Forensic Analysis of Mobile Application Security Using the IDFIF v2 Framework

Authors

  • Abdul Aziz Setiawan Universitas Esa Unggul
  • Imam Sutanto Universitas Esa Unggul

DOI:

https://doi.org/10.12928/mf.v7i1.12660

Keywords:

IDFIFv2, Vulnerability Analysis, MobSF, Mobile Application Security, Dynamic Analysis

Abstract

Mobile application security has become an important issue in the midst of increasing cyber attacks, especially on the Android platform. This research aims to analyse the vulnerability of mobile applications using the Integrated Digital Forensics Investigation Framework (IDFIF) version 2 framework with a focus on the Laboratory Process stage. The tool used is Mobile Security Framework (MobSF) for static and dynamic analysis, supported by Genymotion emulator.The results show that the tested application has several vulnerabilities, such as malicious permissions (READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE), the use of v1 signature schemes that are vulnerable to Janus attacks, as well as the ability to manipulate the application through bypass debugging. However, no vulnerabilities were found in the SSL Pinning process. These findings provide important insights into security mitigation measures, such as removing malicious permissions, updating certificate mechanisms, and encrypting sensitive data.The application of IDFIF v2 in this investigation demonstrates its effectiveness in systematically detecting and analysing mobile application vulnerabilities, contributing to the development of better security protocols in the future.

References

A. Ma’Arif, A. I. Cahyadi, S. Herdjunanto, and O. Wahyunggoro, ‘Tracking Control of High Order Input Reference Using Integrals State Feedback and Coefficient Diagram Method Tuning’, IEEE Access, vol. 8, pp. 182731–182741, 2020, doi: 10.1109/ACCESS.2020.3029115.

J. C. Maxwell, A Treatise on Electricity and Magnetism, 3rd ed. Oxford: Clarendon, 1892.

N. Anwar, S. A. Akbar, A. Azhari, and I. Suryanto, ‘Ekstraksi Logis Forensik Mobile pada Aplikasi E-Commerce Android’, Mob. Forensics, vol. 2, no. 1, pp. 1–10, Mar. 2020, doi: 10.12928/mf.v2i1.1791.

N. N. Abbas, A. A. Zeerak, M. A. Javaid, and M. Hussain, ‘Comparative Forensic Analysis of Android based Social Media Applications’, Mob. Forensics, vol. 4, no. 2, pp. 102–114, Feb. 2023, doi: 10.12928/mf.v4i2.6270.

P. B. Pangestu and M. Koprawi, ‘Comparison of Forensic Tool Results on Android Smartphone Backup Files Using NIST Method’, Mob. Forensics, vol. 4, no. 2, pp. 115–126, Feb. 2023, doi: 10.12928/mf.v4i2.6496.

A. Ma’arif, A. imam Cahyadi, and O. Wahyunggoro, ‘CDM Based Servo State Feedback Controller with Feedback Linearization for Magnetic Levitation Ball System’, Int. J. Adv. Sci. Eng. Inf. Technol., vol. 8, no. 3, p. 930, Jun. 2018, doi: 10.18517/ijaseit.8.3.1218.

N. Huda, L. Aulia, and M. C. Pandini, ‘Identification of Plasmodium Vivax in Blood Smear Images Using Otsu Thresholding Algorithm’, Mob. Forensics, vol. 6, no. 2, pp. 61–73, Sep. 2024, doi: 10.12928/mf.v6i1.11261.

I. R. Tuharea, A. Luthfi, and E. Ramadani, ‘Social Media Metadata Forensic Ontology Model’, Mob. Forensics, vol. 5, no. 2, pp. 1–14, Sep. 2023, doi: 10.12928/mf.v5i2.8937.

I. Riadi, A. Yudhana, and W. Y. Sulistyo, ‘Analisis Image Forensics Untuk Mendeteksi Pemalsuan Foto Digital’, Mob. Forensics, vol. 1, no. 1, p. 13, Sep. 2019, doi: 10.12928/mf.v1i1.703.

