As the app economy continues to grow, it continues to attract increased attention from bad actors. The increased focus means the app is unsafe right from its development, right up to its eventual retirement. The various types of threats include tampering, reverse engineering, and a variety of runtime threats. App integrity is becoming increasingly important as the rising app economy and technologies mean apps now handle and access a lot of sensitive data like personal identifiable information (PII) and financial information, which means apart from protecting from threats, the software should also help comply with stricter norms about critical factors like data storage and privacy. That said, all software may not be suitable for all types of users. Here, a year-on-year compliance is beneficial. We have already seen the comparison of the 2023 and 2024 matrices. Now, let us see what the comparison of the 2024 and 2025 matrices tells us.
Who and where?
The following table lists the vendors, their positions in 2024 and 2025 and the likely reasons behind the change in positioning (if any).
| Vendor | 2024 Matrix | 2025 Matrix | Reason for Change |
| Zimperium | SPARK Leader | SPARK Leader | Consistent innovation in mobile threat defense and RASP kept it as a top leader. |
| Verimatrix | SPARK Leader | SPARK Leader | Steady growth with enhanced media/OTT security and telemetry features. |
| Appdome | SPARK Leader | SPARK Leader | Maintained strong differentiation with no-code security automation. |
| Promon | SPARK Leader | SPARK Leader | Stable RASP capabilities with steady customer traction. |
| Build38 | SPARK Leader | SPARK Leader | Focus on regulated industries and advanced runtime protection features improved customer impact. |
| Guardsquare | SPARK Leader | Strong Contender | Declined relative to leaders due to limited telemetry and response features. |
| OneSpan | Strong Contenders | Strong Contender | Steady focus on app security with identity/fraud synergy, but no major leap. |
| Digital.ai | Strong Contenders | Strong Contender | Incremental enhancements as part of a broader DevSecOps suite. |
| F5 | Strong Contender | Not listed | Likely consolidation of in-app security within other F5 offerings. |
| Jscrambler | Strong Contender | Not listed | Likely reduced visibility in the pure mobile app security market. |
| Approov | Strong Contender | Not listed | May have shifted focus to API security over in-app protection. |
| PreEmptive | Strong Contender | Not listed | Likely reduced emphasis on in-app protection solutions. |
Market overview
One curious fact that immediately jumps out when seeing both graphs is that several companies listed as strong contenders are missing in 2025. We have to assume that some of them may not have participated in the 2025 study. However, if they have dropped out owing to the likely reasons stated in the table, we can state that the market is consolidating. Now, let us examine each quadrant.
The leaders from the 2025 matrix are: Zimperium, Verimatrix, Appdome, Promon, and Build38. The 2025 list is missing one name: Guardsquare. There are no major shifts. But it does offer a peek into user preferences. The leaders offer products that provide end-to-end protection rather than point hardening. The products thus include RASP, anti-tampering, emulators, protection from overlay attacks, and telemetry/analytics, coming bundled in the platform. Developer experience is also becoming a key differentiator, with vendors offering no or low-code build automation and CI/CD plugins capabilities. Leaders are also preferring visibility and response over just prevention, as seen by increased investments in capabilities like device posturing scoring, attack telemetry, and rapid mitigation.
Now, let us talk about the strong contender, which has seen the biggest upheaval in 2025. Guardsquare dropped from its 2024 positioning as a leader, and players like F5, Approov, Jscrambler, and PreEmptive have vanished. It is not clear why they have dropped out. The likely reasons are either not participating in the positioning or pivoting to other areas instead of in-app protection. This quadrant is marked by products that deliver robust protection capabilities like hardening, obfuscation, and point hardening, but need to step up the game in areas like integrated runtime telemetry and response, protection capabilities currently on offer, and scaling.
There are no aspirants. This likely means that either the players covered in the matrix have achieved increased maturity, or a lesser number of companies, who would have been positioned as contenders, declined to participate.
Final word
The in-app protection market landscape, as gleaned from a comparison of the 2024 and 2025 matrices, shows some very interesting trends. The largely unchanged positions of the leaders do show the market is stabilizing. However, a deeper look shows that users are moving beyond securing code. They are looking for products that provide end-to-end protection rather than point hardening. Therefore, buyers need to look for products that protect, allow deeper visibility, quicker threat response, and can scale as per the demand. On the other hand, vendors that have not moved beyond point hardening are likely to face dire straits. Evolve or perish.