In a threat landscape defined by velocity, complexity, and AI-driven change, visibility into app behavior is no longer optional—it’s foundational. That’s why we’re proud to share that Quokka has been recognized as a Sample Vendor in the 2025 Gartner® Hype Cycle™ for Application Security in the mobile application security testing (AST) category for the fourth year running.
According to Gartner, “This Hype Cycle tracks the maturity and adoption of processes and technologies that can help organizations advance their application security programs.” In 2025, mobile application security testing has moved further along the slope of enlightenment and is less than two years from mainstream adoption according to their priority matrix.
The Hype Cycle report states, “Mobile applications can be exploited by attackers to steal enterprise data and defraud their customers.” Further, “Mobile AST is needed to scan open-source software (OSS) components and software development kits (SDKs), which are both frequently used with mobile applications. OSS components and SDKs are often vulnerable or require excessive permissions. With the emergence of software bills of materials, this need becomes even more pressing.”
Mobile AST for apps you build
Quokka offers an advanced mobile application security testing (AST) solution called Q-mast that combines static, dynamic, and interactive analysis (SAST, DAST, and IAST) specifically tailored for mobile environments. It scans apps in minutes–no source code needed–providing analysis of compiled app binary, regardless of in-app or run-time obfuscations.
Q-mast also generates a complete, version-specific software bill of materials (SBOM), including embedded libraries, to surface vulnerable components and dependencies with pinpoint accuracy. The solution checks against privacy & security standards from NIAP, NIST, OWASP MASVS, CVEs, and SARIF. With CI/CD integration, Q-mast embeds directly into existing development workflows, ensuring security without disruption.
Mobile AST for application vetting
The Hype Cycle states, “While mobile AST products are mainly used with homegrown applications, some enterprises are using them for application vetting. This allows organizations to identify leaky or malicious applications.”
Quokka’s Q-scout delivers mobile AST for the purpose of mobile app vetting. Q-scout seamlessly integrates with MDMs, giving security teams real-time visibility into the mobile apps installed across MDM-managed devices. App inventories are automatically ingested into Q-scout and continuously updated, allowing each app to be analyzed for security and privacy risks as soon as it is added, updated, or removed. This ensures that administrators always have an up-to-date, actionable view of mobile app exposure without manual effort.
To learn more about the evolving application security landscape, review the complete Hype Cycle.
To learn more about how Quokka protects mobile apps enterprises build and mobile apps enterprises use, request a demo.
Gartner, Hype Cycle for Application Security, 2025. By Dionisio Zumerle, 22 July 2025.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and HYPE CYCLE is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
