Vet and continuously monitor mobile apps to comply with Zero Trust and Secure by Design mandates
Get Contextual Mobile Security Intelligence from the first and longest-standing mobile app security for the US Federal Government
Trusted by the US Federal Government since 2011
Quokka powers the CISA MAV shared services for mobile app vetting which is operational with an ATO for FedRAMP High.
The Quokka Advantage
Mobile security benefits that make you smile
Peace of mind
Know your app security intelligence delivers the industry’s most comprehensive insights, even for the latest OS versions, in minutes
Informed decisions
Make risk-based decisions during deployment of 3rd party apps based on real-world mobile app intelligence
Trust in government
Vet all mobile apps used by employees to prevent attacks and breaches that undermine trust in government
Quokka solutions help US State & Local governments meet mobile cybersecurity requirements
Quokka solutions help US State & Local governments meet mobile cybersecurity requirements
Automate mobile app vetting (MAV)
App intelligence for MDM
Meet mobile app security security standards
BYOD Guidelines – Quokka (then Kryptowire) participated in creating the NIST Special Publication 1800-22 and its insights and technologies were part of the example solutions used in the guide under the Cooperative Research and Development Agreement
Quokka (then Kryptowire) contributed automated analysis using proprietary mobile app vetting infrastructure
Protection Profile for App Vetting – Quokka has worked with federal agencies to meet both the functional and assurance requirements outlined in this profile
State & Local Government Partners
Achieving mobile zero trust requires visibility into mobile assets and insights on threats – as they emerge
Rely on the industry’s only proprietary, defense-grade app scanning engines that uncover more security, privacy, and malicious behavior findings than any other app testing tool
Quokka Core
External code fetches, websites visits, network traffic
Hard coded keys, Weak hash, Insecure web-views, permission usage analysis
Capabilities of other app testing tools
Capabilities of other app testing tools
RASP & TLS friendly dynamic analysis
Covers crypto best practices, dynamic code, inter-component and inter-app communication, tapjacking, PII leaks, input validation, tracking, webview weaknesses, and many more.
Quokka Advanced
Code/Data Sharing Detection (App Collusion)
In-app purchase vulnerability, unprotected permission exploit
Exploitable inter-app communication vulnerabilities:
- Message to app to crash or brick the device
- Message to app to leak recording of device screen
Advanced SBOM:
- Transitively identifies common libraries used by an app, their version, and their public CVEs
- Novel ways to handle obfuscations and code shrinkage
Quokka NextGen
Malicious code that runs only after app runs for a long time
Remote Command & Control to give access to app, device or files
Read sensitive PIl data like device location and send over network
Static App Analysis Comparison
1 = Not Competitive
4 = Industry Leading
4
—
3
—
2
—
1
—
Flow-Based Vulnerability Scanning
Software Bill Of Materials Analysis
Code/Data Sharing Detection
Misconfiguration Detection
IOS Pattern-Based Weaknesses Scanning
Android Pattern-Based Weaknesses
App Permission Usage Analysis
Quokka
Competitive Average
Dynamic App Analysis Comparison
4
—
3
—
2
—
1
—
Forced-Path Execution Analysis
(dynamic analysis and behavioral profiling without input)
Zero-day Denial-of-Service Scanning
Dynamic Analysis and Behavioral Profiling
(runtime with known input)
Static App Analysis Comparison
1 = Not Competitive
4 = Industry Leading
Quokka
Competitive Average
4
—
3
—
2
—
1
—
Flow-Based Vulnerability Scanning
4
—
3
—
2
—
1
—
Software Bill Of Materials Analysis
4
—
3
—
2
—
1
—
Code/Data Sharing Detection
4
—
3
—
2
—
1
—
Misconfiguration Detection
4
—
3
—
2
—
1
—
IOS Pattern-Based Weaknesses Scanning
4
—
3
—
2
—
1
—
Android Pattern-Based Weaknesses
4
—
3
—
2
—
1
—
App Permission Usage Analysis
Dynamic App Analysis Comparison
Quokka
Competitive Average
4
—
3
—
2
—
1
—
Forced-Path Execution Analysis
(dynamic analysis and behavioral profiling without input)
4
—
3
—
2
—
1
—
Zero-day Denial-of-Service Scanning
4
—
3
—
2
—
1
—
Dynamic Analysis and Behavioral Profiling
(runtime with known input)
Learn more about mobile security
Upcoming Events
From the resource center
Mobile security that makes you smile.
Sign up for our newsletter, The Quokka Intel Briefing
Copyright © 2024, Quokka. All rights reserved.
Solutions
Products
