Cybersecurity IT solutions

Vet and continuously monitor mobile apps to comply with Zero Trust and Secure by Design mandates

Get Contextual Mobile Security Intelligence for State & Local Governments from the first and longest-standing mobile app security for the US Federal Government

Trusted by the US Federal Government since 2011

Quokka powers the CISA MAV shared services for mobile app vetting which is operational with an ATO for FedRAMP High.

The Quokka Advantage

Mobile security benefits that make you smile

Peace of mind

Know your app security intelligence delivers the industry’s most comprehensive insights, even for the latest OS versions, in minutes

Informed decisions

Make risk-based decisions during deployment of 3rd party apps based on real-world mobile app intelligence

Trust in government

Vet all mobile apps used by employees to prevent attacks and breaches that undermine trust in government

Quokka solutions help US State & Local governments meet mobile cybersecurity requirements

Quokka solutions help US State & Local governments meet mobile cybersecurity requirements

Automate mobile app vetting (MAV)

App intelligence for MDM

Meet mobile app security security standards

OWASP logo
NAIP logo
NLST logo
CVE logo
Sarif logo

BYOD Guidelines – Quokka (then Kryptowire) participated in creating the NIST Special Publication 1800-22 and its insights and technologies were part of the example solutions used in the guide under the Cooperative Research and Development Agreement

COPE Guidelines – Quokka (then Kryptowire) participated in creating the NIST Special Publication 1800-22 and its insights and technologies were part of the example solutions used in the guide under the Cooperative Research and Development Agreement
Vetting the Security of Mobile Applications – Quokka developed an automated mobile app vetting solution

Quokka (then Kryptowire) contributed automated analysis using proprietary mobile app vetting infrastructure

Protection Profile for App Vetting – Quokka has worked with federal agencies to meet both the functional and assurance requirements outlined in this profile

State & Local Government Partners

Carahsoft Logo
Guidepoint Security logo

Learn more about mobile security

From the resource center

Upcoming Events

Register or book a meeting with us

Quokka Intel

The mobile security intelligence blog

Static App Analysis Comparison

1 = Not Competitive

4 = Industry Leading

4

—

3

—

2

—

1

—

Flow-Based Vulnerability Scanning

Software Bill Of Materials Analysis

Code/Data Sharing Detection

Misconfiguration Detection

IOS Pattern-Based Weaknesses Scanning

Android Pattern-Based Weaknesses

App Permission Usage Analysis

Quokka

Competitive Average

Dynamic App Analysis Comparison

4

—

3

—

2

—

1

—

Forced-Path Execution Analysis

(dynamic analysis and behavioral profiling without input)

Zero-day Denial-of-Service Scanning

Dynamic Analysis and Behavioral Profiling

(runtime with known input)

Static App Analysis Comparison

1 = Not Competitive

4 = Industry Leading

Quokka

Competitive Average

4

—

3

—

2

—

1

—

Flow-Based Vulnerability Scanning

4

—

3

—

2

—

1

—

Software Bill Of Materials Analysis

4

—

3

—

2

—

1

—

Code/Data Sharing Detection

4

—

3

—

2

—

1

—

Misconfiguration Detection

4

—

3

—

2

—

1

—

IOS Pattern-Based Weaknesses Scanning

4

—

3

—

2

—

1

—

Android Pattern-Based Weaknesses

4

—

3

—

2

—

1

—

App Permission Usage Analysis

Dynamic App Analysis Comparison

Quokka

Competitive Average

4

—

3

—

2

—

1

—

Forced-Path Execution Analysis

(dynamic analysis and behavioral profiling without input)

4

—

3

—

2

—

1

—

Zero-day Denial-of-Service Scanning

4

—

3

—

2

—

1

—

Dynamic Analysis and Behavioral Profiling

(runtime with known input)

Achieving mobile zero trust requires visibility into mobile assets and insights on threats – as they emerge

Rely on the industry’s only proprietary, defense-grade app scanning engines that uncover more security, privacy, and malicious behavior findings than any other app testing tool

Quokka Core

External code fetches, websites visits, network traffic

Hard coded keys, Weak hash, Insecure web-views, permission usage analysis

Capabilities of other app testing tools

Capabilities of other app testing tools

RASP & TLS friendly dynamic analysis

Covers crypto best practices, dynamic code, inter-component and inter-app communication, tapjacking, PII leaks, input validation, tracking, webview weaknesses, and many more.

Quokka Advanced

Code/Data Sharing Detection (App Collusion)

In-app purchase vulnerability, unprotected permission exploit

Exploitable inter-app communication vulnerabilities:

  • Message to app to crash or brick the device
  • Message to app to leak recording of device screen

Advanced SBOM:

  • Transitively identifies common libraries used by an app, their version, and their public CVEs
  • Novel ways to handle obfuscations and code shrinkage

Quokka NextGen

Malicious code that runs only after app runs for a long time

Remote Command & Control to give access to app, device or files

Read sensitive PIl data like device location and send over network