TL;DR – Key Takeaways
- Mobile apps are now core infrastructure, not a secondary security concern
- Quokka is expanding reach via partnerships, analysts, and more
- National initiatives and research expose real-world mobile app risks
From powering a government-backed security initiative to embedding mobile app risk intelligence directly into the tools security teams already rely on, Quokka’s momentum in 2H 2025 reflects a broader shift: mobile apps are no longer a secondary risk surface. They are core infrastructure.
Supporting Digital Trust at a National Level
One of the most meaningful milestones of 2H 2025 was Quokka’s role in powering the Cyber Security Agency of Singapore’s (CSA) Safe App Portal pilot. This national initiative was designed to improve the baseline security of mobile applications and strengthen public trust across Singapore’s digital ecosystem.
The Safe App Portal provides developers with clear insights into mobile app security, highlighting vulnerabilities, risky behaviors, and privacy issues. At scale, this kind of visibility changes the conversation from reactive incident response to proactive risk management. This collaboration shows that mobile security is becoming a priority across the ecosystem.
Driving Awareness Through Research
In parallel, our research team continued to demonstrate why independent security research matters.
Our researchers uncovered serious security flaws in Uhale-powered digital picture frames sold under multiple brands across major online marketplaces. These digital frames expose users to malware, surveillance, and broader network compromise.
The findings highlight the hard truth that anything connected can be targeted.
Embedding Mobile App Risk Where Security Teams Work
We also expanded our Q-scout partner ecosystem to ensure mobile app risk intelligence flows directly into enterprise workflows. Our new partnerships include:
- Brightfin – The launch of Brightfin Proof brought Quokka’s real-time app risk intelligence directly into ServiceNow-native environments. Security and IT teams can continuously score app risk, automate policy actions, and simplify compliance without adding operational overhead.
- Hexnode UEM – A new integration with Hexnode enables continuous mobile app risk monitoring across iOS and Android devices managed by Hexnode, helping teams assess malicious behavior, vulnerabilities, and privacy risks directly from their device management workflows.
- Microsoft Sentinel – Building on our Microsoft Intune integration, Quokka expanded into Microsoft Sentinel, bringing mobile app risk intelligence into SIEM workflows for faster detection, correlation, and response.
We’re continuing to build our Q-scout integrations and partnerships and have already launched another integration in 2026–Ivanti Neurons for MDM. We’ll be building and announcing more partnerships soon.
Recognized by Gartner for Mobile App Security Leadership
Industry analysts took note of Quokka’s advancements as well.
In late summer 2025, Quokka was recognized as a Sample Vendor in the Gartner How to Avoid Common Cybersecurity Pitfalls in Mobile App Development report (published July 16, 2025 by Dionisio Zumerle) and the Gartner® Hype Cycle™ for Application Security (published July 22, 2025 by Dionisio Zumerle) for the fourth consecutive year.
The Hype Cycle states, “While mobile AST products are mainly used with homegrown applications, some enterprises are using them for application vetting. This allows organizations to identify leaky or malicious applications.” Although Q-mast was at the center of Quokka’s recognition in these analyst reports, Q-scout is our purpose-built solution for this mobile app vetting use case.
From Awareness to Action
As mobile apps continue to shape how people work, communicate, and access critical services, the security model around them has to evolve just as quickly. The progress we made in the second half of 2025 shows that the broader ecosystem is recognizing the urgent risk mobile apps represent. We’re entering 2026 with momentum, a growing ecosystem of partners, and a clear mandate — to turn mobile app risk from an invisible threat into a measurable, manageable part of every organization’s security posture.
