Skip to main content
        • Products

          Q-Scout

          Leading edge mobile device security delivering dynamic, actionable intelligence for fleet-wide protection applications

          Q-MAST

          Comprehensive testing for developers who build, use, and manage mobile applications

          Q-Vet

          Mobile app vetting for curated and enterprise managed app stores

        • Solutions by Want

          Mobile Application Security Testing

          Advanced analysis utilizing static, dynamic & interactive analysis of Android and iOS mobile applications

          BYOD

          Secure devices connecting to the enterprise network in the work and live anywhere world

          App Vetting

          Transparent and high-confidence results using pass/fail security evidence

          End Users

          Airtight digital security that empowers you to make informed decisions on what apps you do and do not give access to

          Regulatory Compliance

          Automated compliance testing for the latest privacy and security standards

        • Industries

          Federal Government

          Mobile security solutions for public sector needs across federal, state and local governments

          Finance

          Fintech application security solution for advanced mobile threats

        • Untitled Document

          All Resources

          Blogs

          The latest industry news in cybersecurity’s ever-evolving landscape

          Newsroom

          Press releases, news stories and media highlights from Quokka

          Webinars

          Videos and content where you can learn about the latest threats, trends and issues in cybersecurity

          Whitepapers

          Insights and helpful assets for exploring cybersecurity and digital security

        • Datasheets

          An in-depth description of Quokka solutions

          Technical Papers

          Deep dive into cybersecurity topics and technical papers discovered by Quokka

          Use Cases

          Detailed overview of how Quokka solutions solve real-world pain points

          Guides

          Best practices from our industry experts

          Partners

          Learn more about Quokka’s technology partners

        • Company

          Careers

          There are jobs - and then there is a career at Quokka

          Leadership

          Quokka’s global management team comprised of security experts and industry leaders

  • Support

Stress Less This Holiday Season By Knowing You’re
Shopping App is on the Quokka “Nice List”

Stress Less This Holiday Season By Knowing You’re Shopping App is on the Quokka “Nice List”

Quokka | November 28, 2022

Quokka

November 28, 2022

As the friendliest digital security and privacy company on Earth, Quokka loves calling attention to businesses and app developers leading the way in proactive security and privacy stewardship.

Since last year, we’ve made it a point to put together a holiday “Nice List” showcasing mobile shopping apps that go the distance for consumers. By analyzing popular apps across five business categories, we’ve compiled a shortlist of the apps most deserving of consumer trust this holiday season. Other apps are also in the what is considered safe list, but we are showcasing the top 5.

The apps listed here appear to have the lowest Android threat scores in their category, and are deemed Quokka Secure.

The Top 5

The top 5 apps assessed were Society6, Madewell, Lucky Supermarket, Brad’s Deal and Stripe Dashboard. Other standout apps in their respective categories included:

Boutique Apps:

  1. Society 6
  2. Etsy
  3. Sell on Folksy
  4. Poshmark
  5. Zazzle

Note: Of the Boutique Mobile Apps scanned, the average threat score was 25 with the most common threat being apps asking for more permissions than they needed to perform their core functions.

Big Brand Clothing:

  1. Madewell
  2. Victoria’s Secret
  3. PacSun
  4. American Eagle/Arie
  5. Nordstrom

Note: Of the Big Brand Clothing Apps scanned, the average threat score was 31 with the most common threat being the lack of a runtime app security protection (RASP) solution.

Digital Wallets & Payments:

  1. Stripe Dashboard
  2. Xoom Money Transfer
  3. Remitly: Send Money & Transfer
  4. Wise
  5. Wallet Cards | Digital Wallet

Note: Of the Digital Wallet Mobile Apps scanned, the average threat score was 56, with most threats being low or medium risk to end users. The most common privacy finding is that the apps share information about the user or app behavior with social networks.

Big Box Retailers:

  1. Lucky Supermarket
  2. Whole Foods Market
  3. Rite Aid
  4. Toys “R” Us
  5. Bed Bath & Beyond

Note: Of the Big Box Retailer Mobile Apps scanned, the average threat score was 32, with medium to low risk to end users. The most common privacy finding is tracking user behavior in their app with a third party tracking service.

Discount and Deal Giver Apps:

  1. Brad’s Deals
  2. Zulily
  3. DealNews
  4. Capital One Shopping
  5. Rakuten

Note: Of the Discount and Deal Giver Mobile Apps scanned, the average threat score was 34. The two most common privacy findings were tracking user behavior in the app with a third party tracking service and sharing user or app information with social networks.

How Did We Evaluate Apps on the List?

All apps included on the list were vetted using Q-Vet, Quokka’s proprietary, industry-leading Mobile Application Security Technology (MAST) solution. By combining static and dynamic closed-loop analysis, we were able to assign a Threat Score factoring uncovered Security Risks and Privacy Risks.

Q-Vet is used by organizations worldwide to proactively identify security and privacy vulnerabilities in mobile device applications without violating end user privacy in the process. Q-Vet tests modern protected apps without needing to circumvent built-in app protections, increasing the accuracy of security and privacy insights and speeding up the app vetting process.

Understand Risk to Eliminate It

For businesses and app developers facilitating mobile commerce, it is critically important to understand where risk proliferates, both to strengthen security and privacy posture and protect end users.

Limiting the amount of permissions an app requires is a basic (yet fundamentally important) way to reduce points of exposure. Each new permission granted creates a potential point of vulnerability.

  • Since many consumers reflexively grant permissions when prompted, it’s important to be proactive about including only the most essential integration requests.
  • These types of vulnerabilities were especially common in the apps analyzed to create the 2022 Nice List.

To gain a clearer picture of the security and privacy posture of a given application, consider using Q-Vet to quickly, accurately, and non-invasively scan your business’ mobile application for security and privacy vulnerabilities. Once an app is scanned through Q-Vet and added to a user’s watchlist, each version of this application will be scanned, automatically, ensuring that each publicly-available upgrade continues to meet security and privacy requirements.

For more information visit our blog or view our fireside chat.

Leave a Reply

Close Menu