Q-Scout aims for smartphone security without the intrusiveness

Mobile security firm Quokka--which earlier this week rebranded from its previous name, Kryptowire--is launching a new smartphone protection product called Q-Scout, designed to offer deep insight into applications on Android and iOS devices without being intrusive to end users.

Q-Scout has two primary functions. First, it checks through individual applications on an end-user's device to detect apps with known security flaws. Second, it analyzes the interaction and permission sets granted to installed apps to detect any potentially dangerous interactions. One example would be an app that has permission to access the camera and another with access to the internet--if those two apps are able to communicate freely with one another, it could create the opportunity to exfiltrate photos from the device.

Angelos Stavrou, chief scientist at Quokka, said that Q-Scout works differently than traditional MDM (mobile device management) software. Rather than having a robust software agent on the device, which can read personal information and can take up CPU cycles and battery time, Q-Scout effectively clones the hardware and app profile of the device to analyze it in the company's own cloud.

"Since we're lightweight, we don't have to analyze your users' data," he said. "Our system uses application technology that we have developed over many years, looking at configurations and cloning them to the cloud."

Q-Scout takes policy-based security approach

Q-Scout is designed to enable a policy-based approach to mobile security. Enterprise users can identify specific threats that they want to defend against--drawing on the above example, one such policy could be "don't let mobile devices exfiltrate photos to the internet"--and receive either a confirmation that a given user's phone is policy-compliant or a warning that it is not.

The system also warns users directly of potential vulnerabilities, offering what Stavrou says is a much more granular approach to mobile security.

"With [traditional MDM], you can only remove the app," he said. "With us, you can just curtail the permissions of the app. The key here is that we are trying to be user-centric, and we know that users want to use some apps but also might not like certain features of them."

Q-Scout is currently available for Android users, and can be found on the Google Play Store, while the iOS version is expected to release in the fourth quarter of 2022. The client app for smartphones is free, while the enterprise portal will be priced on a per-device, per-month basis, with the actual price point “under $10,” according to Quokka.

This story has been updated to include pricing information.