
Mobile Security
Lookout Mobile Endpoint Security
Mobile EDR and MTD with AI visibility and governance for shadow AI on iOS, Android, and ChromeOS.
Lookout Mobile Endpoint Security Overview
What it does
Lookout Mobile Endpoint Security is a Mobile Threat Defense (MTD) and Mobile Endpoint Detection and Response (Mobile EDR) platform built for iOS, Android, and ChromeOS. Lookout uses telemetry from its global mobile threat dataset to detect phishing, malicious apps, device compromise, and risky network activity on managed, unmanaged, and BYOD devices. In April 2026, Lookout added AI Visibility and Governance to discover sanctioned and unsanctioned AI applications and agentic behavior on mobile endpoints.
How it works
The platform monitors app behavior, device posture, and network signals through a lightweight on-device agent and Lookout Security Cloud console. Mobile EDR capabilities support investigation and response workflows including device access restriction, malicious app blocking, and forensic event retention. Lookout AI Visibility and Governance inventories AI-enabled apps, monitors agent permissions and data flows, and applies policy controls aligned to ISO/IEC 42001, the EU AI Act, and NIST AI RMF requirements. Mobile Intelligence APIs export risk and threat data to SIEM, SOAR, and XDR platforms.
Credentials and traction
Lookout holds SOC 2 Type II and ISO 27001 certifications, and Lookout Mobile Endpoint Security is FedRAMP Moderate authorized, StateRAMP Authorized, and TX-RAMP Level 2 certified for government use. It was named a Leader in The Forrester Wave: Mobile Threat Defense Solutions, Q3 2024, and won Threat Detection Platform of the Year in the 2024 CyberSecurity Breakthrough Awards. The product reports protection for more than 2,000 enterprises and government agencies, with telemetry drawn from 230 million mobile devices and 375 million mobile apps.
Key Capabilities
mapped to solution categoriesAnalyzes installed application binaries for malicious behavior, excessive permission requests, data exfiltration patterns, and policy violations beyond what app store review catches.
Detects device integrity compromise (jailbroken iOS and rooted Android), and can enforce conditional access policy or quarantine the device via MDM/UEM integration.
Runs threat detection locally on the device for off-network protection and privacy, with optional cloud-assisted analysis where policy allows.
Intercepts and evaluates URLs in SMS, email clients, messaging apps, and browsers, blocking malicious links regardless of which app the user opens them in.
Identifies connection to malicious or impersonation Wi-Fi networks (including captive portal attacks and SSLstrip-capable access points), and can block connection or alert the user.
Integrates with Jamf, Microsoft Intune, VMware Workspace ONE, and other UEM platforms to trigger automated response actions (wipe, quarantine, access revocation) upon threat detection.
Detects novel mobile threats using behavioral heuristics and ML models without requiring known signatures, relevant for targeted attacks against specific organizations.
Checks each device for outdated OS versions, missing security patches, risky system parameters, and insecure configuration, flagging the vulnerabilities and misconfigurations that raise device risk.
Provides detection, behavioral analysis, and response across iOS and Android from one console, with platform coverage depth varying by product.
Performs threat detection using an on-device model without requiring all telemetry to be sent to cloud infrastructure, relevant for regulated environments and privacy-sensitive deployments.
Triggers automated remediation actions via MDM/UEM API (device quarantine, selective wipe, access policy enforcement) upon confirmed threat detection.
Uses Android kernel interfaces (inotify, netlink, SELinux audit), for deep system visibility, enabling detection of sophisticated malware that evades user-space analysis.
Reconstructs compromised-device activity by assembling process, network, and app events into an incident timeline analysts can review.
Compliance
certificationsIntegrations
compatible toolsImplementation & support
Info last updated on May 28, 2026
Vendors
Is this your product?
Claim your profile to connect with the teams looking for your solutions.