Quokka launches Q-firm to help telcos and Android device manufacturers secure firmware before devices ship. Quokka is proud to launch Q-firm, its new solution that detects vulnerabilities and threats in the underlying software and applications that ship with Android devices. By. * Published: March 10, 2026 San Jose, CA, March 10, 2026 - Quokka, a leader in mobile app risk and security, today announced the launch of Q-firm, a firmware security analysis tool designed to help telecommunications providers and Android device manufacturers ensure that every device released to market is secure, free from vulnerabilities, and aligned with industry standards. Android devices ship with complex firmware images that often contain hundreds of pre-installed and system-level applications, including privileged apps that users never see but attackers actively target. Teams can pour enormous effort into building device functionality, but one serious security flaw can render all of it irrelevant. Q-firm is being introduced to address a growing market issue. In February 2026, a firmware-level Android backdoor known as "Keenadu" was discovered pre-installed on new devices, highlighting how vulnerabilities or malicious components embedded in firmware can reach end users before a device is ever powered on. Incidents like this underscore why secure development calls for identifying and remediating vulnerabilities in embedded and third-party components before devices ship. Q-firm addresses this gap by providing automated, multi-layered firmware security analysis across pre-installed, hidden, and privileged Android applications embedded within device firmware. Q-firm's unique flow-based vulnerability scanning applies AI-powered static, dynamic, interactive, and forced-path execution analysis techniques, combined with expert review, to uncover insecure interfaces, embedded libraries with unknown vulnerabilities, escalation-of-privilege paths, privacy leaks, and behaviors that could enable real-world abuse. "End users expect mobile devices to be secure out of the box, but with the evolving threat landscape, that is no longer a reality," said Nikolaos Kiourtis, CTO at Quokka. "Q-firm gives manufacturers and service providers security validation from a trusted external partner and the assurance that devices meet stringent security standards before being shipped to customers." Rather than relying solely on time-intensive manual penetration testing, Q-firm enables broader, repeatable validation across large firmware images and frequent build cycles. It also generates precise Software Bills of Materials (SBOMs) mapped to specific library versions and validates firmware behavior against industry security standards including NIAP, NIST, and OWASP MASVS. "Security is a critical part of our release process, but validation can be complex, especially at scale," said Jaysen Sweeting, Sr. Principal Security Engineer at Promethean, a global education technology company and an early Q-firm customer. "We use Q-firm to test our Android-based devices so we can identify and remediate vulnerabilities in firmware and pre-installed applications before they ship. It provides visibility into areas that are difficult to assess manually and strengthens our overall device security validation." As attackers increasingly target the software supply chain and exploit weaknesses deep within device stacks, firmware can no longer be implicitly trusted as secure. Q-firm extends Quokka's mobile security expertise deeper into the Android software stack, helping telcos and device manufacturers demonstrate that security is embedded into every layer of the device. Q-firm is available today. For more information or to request a demonstration, visit www.quokka.io/products/q-firm or register for an informational webinar taking place on April 2, 2026 at 9 a.m. PT at https://go.quokka.io/introducing-q-firm. Google API keys were once considered safe to embed in mobile apps. But with Gemini, those same keys can now enable access to AI services and billable resources - quietly turning legacy best practices into a growing mobile security risk. Quokka is listed as a Representative Vendor for mobile application security testing in the 2026 Gartner Journey Guide to Choosing Software Engineering Security Tools, published February 18, 2026. Researchers uncovered 198 AI-related iOS apps are leaking data. Learn what went wrong, how AI code contributed, and what your team can do to strengthen mobile app security.

Quokka Q-scout can now integrate with Ivanti Neurons for MDM to help strengthen Mobile App security in enterprise environments. Quokka, Inc. is excited to announce that Q-scout now integrates with Ivanti Neurons for MDM, bringing deep mobile app risk intelligence to more enterprises. As attacks targeting mobile devices continue to rise, the integration helps address one of the most persistent gaps related to enterprise security: mobile apps. San Jose, CA, January 14, 2025 - Quokka, the leader in mobile app security, today announced a new integration in its Q-scout mobile app vetting solution with Ivanti Neurons for MDM, a leading cloud-based modern device management solution. As attacks targeting mobile devices continue to rise, the integration helps address one of the most persistent gaps related to enterprise security: mobile apps. The integration provides organizations a streamlined way to identify and control mobile app risk inside their organization. The Verizon Mobile Security Index 2025 shows that 85% of organizations have seen an increase in mobile device attacks. Further, according to the Gartner(R) How to Avoid Common Cybersecurity Pitfalls in Mobile App Development report, "Through 2030, mobile application security failures will be the biggest mobile threat for enterprises." The combined capabilities of Ivanti Neurons for MDM and Quokka Q-scout help organizations tackle these challenges at scale. Through this integration, Q-scout can ingest the full inventory of apps on enrolled devices from Ivanti Neurons for MDM and then analyzes each app using Quokka's proprietary machine learning engines. Q-scout identifies data harvesting, privacy exposures, risky SDKs, hidden permissions, supply chain weaknesses and both known and zero-day malware traits before they lead to compromise. Q-scout doesn't require an on-device agent, so security teams can easily deploy Q-scout in just a few minutes and scale without