This study evaluates the security of the Mobile Application for the Palm Oil Harvest Information System using static and dynamic analysis through the Mobile Security Framework (MobSF). The research is motivated by the high risk of exploitation in APK-based applications and the lack of in-depth security assessments for applications that manage farmers’ operational data. Static analysis was conducted to identify structural weaknesses, including the use of debug certificates, enabled debugging mode, a low minimum SDK version (minSdkVersion), and exported components without proper protection. The initial results showed an App Security Score of 43/100 (Medium Risk), which increased to 67/100 (Low Risk) after configuration improvements were applied. Dynamic analysis was then performed to assess application security during runtime. The results indicated that the client side was relatively secure, with HTTPS-encrypted communication and no logging of sensitive data. However, dynamic analysis revealed vulnerabilities on the server side, where several backend endpoints could be accessed without authentication and without parameter validation, leading to potential risks of Broken Access Control and Insecure Direct Object Reference (IDOR). The findings confirm that static improvements are effective in strengthening the structural security of the application. Nevertheless, reinforcing authentication, authorization, and request validation mechanisms on the backend API remains essential to ensure comprehensive security before deployment in an operational environment. Unlike previous studies that generally focus only on vulnerability mapping, this study evaluates the effectiveness of security mitigation in a step-by-step manner by demonstrating improvements in static analysis scores and re-validating the results through dynamic analysis. Therefore, this research provides a more comprehensive security assessment of mobile applications by covering both client-side and backend aspects.

API backend, dynamic analysis, mobile application security; mobile security framework (MobSF); static analysis

DataIndonesia.id, “Deretan Negara dengan Persentase Pengguna Internet Melalui Ponsel Terbesar pada Kuartal IV/2024,” 2024. Accessed: May 30, 2025. [Online]. Available: 1. https://dataindonesia.id/internet/detail/deretan-negara-dengan-persentase-pengguna-internet-melalui-ponsel-terbesar-pada-kuartal-iv2024

Asosiasi Penyelenggara Jasa Internet Indonesia (APJII), “Laporan Survei Internet Indonesia 2024,” Jakarta, 2024. Accessed: May 30, 2025. [Online]. Available: https://apjii.or.id/

A. Ardi, Y. Aufar, A. Eko Syaputra, and M. Saputra, “Integration of Geolocation and Real-Time Data for Optimizing BoardingHouse Search in Mobile Applications,” Sistemasi: Jurnal Sistem Informasi, Vol. 14, No. 3, pp. 2540–9719, Mar. 2025.

DataIndonesia.id, “Data Volume Ekspor Minyak Sawit Indonesia 1 Tahun Terakhir hingga Januari 2025,” 2025. Accessed: May 30, 2025. [Online]. Available: 2. https://dataindonesia.id/industri-perdagangan/detail/data-volume-ekspor-minyak-sawit-indonesia-1-tahun-terakhir-hingga-januari-2025

M. V. Alfarisi and D. Enda, “Rancang Bangun Aplikasi berbasis Mobile untuk Perhitungan dan Pelaporan pada Agen Penimbangan Sawit,” Edukasi Terkini: Jurnal Pendidikan Modern, Vol. 7, No. 3, pp. 65–77, Sep. 25AD.

N. Hidayasari, Kasmawi, Mansur, P. Nuranisa, and M. Iqbal Husaini, “Analisis Penerapan Aspek Keamanan Informasi CIA Triad pada Sistem Informasi Akademik,” in Seminar Nasional Industri dan Teknologi (SNIT), Bengkalis: Politeknik Negeri Bengkalis, Nov. 2024, pp. 90–96.

Zimperium, “2025 Global Mobile Threat Report,” 2025. Accessed: May 30, 2025. [Online]. Available: https://zimperium.com/gmtr-track-25

A. Abraham, “Mobile Security Framework (MobSF),” GitHub. Accessed: Jun. 06, 2025. [Online]. Available: https://github.com/MobSF/Mobile-Security-Framework-MobSF

F. Nurindahsari and B. P. Zen, “Analisis Statik Keamanan Aplikasi Video Streaming berbasis Android menggunakan Mobile Security Framework (Mobsf) Security Static Analysis of Android-based Video Streaming Application using Mobile Security Framework (Mobsf),” Cybersecurity and Digital Forensics Journal, Vol. 4, No. 2, pp. 63–80, Apr. 2022.

R. Abdillah, A. A. Trinoto, and I. Himawan, “Static Analysis using Mobile Security Framework for Smart Home Appliances,” Journal of Information System, Applied, Management, Accounting and Research, Vol. 7, No. 3, pp. 760–765, Jul. 2023.