A. S. M. M. Rahaman, S. Marzia, T. H. Arnob, M. Z. Rahman, and J. Akhter, ‘Forensic Artifact Discovery and Suspect Profiling through Google Assistant’, Mob. Forensics, vol. 5, no. 1, pp. 1–11, Sep. 2023, doi: 10.12928/mf.v5i1.8046.

M. E. Apriyani, R. A. Maskuri, M. H. Ratsanjani, A. Pramudhita, and R. Rawansyah, ‘Forensic Digital Analysis of Telegram Applications Using the National Institute Of Justice and Naïve Bayes Methods’, Mob. Forensics, vol. 5, no. 2, pp. 21–30, Sep. 2023, doi: 10.12928/mf.v5i2.7893.

A. H. Muhammad and G. Mandar, ‘National Institute of Standard Technology Approach for Steganography Detection on WhatsApp Audio Files’, Mob. Forensics, vol. 6, no. 2, pp. 74–82, Sep. 2024, doi: 10.12928/mf.v6i2.11287.

S. Kartoirono, I. Riadi, F. Furizal, and A. Azhari, ‘Improved Breadth First Search For Public Transit Line Search Optimization’, Mob. Forensics, vol. 5, no. 1, pp. 12–22, Mar. 2022, doi: 10.12928/mf.v5i1.7906.

G. B. Akintola, ‘Evaluating the Security Vulnerabilities of the Selected Mobile Forensic Applications’, Int. J. Sci. Res. Multidiscip. Stud., vol. 11, no. 2, pp. 16–35, 2025.

A. S. B. Kusreynada, Sabrina Uhti, ‘Android Apps Vulnerability Detection with Static and Dynamic Analysis Approach using MOBSF’, J. Comput. Sci. Eng., vol. 5, no. 1, pp. 46–63, 2024.

H. Shahriar, C. Zhang, M. A. Talukder, and S. Islam, ‘Mobile Application Security Using Static and Dynamic Analysis’, 2021, pp. 443–459. doi: 10.1007/978-3-030-57024-8_20.

T. Yorozu, M. Hirano, K. Oka, and Y. Tagawa, ‘Electron Spectroscopy Studies on Magneto-Optical Media and Plastic Substrate Interface’, IEEE Transl. J. Magn. Japan, vol. 2, no. 8, pp. 740–741, 1987, doi: 10.1109/TJMJ.1987.4549593.

H. Herpindo, R. Ristiyani, M. Rizqin Nikmatullah, and R. Ngestrini, ‘Developing an Android Application for Analyzing Indonesian Syntax: A Rule and Probability-Based POS Tagging Approach’, REiLA J. Res. Innov. Lang., vol. 6, no. 2 SE-Articles, pp. 125–142, Jul. 2024, doi: 10.31849/reila.v6i2.14975.

M. Liyanage et al., ‘Enhancing Security of Software Defined Mobile Networks’, IEEE Access, vol. 5, pp. 9422–9438, 2017, doi: 10.1109/ACCESS.2017.2701416.

Z. Trabelsi, M. Al Matrooshi, S. Al Bairaq, W. Ibrahim, and M. M. Masud, ‘Android based mobile apps for information security hands-on education’, Educ. Inf. Technol., vol. 22, no. 1, pp. 125–144, Jan. 2017, doi: 10.1007/s10639-015-9439-8.

K. Ogata, Modern control engineering, 5th ed. New York: Pearson Education.

A. Ma’arif, A. I. Cahyadi, O. Wahyunggoro, and Herianto, ‘Servo state feedback based on Coefficient Diagram Method in magnetic levitation system with feedback linearization’, in 2017 3rd International Conference on Science and Technology - Computer (ICST), Jul. 2017, pp. 22–27. doi: 10.1109/ICSTC.2017.8011846.

Downloads

Published

2025-03-20

Issue

Vol. 7 No. 1 (2025)

Section

Articles

License

Copyright (c) 2025 Abdul Aziz Setiawan, Imam Sutanto

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Start from 2019 issues, authors who publish with JURNAL MOBILE AND FORENSICS agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.

 

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.