ANALISIS KEAMANAN APLIKASI SIMPEL DESA BERBASIS ANDROID MENGGUNAKAN MOBILE SECURITY FRAMEWORK

The use of a national identification number in the Simpel Desa application has the potential to pose an information security risk. Security analysis and evaluation using the Mobile Security Framework and ISO 27002:2013 aims to detect loopholes and map the application of information security standards in the Simpel Desa application. Based on the results of the static and dynamic analysis of the mobile security framework in the Simple Desa application, it is known that there are gaps in the implementation of security that are not appropriate. The evaluation was carried out using controls on ISO 27002:2013 which were adjusted to the results of the analysis and primary data obtained through the process of collecting data with qualitative techniques. Domain 9 access control and domain 10 cryptography are used in mapping the implementation of security standards based on the relevance of the results of the analysis carried out. The result is that in general, the Simpel Desa application has implemented information security standards in accordance with the two controls, although there are some applications that are not yet appropriate. From the evaluation results, there are several recommendations that are generated and can be used as evaluation material, including paying attention to application licensing and authorization, reviewing application access rights and user de-registration, tightening user authentication procedures, conducting periodic studies, and improving the competence of users who have special access rights, tighten the security of access to user information assets, and improve the application of data security methods used.