The phone in your pocket already knows you were breached
Last autumn, a customer emailed me from Reading. She'd been caught in the Ticketmaster breach. Her email was plastered across dark-web marketplaces. Within three weeks, someone had tried to reset her bank password, spoofed her number to her mum, and sent phishing links to her contacts. She wrote: 'My phone feels dirty now. I don't know what's actually at risk.' That email is why ARK exists.
What a breach actually does to your device
Most people think a breach is just about the account that got hit. Not true. When your credentials leak, your phone becomes a collection point for secondary attacks. Phishing texts arrive. Malicious apps get installed because your password was reused. App permissions you granted years ago suddenly matter, because someone now knows your email and can target those exact apps. And if your phone's been to the same Wi-Fi networks as your work device, your device might be a stepping stone into corporate systems.
The problem isn't new. What's new is the scale. We built ARK because people kept telling us the same thing: 'I've been breached. Now what?' No one tells you to check your phone. Everyone assumes the phone is safe. It isn't, not after a breach. Your device is the vector.
Why a score matters more than a checklist
When we started, we considered a checklist. Just list the problems, let the user fix them. But checklists fail because humans are bad at prioritisation under stress. After a breach, you're already anxious. A list of 47 things to check becomes a list you don't touch.
A score changes that. It gives you a single number you understand immediately. Is 62 out of 100 acceptable? No. It's a prompt to act. And more importantly, it breaks down where the risk lives. Device security. Network exposure. App permissions. Breach exposure specifically. When you see that your breach exposure is what's dragging you down, you know exactly what to address. We run targeted scans against each category, then serve one-tap fixes. You don't have to translate 'DNS leak detected' into an action; the app shows you how to fix it, one tap away.
The dark-web monitor came from a real fear
During our first six months, we had three separate user messages about dark-web monitoring. One was from a parent whose teenage daughter's email had surfaced on a paste site. The parent had found it manually, scrolling through marketplaces. We realised people were doing this themselves, which is both pointless and fruitless. You can't monitor the dark web by hand.
That's why Shield tier includes dark-web monitoring. It sits quietly in the background. If your email or phone number surfaces anywhere publicly where it shouldn't be, you get notified. Not panic mode. Just: here's what we found, here's what you can do. We also built in a phishing scanner that runs on URLs and QR codes, because after a breach, your email's a magnet for spoofed links. And a password health check, because reused passwords are how breaches cascade.
What happens to your data when we scan
The person from Reading was worried about one more thing: would sharing her phone's security data with another company just make things worse? Fair question. We run as much as possible on-device. Permission analysis, stalkerware detection, device security assessment, those all happen locally on your phone. Nothing leaves unless you're on Shield or Fortress tier, and even then, we're privacy-first.
We store your email securely, using iOS SecureStore and Android EncryptedSharedPreferences. Never plain text. Never in analytics. On the free tier, you get a basic permission check and stalkerware detection, full stop. No dark-web checks, no breach lookups, no phishing alerts. You own that data, and we don't track it. This matters because after a breach, the last thing you need is another company selling your information.
Beyond the breach: what comes next
The Fortress tier exists for people who need more than recovery. GDPR Autopilot handles automated data-subject removal requests. If you've been in a breach and want to exercise your right to be forgotten with data brokers, this runs it for you. We also check which data brokers have your information, and we do an SDK audit to show you which third-party libraries inside your apps have permissions they don't need. There's a voice-clone risk check too, because deepfake attacks target people with leaked credentials.
But most people in a breach just need to know two things: what's exposed, and what they can do about it right now. That's where the score helps. It tells you whether your phone is an open door or a locked one. After that, the next steps are clear.
The person from Reading checked her score a month in. It went from 38 to 74. She never wrote back to tell me it happened, which is exactly the point. When your phone gives you a number you can improve, and the fixes actually work, you stop feeling like a victim. Have you checked your device since a breach? If not, why not?