issue and, optionally, also strengthen any traditional mobile threat defense (MTD) solutions. Once the analysis is complete, Q-scout triggers risk and privacy policy alerts that Ivanti Neurons for MDM can use for policy-based enforcement. Security teams can then block apps that exceed risk thresholds, restrict access based on behavior patterns or allow only apps that meet acceptable privacy and security requirements. "Enterprises are working to secure dynamic mobile device fleets while staying ahead of emerging threats," said Vijay Pawar, SVP of Product at Quokka. "The integration of Q-scout with Ivanti Neurons for MDM allows organizations to take security control of their mobile app ecosystem. They can immediately see which apps introduce risk and take action in a way that aligns with their security policies and business needs." "At Ivanti, we're committed to helping organizations secure every endpoint, including mobile devices, without adding complexity," said Rex McMillan, Vice President, Product Management at Ivanti. "The integration with Quokka reflects that commitment as well. By integrating Ivanti Neurons for MDM with Q-scout, they're helping give enterprises deeper visibility into mobile app risk and enabling them to enforce policies seamlessly - strengthening security while supporting productivity." The integration is now available to all Q-scout customers using Ivanti Neurons for MDM. For more information, contact Quokka for a demo. About Quokka Quokka is a global leader in mobile security, trusted by Fortune 500 companies and government agencies to protect against mobile threats. With a history of innovation and collaboration with the U.S. Federal Government, Quokka has been recognized by Gartner, NVTC, and Global InfoSec for advancing mobile app security. The company combines deep research expertise with proven technology to help organizations safeguard their mobile ecosystems with confidence. To learn more, please visit www.quokka.io. Quokka, Inc. looked back at a sample of 25,000 Android app analyses and highlighted the most prevalent mobile app security issues discovered, ranging from inadvertent disclosures of personal information to supply chain vulnerabilities. The new integration builds upon Quokka's integration with Microsoft Intune and brings Q-scout's mobile app risk intelligence into Microsoft Sentinel, empowering enterprises with unified visibility, automated response, and simplified compliance. Digital picture frames seem like a great holiday gift, but some pack more than just memories. Its latest research into Uhale-powered frames shows just how easily these devices can be hijacked to spy, spread malware, or pivot deeper into home and business networks.

Four Inc. partners with Quokka to deliver actionable mobile security intelligence to the public sector. Quokka is expanding its reach in the public sector through a new distribution agreement with Four Inc., making its real-time mobile app risk intelligence available via NASA SEWP V, ITES-SW2, and Four Inc.'s partner network. News highlights. * Four Inc. is now the public sector distributor for Quokka, offering mobile app security solutions through NASA SEWP V, ITES-SW2, and its partner network. * The partnership enables agencies to strengthen mobile security, meet federal mandates, and prevent threats like supply-chain attacks and zero-day exploits. Herndon, Virginia (October 29, 2025) - Four Inc. has been named a public sector IT distributor for Quokka, the leader in mobile app security. Through this agreement, Quokka will be accessible to the public sector via Four Inc.'s NASA Solutions for Enterprise-Wide Procurement (SEWPV), Information Technology Enterprise Solutions - Software 2 (ITES-SW2), and its network of channel partners as part of Four Inc.'s distribution program. This collaboration will empower the public sector to strengthen mobile security, ensure app compliance, and enhance decision-making through real-time mobile app risk intelligence. Quokka provides federal, state, and local agencies with the visibility and intelligence needed to secure mobile applications and protect sensitive data. As the first and longest-standing mobile app security provider for the U.S. Federal Government, Quokka helps agencies meet cybersecurity mandates, including Zero Trust, Secure by Design, and Executive Orders focused on protecting national security. By continuously vetting mobile apps and testing both apps in use and apps under development, Quokka delivers actionable intelligence that other security tools cannot, helping agencies prevent supply chain attacks, unauthorized data access, and zero-day exploits. "Partnering with Quokka allows Four Inc. to bring unmatched mobile security to government agencies," said Chris Wilkinson, EVP of Sales at Four Inc. "By combining our expertise, we're empowering agencies to take a proactive, risk-based approach to safeguarding mission, national security, and citizen data on apps, which have become a new end point. Quokka's solutions integrate seamlessly with existing security stacks, providing agencies with one source of mobile app risk intelligence to manage risk, comply with federal requirements, and enhance trust in government technology." Quokka is available immediately via Four Inc.'s NASA SEWPV and ITES-SW2 Contract Vehicles. For more information, contact Four Inc. at [email protected] About Quokka Quokka is a global leader in mobile security, trusted by Fortune 500 companies and government agencies to protect against mobile threats. With a history of innovation and collaboration with the U.S. Federal Government, Quokka has been recognized by Gartner, NVTC, and Global InfoSec for advancing mobile app security. The company combines deep research expertise with proven technology to help organizations safeguard their mobile ecosystems with confidence. To learn more, please visit Quokka About Four Inc. Four Inc. is a trusted distributor and has been recognized as a Top 100 government contractor on Washington Technology's Top 100 Report consecutively for the last nine years. Four Inc.'s expertise of the federal IT contracting process and their carefully crafted ecosystem of manufacturers and partners has enabled them to expertly deliver the right technology solutions and services to their customers. Through their proven experience and dedication to their core values, they have earned the IT community's respect and trust.