user-related vulnerabilities remain dominant, particularly weak password habits and careless sharing of OTP codes. The developer emphasized that “most threats don’t come from hackers, but from users giving away their own credentials.” As a result, the study recommends the integration of two-factor authentication (2FA), user security education, and the adoption of Secure Software Development Lifecycle (SDLC) principles. These insights are expected to inform the development of more secure financial apps within the Indonesian digital ecosystem.]]>
Copyrights © 2025
