Apps are endpoints.
Protecting mobile requires mitigating security, privacy, and malicious threats to apps
Leverage contextual mobile security intelligence to prevent zero-day app exploits that result in data exfiltration, secondary cyber attacks and breaches.
Quokka discovers and delivers unsurpassed mobile security intelligence
Real-world context
Only endpoint protection to scan all apps, data destinations, and system configurations in context of each mobile device in order to enable remediation
10M+
devices protected
115k+
vulnerabilities found
2M+
apps scanned
Original research
Only researchers in the industry to discover hundreds of new zero-day vulnerabilities and threats that power proprietary app scanning engines
500+
zero-day device vulnerabilities
350+
academic citations
230+
mobile CVEs
11
academic papers
Privacy-first approach
First and only mobile endpoint protection that end users trust because no personal information or data is collected or shared with enterprise IT
0
personal info or data
Defense-grade engines
Longest-standing mobile security for the US Federal Government, founded with grants from DARPA and NIST
30+
international governmental agencies
Explore how Quokka delivers actionable mobile security intelligence
Prevent zero-day exploits to protect organizations from mobile security, privacy, and malicious threats
Original research
Real world context
Privacy-first architecture
Defense-grade engines
Quokka Contextual Mobile Security Intelligence
Automated Mobile App Security Testing
Integrations with Quokka
Quokka API
AST tools
DevSecOps tools
App Vetting for 3rd Party Apps
Integrations with Quokka
Quokka API
MDMs, IDPs
DevSecOps tools
Privacy-First Mobile Endpoint Protection
Integrations with Quokka
SDK
MDMs, IDPs
DevSecOps tools
Integrations with Quokka
Achieving mobile zero trust requires visibility into mobile assets and insights on threats – as they emerge
Rely on the industry’s only proprietary, defense-grade app scanning engines that uncover more security, privacy, and malicious behavior findings than any other app testing tool
Quokka Core
External code fetches, websites visits, network traffic
Hard coded keys, Weak hash, Insecure web-views, permission usage analysis
Capabilities of other app testing tools
Capabilities of other app testing tools
RASP & TLS friendly dynamic analysis
Covers crypto best practices, dynamic code, inter-component and inter-app communication, tapjacking, PII leaks, input validation, tracking, webview weaknesses, and many more.
Quokka Advanced
Code/Data Sharing Detection (App Collusion)
In-app purchase vulnerability, unprotected permission exploit
Exploitable inter-app communication vulnerabilities:
- Message to app to crash or brick the device
- Message to app to leak recording of device screen
Advanced SBOM:
- Transitively identifies common libraries used by an app, their version, and their public CVEs
- Novel ways to handle obfuscations and code shrinkage
Quokka NextGen
Malicious code that runs only after app runs for a long time
Remote Command & Control to give access to app, device or files
Read sensitive PIl data like device location and send over network
Static App Analysis Comparison
1 = Not Competitive
4 = Industry Leading
4
—
3
—
2
—
1
—
Flow-Based Vulnerability Scanning
Software Bill Of Materials Analysis
Code/Data Sharing Detection
Misconfiguration Detection
IOS Pattern-Based Weaknesses Scanning
Android Pattern-Based Weaknesses
App Permission Usage Analysis
Quokka
Competitive Average
Dynamic App Analysis Comparison
4
—
3
—
2
—
1
—
Forced-Path Execution Analysis
(dynamic analysis and behavioral profiling without input)
Zero-day Denial-of-Service Scanning
Dynamic Analysis and Behavioral Profiling
(runtime with known input)
Static App Analysis Comparison
1 = Not Competitive
4 = Industry Leading
Quokka
Competitive Average
4
—
3
—
2
—
1
—
Flow-Based Vulnerability Scanning
4
—
3
—
2
—
1
—
Software Bill Of Materials Analysis
4
—
3
—
2
—
1
—
Code/Data Sharing Detection
4
—
3
—
2
—
1
—
Misconfiguration Detection
4
—
3
—
2
—
1
—
IOS Pattern-Based Weaknesses Scanning
4
—
3
—
2
—
1
—
Android Pattern-Based Weaknesses
4
—
3
—
2
—
1
—
App Permission Usage Analysis
Dynamic App Analysis Comparison
Quokka
Competitive Average
4
—
3
—
2
—
1
—
Forced-Path Execution Analysis
(dynamic analysis and behavioral profiling without input)
4
—
3
—
2
—
1
—
Zero-day Denial-of-Service Scanning
4
—
3
—
2
—
1
—
Dynamic Analysis and Behavioral Profiling
(runtime with known input)
Quokka technology powers CVE discovery
Backed by state of the art original research
Become a Quokka Technology Partner
Integrate Quokka Contextual Mobile Security Intelligence to enable your customers to prevent mobile zero-day exploits.
Helping protect the mobile ecosystem
Security teams
Protect your organization from mobile zero-day attacks – whether developing apps or deploying enterprise apps to enable a mobile workforce
~50% of organizations experience mobile compromises [1]
IT teams
Enable your mobile workforce with the peace of mind they’re using vetted enterprise apps on secure devices, all while protecting their privacy
70% of successful data breaches originate at endpoint devices [2]
App developers
Ship high-quality, secure apps faster to keep up with the pace and complexity of development while protecting your organization from fraud and breaches
90% faster with automated app security testing [3]
MSSPs
Provide your customers with apps vetted for security, with the services they need to protect their mobile fleets from zero-day exploits
100% mobile fleet coverage, with or without an MDM
Learn more about mobile security
From the resource center
Mobile security that makes you smile.
Sign up for our newsletter, The Quokka Intel Briefing
Copyright © 2024, Quokka. All rights reserved.
Solutions
Products
