<![CDATA[The rapid expansion of mobile banking in emerging economies has increased exposure to client-side security risks, while MASVS-based security maturity benchmarking of conventional banking applications remains underrepresented in the literature. This study conducts a standard-based comparative security maturity assessment of two major Indonesian Android banking applications, BRImo and myBCA. APK files obtained from the Google Play Store were analysed using Static Application Security Testing with the Mobile Security Framework (MobSF) and evaluated against OWASP MASVS Level 2 and MASVS-R. MobSF scores were interpreted as relative indicators of security maturity based on severity-weighted findings across multiple domains. The results reveal a clear divergence in maturity levels. Although both applications demonstrate strong network-layer protection, BRImo exhibits structural weaknesses in storage, cryptography, platform interaction, and resilience domains, indicating fragmented defence-in-depth implementation. In contrast, myBCA shows more consistent cross-domain control integration. This study contributes an MASVS-based security maturity benchmarking approach and provides conceptual evidence that formal regulatory compliance may coexist with inconsistent client-side technical implementation. The findings offer analytically transferable insights for developers, security auditors, and regulators in rapidly digitalising financial ecosystems.]]>
Copyrights © 2026
