Published: 2025-01-01
Penggunaan Metode Reverse Engineering untuk Analisis Aplikasi .apk dalam Meningkatkan Keamanan Perangkat Android
DOI: 10.35870/jtik.v9i1.3209
Downloads
Abstract
The digital world has simplified life through technology, particularly with the significant role of smartphones. Android has become the dominant operating system in Indonesia, but its widespread use also increases potential security vulnerabilities, especially since many users lack understanding of data security. During the period of 2018-2020, around 74.95% of smartphone users in Indonesia used Android, most of whom were regular users who may not be aware of data security issues. This research aims to analyze the vulnerabilities of Android devices and the characteristics of the wedding invitation.apk application using reverse engineering to identify malware. Reverse engineering was used to extract data from the wedding invitation.apk file. The research results showed the presence of Spyware malware in the application, which, after installation, could send sensitive data to an external server without adequate protection and access data through OTP SMS and a Telegram bot. This application has the potential to misuse permissions to access SMS, send sensitive data to external servers without permission, and automatically send SMS. To reduce risks, it is recommended to download applications only from trusted sources, check application permissions before installation, regularly update the operating system and applications, and use security applications. This research emphasizes the importance of better security practices in mobile application development to protect users' privacy and data integrity.
Keywords
Android Data Security ; Reverse Engineering ; Spyware Malware
Article Information
This article has been peer-reviewed and published in the Jurnal JTIK (Jurnal Teknologi Informasi dan Komunikasi). The content is available under the terms of the Creative Commons Attribution 4.0 International License.
-
Issue: Vol. 9 No. 1 (2025)
-
Section: Computer & Communication Science
-
Published: %750 %e, %2025
-
License: CC BY 4.0
-
Copyright: © 2024 Authors
-
DOI: 10.35870/jtik.v9i1.3209
AI Research Hub
This article is indexed and available through various AI-powered research tools and citation platforms. Our AI Research Hub ensures that scholarly work is discoverable, accessible, and easily integrated into the global research ecosystem. By leveraging artificial intelligence for indexing, recommendation, and citation analysis, we enhance the visibility and impact of published research.
Fitriyanti S
Program Studi Informatika, Program Magister, Fakultas Industri, Universitas Islam Indonesia, Daerah Istimewa Yogyakarta, Indonesia.
Yudi Prayudi
Program Studi Informatika, Program Magister, Fakultas Industri, Universitas Islam Indonesia, Daerah Istimewa Yogyakarta, Indonesia.
-
Aldya, A. P., Widiyasono, N., & Setia, T. P. (2019). Reverse Engineering untuk Analisis Malware Remote Access Trojan. J. Edukasi dan Penelit. Inform, 5(1), 40.
-
Alviansyah, F. A., & Ramadhani, E. (2021). Implementasi Dynamic Application Security Testing pada Aplikasi Berbasis Android. AUTOMATA, 2(1).
-
Ansari, M. T. J., Baz, A., Alhakami, H., Alhakami, W., Kumar, R., & Khan, R. A. (2021). P-STORE: Extension of STORE methodology to elicit privacy requirements. Arabian Journal for Science and Engineering, 46, 8287-8310.
-
Anwar, N., Akbar, S. A., Azhari, A., & Suryanto, I. (2020). Ekstraksi Logis Forensik Mobile pada Aplikasi E-Commerce Android.
-
Ardita, I. K. A. O. (2022). Analisis Keamanan Aplikasi Android Dengan Metode Vulnerability Assessment. Jurnal Elektronik Ilmu Komputer Udayana, 10(3), 279–286.
-
Bastian, A., Sujadi, H., & Abror, L. (2020). Analisis keamanan aplikasi data pokok pendidikan (DAPODIK) menggunakan penetration testing dan SQL injection. INFOTECH journal, 6(2), 65-70. DOI: https://doi.org/10.31949/infotech.v6i2.848.
-
Cahyanto, T. A. (2021). Metode Live Memory Acquisition untuk Pencarian Artefak Digital Perangkat Memori Laptop Berdasarkan Simulasi Kasus Kejahatan. BIOS: Jurnal Teknologi Informasi dan Rekayasa Komputer, 2(1), 1–8.
-
Febrianto, A. F. (2020). Analisis Malware pada Sistem Operasi Android Menggunakan Metode Network Traffic Analysis. e-Proceeding of Engineering, 6(2), 7837–7844.
-
Fujs, D. (2023). Balancing Software and Training Requirements for Information Security. Elsevier, 134(1), 1–13.
-
Handlington, L. (2021). Exploring Role of Moral Disengagement and Counterproductive Work Behaviours in Information Security Awareness. Elsevier, 114(1), 1–8.
