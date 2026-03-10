Quokka , a leader in mobile app risk and security, today announced the launch of Q-firm , a firmware security analysis tool designed to help telecommunications providers and Android device manufacturers ensure that every device released to market is secure, free from vulnerabilities, and aligned with industry standards.

Android devices ship with complex firmware images that often contain hundreds of pre-installed and system-level applications, including privileged apps that users never see but attackers actively target. Teams can pour enormous effort into building device functionality, but one serious security flaw can render all of it irrelevant.

Q-firm is being introduced to address a growing market issue. In February 2026, a firmware-level Android backdoor known as “Keenadu” was discovered pre-installed on new devices, highlighting how vulnerabilities or malicious components embedded in firmware can reach end users before a device is ever powered on. Incidents like this underscore why secure development calls for identifying and remediating vulnerabilities in embedded and third-party components before devices ship.

Q-firm addresses this gap by providing automated, multi-layered firmware security analysis across pre-installed, hidden, and privileged Android applications embedded within device firmware. Q-firm’s unique flow-based vulnerability scanning applies AI-powered static, dynamic, interactive, and forced-path execution analysis techniques, combined with expert review, to uncover insecure interfaces, embedded libraries with unknown vulnerabilities, escalation-of-privilege paths, privacy leaks, and behaviors that could enable real-world abuse.

“End users expect mobile devices to be secure out of the box, but with the evolving threat landscape, that is no longer a reality,” said Nikolaos Kiourtis, CTO at Quokka. “Q-firm gives manufacturers and service providers security validation from a trusted external partner and the assurance that devices meet stringent security standards before being shipped to customers.”

Rather than relying solely on time-intensive manual penetration testing, Q-firm enables broader, repeatable validation across large firmware images and frequent build cycles. It also generates precise Software Bills of Materials (SBOMs) mapped to specific library versions and validates firmware behavior against industry security standards including NIAP, NIST, and OWASP MASVS.

“Security is a critical part of our release process, but validation can be complex, especially at scale,” said Jaysen Sweeting, Sr. Principal Security Engineer at Promethean, a global education technology company and an early Q-firm customer. “We use Q-firm to test our Android-based devices so we can identify and remediate vulnerabilities in firmware and pre-installed applications before they ship. It provides visibility into areas that are difficult to assess manually and strengthens our overall device security validation.”

As attackers increasingly target the software supply chain and exploit weaknesses deep within device stacks, firmware can no longer be implicitly trusted as secure. Q-firm extends Quokka’s mobile security expertise deeper into the Android software stack, helping telcos and device manufacturers demonstrate that security is embedded into every layer of the device.

Q-firm is available today. For more information or to request a demonstration, visit www.quokka.io/products/q-firm or register for an informational webinar taking place on April 2, 2026, at 9 a.m. PT at https://go.quokka.io/introducing-q-firm .

About Quokka

Quokka is a global leader in mobile security, trusted by Fortune 500 companies and government agencies to protect against mobile threats. With a history of innovation and collaboration with the U.S. Federal Government, Quokka has been recognized by Gartner, NVTC, and Global InfoSec for advancing mobile app security. The company combines deep research expertise with proven technology to help organizations safeguard their mobile ecosystems with confidence. To learn more, please visit www.quokka.io .

Media Contact:

Sarah Hawley

Mockingbird Communications for Quokka

+1 480-292-4640

SOURCE: Quokka

View the original press release on ACCESS Newswire