Enterprise mobility struggles to protect organizations from malicious threats, security and privacy risks

Deploy Q-scout to future proof your mobile endpoint protection for Android & iOS

Zero-trust BYOD security

Validate at every login whether managed or personal mobile apps do not contain malicious code and meet security and privacy compliance standards

App intelligence for UEM

Integrate with existing MDM solutions to detect and block zero-day threats residing in managed and/or personal apps

Vetted enterprise apps

Make risk-based decisions on which mobile apps from the Google Play and Apple App Store end users install on BYOD or COPE devices

Understand the app security gaps created by BYOD – and 4 steps to address them.

“We are at a time when privacy is hard to come by, with more and more people using apps for business, networking, shopping and more, it means a lot of your information is being collected and shared without your knowledge or permission. Along with security, privacy is paramount, Q-scout provides a level of visibility into what’s really happening in [end user] device[s] that, to date, nobody else can provide.”

Suresh Batchu, Co-Founder, Former CTO MobileIron

The Quokka Advantage

Benefits of mobile security that make you smile

ROI of prevention

Block malicious, or colluding, apps that attempt to exfiltrate data from mobile devices in order to prevent costly breaches for your organization

Informed decisions

Make risk-based business decisions about which mobile devices can access enterprise data & systems based on real-world intelligence

Peace of mind

Know your app security intelligence solution delivers the industry’s most comprehensive insights, even for the latest OS versions, in minutes

Real-world analysis: TikTok

Q-scout found ByteDance’s TikTok asks for twice as much data than the average social media app and is one of the most invasive apps, among others, in the analysis. 

Q-scout mobile endpoint protection

Q-Scout capabilitiesPersonal Device Management (PDM)App Intelligence for MDM
Easy enrollment & administration
Vetted, managed apps via enterprise app store
Personal app analysis
Policies based on a collection of personal apps and where they send data
Checks for malicious app behavior profiling in managed & personal apps
Does not access personal information or data
Supports compliance with HIPAA, GDPR, OWASP, and NIAP data privacy standards
Device analysisvia MDM
Policies based on real-world context of device configurations and system settingsvia MDM
Revokes access to corporate systems & data✓*via MDM
Blocks phishing attemptsvia MDM
Filters network traffic to block risky nations and ad networksvia MDM

*with identity provider (IDP) integration

Integrates seamlessly with IDPs and MDMs

Supporting mobile endpoint security standards

OWASP logo
NAIP logo
NLST logo
CVE logo
Sarif logo

BYOD Guidelines – Quokka (then Kryptowire) participated in creating the NIST Special Publication 1800-22 and its insights and technologies were part of the example solutions used in the guide under the Cooperative Research and Development Agreement

COPE Guidelines – Quokka (then Kryptowire) participated in creating the NIST Special Publication 1800-21 and its insights and technologies were part of the example solutions used in the guide under the Cooperative Research and Development Agreement

Quokka (then Kryptowire) contributed automated analysis using proprietary mobile app vetting infrastructure

Protecting the mobile ecosystem

Mobile security has historically been underfunded – Quokka can cost-effectively reduce mobile risks.

IT teams

Enable your mobile workforce with the peace of mind they’re using vetted enterprise apps on secure devices, all while protecting their privacy

70% of successful data breaches originate at endpoint devices[2]

MSSPs

Provide your customers with apps vetted for security, with the services they need to protect their mobile fleets from zero-day exploits

100% mobile fleet coverage, with or without an MDM

Achieving mobile zero trust requires visibility into mobile assets and insights on threats – as they emerge

Rely on the industry’s only proprietary, defense-grade app scanning engines that uncover more security, privacy, and malicious behavior findings than any other app testing tool

Quokka Core

External code fetches, websites visits, network traffic

Hard coded keys, Weak hash, Insecure web-views, permission usage analysis

Capabilities of other app testing tools

Capabilities of other app testing tools

RASP & TLS friendly dynamic analysis

Covers crypto best practices, dynamic code, inter-component and inter-app communication, tapjacking, PII leaks, input validation, tracking, webview weaknesses, and many more.

Quokka Advanced

Code/Data Sharing Detection (App Collusion)

In-app purchase vulnerability, unprotected permission exploit

Exploitable inter-app communication vulnerabilities:

  • Message to app to crash or brick the device
  • Message to app to leak recording of device screen

Advanced SBOM:

  • Transitively identifies common libraries used by an app, their version, and their public CVEs
  • Novel ways to handle obfuscations and code shrinkage

Quokka NextGen

Malicious code that runs only after app runs for a long time

Remote Command & Control to give access to app, device or files

Read sensitive PIl data like device location and send over network

Static App Analysis Comparison

1 = Not Competitive

4 = Industry Leading

4

3

2

1

Flow-Based Vulnerability Scanning

Software Bill Of Materials Analysis

Code/Data Sharing Detection

Misconfiguration Detection

IOS Pattern-Based Weaknesses Scanning

Android Pattern-Based Weaknesses

App Permission Usage Analysis

Quokka

Competitive Average

Dynamic App Analysis Comparison

4

3

2

1

Forced-Path Execution Analysis

(dynamic analysis and behavioral profiling without input)

Zero-day Denial-of-Service Scanning

Dynamic Analysis and Behavioral Profiling

(runtime with known input)

Static App Analysis Comparison

1 = Not Competitive

4 = Industry Leading

Quokka

Competitive Average

4

3

2

1

Flow-Based Vulnerability Scanning

4

3

2

1

Software Bill Of Materials Analysis

4

3

2

1

Code/Data Sharing Detection

4

3

2

1

Misconfiguration Detection

4

3

2

1

IOS Pattern-Based Weaknesses Scanning

4

3

2

1

Android Pattern-Based Weaknesses

4

3

2

1

App Permission Usage Analysis

Dynamic App Analysis Comparison

Quokka

Competitive Average

4

3

2

1

Forced-Path Execution Analysis

(dynamic analysis and behavioral profiling without input)

4

3

2

1

Zero-day Denial-of-Service Scanning

4

3

2

1

Dynamic Analysis and Behavioral Profiling

(runtime with known input)

Quokka technology powers  CVE discovery

Backed by state of the art original research

See Q-scout in action

Explore how Quokka delivers actionable app security intelligence

AUTOMATED MOBILE APP SECURITY TESTING

Integrate with CI/CD & DevSecOps tools to ship higher quality, secure apps – faster.

APP VETTING FOR 3RD PARTY APPS

Scan and vet apps from public or private app stores without the need for source code.

Learn more about mobile security

Upcoming Events

Quokka Intel: the mobile security intelligence blog

From the resource center

Mobile security that makes you smile.

Sign up for our newsletter, The Quokka Intel Briefing

Copyright © 2024, Quokka. All rights reserved.