-
Hanifurohman, C., & Hutagalung, D. D. (2020). Analisis Statis Menggunakan Mobile Security Framework Untuk Pengujian Keamanan Aplikasi Mobile E-Commerce Berbasis Android. Sebatik, 24(1), 22-28.
-
Hazri, M. (2020). Analisis Malware PlasmaRAT dengan Metode Reverse Engineering. Jurti, 4(1), 1–8.
-
Heriyanto, A. P. (2016). Mobile Phone Forensics: Theory Mobile Phone Forensics and Security Series (1st ed.). Perpustakaan Nasional.
-
Jain, U. K. B. B. M. (2017). Malware Analysis. International Journal of Advanced Research in Computer Science and Software Engineering, 7(4), 27–33.
-
Kartiningrum, E. D. (2015). Panduan penyusunan studi literatur. Lembaga Penelitian Dan Pengabdian Masyarakat Politeknik Kesehatan Majapahit, Mojokerto, 1-9.
-
Khando, K. (2021). Enhancing Employees' Information Security Awareness in Private and Public Organizations: A Systematic Literature Review. Elsevier, 106(2), 1–22.
-
Knapp, T. R. (2016). Why Is the One-Group Pretest-Posttest Design Still Used? Sage Publications, 25(5), 467–472.
-
Kormalawati, D. (2021). Kejutan Puluhan Miliar Tokopedia Ditengah Kasus Kebocoran Data. Jurnal Syntax Admiration, 2(3), 49–56.
-
Lartey, K. H. (2021). Human Factor: A Critical Weak Point in the Information Security of an Organization’s Internet of Things. Heliyon, 7(4), 1–13.
-
Mbunge, E., Muchemwa, B., Batani, J., & Mbuyisa, N. (2023). A review of deep learning models to detect malware in Android applications. Cyber Security and Applications, 1, 100014.
-
Moises, F. D. S. M. (2023). Analisis Malware Android Menggunakan Metode Reverse Engineering. Jurnal Ilmiah dan Karya Mahasiswa (JIKMA), 1(1), 41–53.
-
Parsons, K. (2017). The Human Aspects of Information Security Questionnaire (HAIS-Q): Two Further Validation Studies. Elsevier, 66(2), 40–51.
-
Popa, D. (2013). A Security Framework for Mobile Cloud Applications. Conference Paper. DOI: 10.1109/RoEduNet.2013.6511724.
-
Setia, T. P. (2018). Analisis Malware Flawed Ammyy RAT Dengan Metode Reverse Engineering. Universitas Siliwangi Tasikmalaya.
-
Sloms, B. V. (2018). Cybersecurity and Information Security. Emerald Insight, 24(3), 1–10.
-
Smith, J. B. L. (2020). Audio-Based Music Structure Analysis: Current Trends, Open Challenges, and Applications. Transactions of the International Society for Music Information Retrieval (ISMIR), 3(1), 246–263.
-
Szczepaniuk, E. K. (2020). Information Security Assessment in Public Administration. Elsevier, 90(1), 1–11.
-
Talha, K. A. (2015). Digital Investigation APK Auditor: Permission-Based Android Malware Detection System. Science Direct, 13(1), 1–14.
-
Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., & Zhang, X. (2014). Exploring permission-induced risk in android applications for malicious application detection. IEEE Transactions on Information Forensics and Security, 9(11), 1869-1882.
-
Widiyasono, N. (2018). Analysis Malware Flawed Ammyy RAT dengan Metode Reverse Engineering. Jurnal Informatika: Jurnal Pengembangan IT (JPIT), 3(4), 371–379.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Authors who publish with this journal agree to the following terms:
1. Copyright Retention and Open Access License
Authors retain copyright of their work and grant the journal non-exclusive right of first publication under the Creative Commons Attribution 4.0 International License (CC BY 4.0).
This license allows unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
2. Rights Granted Under CC BY 4.0
Under this license, readers are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material for any purpose, including commercial use
- No additional restrictions — the licensor cannot revoke these freedoms as long as license terms are followed
3. Attribution Requirements
All uses must include:
- Proper citation of the original work
- Link to the Creative Commons license
- Indication if changes were made to the original work
- No suggestion that the licensor endorses the user or their use
4. Additional Distribution Rights
Authors may:
- Deposit the published version in institutional repositories
- Share through academic social networks
- Include in books, monographs, or other publications
- Post on personal or institutional websites
Requirement: All additional distributions must maintain the CC BY 4.0 license and proper attribution.
5. Self-Archiving and Pre-Print Sharing
Authors are encouraged to:
- Share pre-prints and post-prints online
- Deposit in subject-specific repositories (e.g., arXiv, bioRxiv)
- Engage in scholarly communication throughout the publication process
6. Open Access Commitment
This journal provides immediate open access to all content, supporting the global exchange of knowledge without financial, legal, or technical barriers.