S. U. Kusreynada and A. S. Barkah, “Android Apps Vulnerability Detection with Static and Dynamic Analysis Approach using MOBSF,” Journal of Computer Science and Engineering (JCSE), Vol. 5, No. 1, pp. 46–63, Apr. 2024, DOI: http://dx.doi.org/10.36596/jcse.v5i1.789.

C. Anwar, C. Herli Sumerli A, N. Rahayu, and K. Kraugusteeliana, “The Application of Mobile Security Framework (MOBSF) and Mobile Application Security Testing Guide to Ensure the Security in Mobile Commerce Applications,” Jurnal Sistim Informasi dan Teknolog, Vol. 5, No. 2, pp. 97–102, Jun. 2023, DOI: https://doi.org/10.37034/jsisfotek.v5i2.231.

T. B. Subakja, M. Fronita, S. Syaifullah, T. Khairil Ahsyar, and S. Siregar, “Analisis Perbandingan Keamanan Apliksi Transportasi Online berbasis Android menggunakan Mobile Security Framework (Mobsf),” JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika, Vol. 10, No. 2, pp. 1823–1837, Jul. 2025, DOI: https://doi.org/10.29100/jipi.v10i2.6185.

F. Awanda Alviansyah and E. Ramadhani, “Implementasi Dynamic Application Security Testing pada Aplikasi berbasis Android,” Automata, Vol. 2, No. 1, Jan. 2021.

K. N. Isnaini and D. Suhartono, “Security Analysis of Simpel Desa using Mobile Security Framework and ISO 27002:2013,” INTENSIF: Jurnal Ilmiah Penelitian dan Penerapan Teknologi Sistem Informasi, Vol. 7, No. 1, pp. 84–105, Feb. 2023.

S. Erbeliza, “Analisis Keamanan Aplikasi Mobile Commerce menggunakan Mobile Security Framework (Mobsf) dan Owasp Mobile Application Security Testing Guide (Mastg),” Undergraduate thesis, Universitas Islam Negeri Syarif Hidayatullah Jakarta, Jakarta, 2023.

P. Nur Izzati and K. Kasmawi, “Static Analysis-based Security Enhancement for Mobile Applications using Mobile Security Framework (MOBSF),” Journal of Applied Informatics and Computing, Vol. 9, No. 4, pp. 1272–1279, Aug. 2025, DOI: doi.org/10.30871/jaic.v9i4.9525.

P. Rizkika, D. Juardi, A. Susilo Yuda Irawan Informatika, U. Singaperbangsa Karawang Jl HSRonggo Waluyo, T. Timur, and J. Barat, “Analisis Keamanan pada Aplikasi HIMFO berbasis Android menggunakan Mobsf,” JATI (Jurnal Mahasiswa Teknik Informatika), Vol. 8, No. 4, pp. 5945–5952, Aug. 2024.

O. K. Syahputra, A. Rizki Jatmiko, and A. P. Sanusi, “Evaluasi Keamanan Aplikasi Jogo Malang Presisi dengan Metode Mobile Security Framework (MOBSF) melalui Analisis Statis,” Seminar Nasional Sistem Informasi, Vol. 8, pp. 4796–4802, Dec. 2024.

F. Tanveer, F. Iradat, W. Iqbal, and A. Ahmad, “Towards Secure APIs: A Survey on RESTful API Vulnerability Detection,” Computers, Materials and Continua, Vol. 84, No. 3, pp. 4223–4257, Jul. 2025, DOI: https://doi.org/10.32604/cmc.2025.067536.

A. S. Filho, R. J. Rodríguez, and E. L. Feitosa, “Automated Broken Object-Level Authorization Attack Detection in REST APIs Through OpenAPI to Colored Petri Nets Transformation,” Int J Inf Secur, Vol. 24, No. 2, pp. 83–101, Apr. 2025, DOI: https://doi.org/10.1007/s10207-024-00970-5.

Sancsoft, “Best Practices for Static Analysis of Mobile Apps,” Sancsoft. Accessed: Jul. 19, 2025. [Online]. Available: https://www.sancsoft.com/resources/best-practices/static-analysis-for-mobile-apps/

A. Anas, A. A. Alhelbawy, S. El Gamal, and B. Youssef, “BACAD: AI-based Framework for Detecting Vertical Broken Access Control Attacks,” Egyptian Informatics Journal, Vol. 28, p. 100571, Dec. 2024, DOI: https://doi.org/10.1016/j.eij.2024.100571.

N. Haris, K. Chen, A. Song, and B. Pou, “Finding Vulnerabilities in Mobile Application APIs: A Modular Programmatic Approach,” arXiv preprint, Oct. 2023, DOI: https://doi.org/10.48550/arXiv.2310.14137.