Apps are endpoints.

Protecting mobile requires mitigating security, privacy, and malicious threats to apps

Leverage contextual mobile security intelligence to prevent zero-day app exploits that result in data exfiltration, secondary cyber attacks and breaches.

Quokka discovers and delivers unsurpassed mobile security intelligence

Real-world context

Only endpoint protection to scan all apps, data destinations, and system configurations in context of each mobile device in order to enable remediation

10M+

devices protected

115k+

vulnerabilities found

2M+

apps scanned

Original research

Only researchers in the industry to discover hundreds of new zero-day vulnerabilities and threats that power proprietary app scanning engines

500+

zero-day device vulnerabilities

350+

academic citations

230+

mobile CVEs

11

academic papers

Privacy-first approach

First and only mobile endpoint protection that end users trust because no personal information or data is collected or shared with enterprise IT

0

personal info or data

Defense-grade engines

Longest-standing mobile security for the US Federal Government, founded with grants from DARPA and NIST

30+

international governmental agencies

Explore how Quokka delivers actionable mobile security intelligence

Prevent zero-day exploits to protect organizations from mobile security, privacy, and malicious threats

Original research

Real world context

Privacy-first architecture

Defense-grade engines

Quokka Contextual Mobile Security Intelligence

qmast logo

Automated Mobile App Security Testing

Integrations with Quokka

Quokka API

AST tools

DevSecOps tools

Q-vet application vetting logo

App Vetting for 3rd Party Apps

Integrations with Quokka

Quokka API

MDMs, IDPs

DevSecOps tools

Q-scout mobile endpoint security product

Privacy-First Mobile Endpoint Protection

Integrations with Quokka

SDK

MDMs, IDPs

DevSecOps tools

Integrations with Quokka

Achieving mobile zero trust requires visibility into mobile assets and insights on threats – as they emerge

Rely on the industry’s only proprietary, defense-grade app scanning engines that uncover more security, privacy, and malicious behavior findings than any other app testing tool

Quokka Core

External code fetches, websites visits, network traffic

Hard coded keys, Weak hash, Insecure web-views, permission usage analysis

Capabilities of other app testing tools

Capabilities of other app testing tools

RASP & TLS friendly dynamic analysis

Covers crypto best practices, dynamic code, inter-component and inter-app communication, tapjacking, PII leaks, input validation, tracking, webview weaknesses, and many more.

Quokka Advanced

Code/Data Sharing Detection (App Collusion)

In-app purchase vulnerability, unprotected permission exploit

Exploitable inter-app communication vulnerabilities:

  • Message to app to crash or brick the device
  • Message to app to leak recording of device screen

Advanced SBOM:

  • Transitively identifies common libraries used by an app, their version, and their public CVEs
  • Novel ways to handle obfuscations and code shrinkage

Quokka NextGen

Malicious code that runs only after app runs for a long time

Remote Command & Control to give access to app, device or files

Read sensitive PIl data like device location and send over network

Static App Analysis Comparison

1 = Not Competitive

4 = Industry Leading

4

—

3

—

2

—

1

—

Flow-Based Vulnerability Scanning

Software Bill Of Materials Analysis

Code/Data Sharing Detection

Misconfiguration Detection

IOS Pattern-Based Weaknesses Scanning

Android Pattern-Based Weaknesses

App Permission Usage Analysis

Quokka

Competitive Average

Dynamic App Analysis Comparison

4

—

3

—

2

—

1

—

Forced-Path Execution Analysis

(dynamic analysis and behavioral profiling without input)

Zero-day Denial-of-Service Scanning

Dynamic Analysis and Behavioral Profiling

(runtime with known input)

Static App Analysis Comparison

1 = Not Competitive

4 = Industry Leading

Quokka

Competitive Average

4

—

3

—

2

—

1

—

Flow-Based Vulnerability Scanning

4

—

3

—

2

—

1

—

Software Bill Of Materials Analysis

4

—

3

—

2

—

1

—

Code/Data Sharing Detection

4

—

3

—

2

—

1

—

Misconfiguration Detection

4

—

3

—

2

—

1

—

IOS Pattern-Based Weaknesses Scanning

4

—

3

—

2

—

1

—

Android Pattern-Based Weaknesses

4

—

3

—

2

—

1

—

App Permission Usage Analysis

Dynamic App Analysis Comparison

Quokka

Competitive Average

4

—

3

—

2

—

1

—

Forced-Path Execution Analysis

(dynamic analysis and behavioral profiling without input)

4

—

3

—

2

—

1

—

Zero-day Denial-of-Service Scanning

4

—

3

—

2

—

1

—

Dynamic Analysis and Behavioral Profiling

(runtime with known input)

Quokka technology powers  CVE discovery

Backed by state of the art original research

Become a Quokka Technology Partner

Integrate Quokka Contextual Mobile Security Intelligence to enable your customers to prevent mobile zero-day exploits.

Helping protect the mobile ecosystem

Security teams

Protect your organization from mobile zero-day attacks – whether developing apps or deploying enterprise apps to enable a mobile workforce

~50% of organizations experience mobile compromises [1]

IT teams

Enable your mobile workforce with the peace of mind they’re using vetted enterprise apps on secure devices, all while protecting their privacy

70% of successful data breaches originate at endpoint devices [2]

App developers

Ship high-quality, secure apps faster to keep up with the pace and complexity of development while protecting your organization from fraud and breaches

90% faster with automated app security testing [3]

MSSPs

Provide your customers with apps vetted for security, with the services they need to protect their mobile fleets from zero-day exploits

100% mobile fleet coverage, with or without an MDM

Learn more about mobile security

From the resource center

Upcoming Events

Register or book a meeting with us

Quokka Intel

The mobile security intelligence blog