Analisis Penyalahgunaan Data Pribadi Dalam Aplikasi Fintech Ilegal Dengan Metode Hibrid

Penetration of internet usage in Indonesia has increased by 10.12% from 2017 to 2018. This has led to very rapid technological growth, such as the growth of online loan services or Financial Technology (Fintech). This condition makes the emergence of illegal fintech services built by certain groups to reap profits. Illegal fintech service providers stand building applications with a lot of personal data requested at registration. Starting from personal data, family, work up to banking are accompanied by photo evidence and contact numbers. Hybrid analysis is needed to see the extent in which the fintech application treats customer data. In this technique, there are static analysis and dynamic analysis. Static analysis is used to see the extent in which the fintech application runs on Smartphone devices with required data and other policies. Dynamic analysis is used to view the activity of tiles and permissions of fintech applications from source code, malware analysis, and permission analysis. Hybrid analysis results show that all fintech applications have a huge potential for misuse of customer's personal data. This is indicated by the existence of a data collection URL that can be accessed by the public, there are malware activities, READ_PHONE_STATE and READ_CONTACS permissions so that fintech application providers freely monitor all contact activities, locations on the customer's Smartphone. The results of the analysis can be used to recommend fintech service users to be careful of fintech applications. Moreover, it can be used as a reference for making illegal fintech detection frameworks.