Penetration of internet usage in Indonesia has increased by 10.12% from 2017 to 2018. This has led to very rapid technological growth, such as the growth of online loan services or Financial Technology (Fintech). This condition makes the emergence of illegal fintech services built by certain groups to reap profits. Illegal fintech service providers stand building applications with a lot of personal data requested at registration. Starting from personal data, family, work up to banking are accompanied by photo evidence and contact numbers. Hybrid analysis is needed to see the extent in which the fintech application treats customer data. In this technique, there are static analysis and dynamic analysis. Static analysis is used to see the extent in which the fintech application runs on Smartphone devices with required data and other policies. Dynamic analysis is used to view the activity of tiles and permissions of fintech applications from source code, malware analysis, and permission analysis. Hybrid analysis results show that all fintech applications have a huge potential for misuse of customer's personal data. This is indicated by the existence of a data collection URL that can be accessed by the public, there are malware activities, READ_PHONE_STATE and READ_CONTACS permissions so that fintech application providers freely monitor all contact activities, locations on the customer's Smartphone. The results of the analysis can be used to recommend fintech service users to be careful of fintech applications. Moreover, it can be used as a reference for making illegal fintech detection frameworks.

Asosiasi Penyelenggara Jasa Internet Indonesia (APJII). (2018). Infografis Penetrasi & Perilaku Pengguna Internet Indonesia. Indonesia.

Baryamureeba, V., & Tushabe, F. (2004). The Enhanced Digital Investigation Process Model. Proceedings of the Digital Forensic Research Conference, DFRWS 2004 USA, 1–9.

Dewi Rosadi, S., & Gumelar Pratama, G. (2018). Urgensi Perlindungandata Privasidalam Era Ekonomi Digital Di Indonesia. Veritas et Justitia, 4(1), 88–110. https://doi.org/10.25123/vej.2916

Lin, X., Chen, T., Zhu, T., Yang, K., & Wei, F. (2018). Automated forensic analysis of mobile applications on Android devices. Digital Investigation, 26, S59–S66. https://doi.org/10.1016/j.diin.2018.04.012

Mark, R.-O. (2013). Information Security The Complete Reference, Second Edition. 896. Retrieved from www.it-ebooks.info/book/3340

Palmer, G. L. (2001). A Road Map for Digital Forensic Research.

Rahmadani, V. S., Raharjana, I. K., & Taufik, T. (2015). Penerapan Reverse Engineering Dalam Penentuan Pola Interaksi Sequence Diagram Pada Sampel Aplikasi Android. Journal of Information Systems Engineering and Business Intelligence, 1(1), 25. https://doi.org/10.20473/jisebi.1.1.25-32

Rosadi, S. D. (2017). Prinsip-Prinsip Perlindungan Data Pribadi Nasabah Kartu Kredit Menurut Ketentuan Nasional dan Implementasinya. Sosiohumaniora, 19(3), 206–212.

Sautunnida, L. (2018). Urgensi Undang-undang Perlindungan Data Pribadi di Indonesia. Kanun Jurnal Ilmu Hukum, 20(2), 369–384.