The security score conversation nobody was having
Last year, a user emailed us after running ARK for the first time. Her score was 34. She said, 'I thought my phone was fine. I have a passcode.' That message landed in my inbox at 6am, and it stayed with me.
What a number actually means
The thing about security is that it lives in your mental model. For most people, a phone is either 'secure' or 'it has a passcode, so it's fine.' But security isn't binary. It's dozens of overlapping decisions: what your apps can see, whether your Wi-Fi is broadcasting your MAC address, if your email showed up in a known breach, whether someone's watching your location permissions.
We built the 0-100 score not to scare people, but to translate all that noise into a single number they could act on. And then we made sure every scan pointed to one-tap fixes. A score of 34 is alarming. But a score of 34 with a clear action list? That's something you can actually do something about.
That user's score climbed to 71 within two weeks. She didn't need to understand cryptography. She just needed to know what was broken and how to fix it.
The breach check nobody talked about
We integrated with HIBP (Have I Been Pwned) because at least one person using ARK has been in a data breach. Statistically, most have been in two or three.
Here's what surprised us: most people don't actually know they've been compromised. They didn't get a notification letter. Their credit card still works. So they carry that unknown risk around, and it colours their trust in every app they install. When we show someone that their email appears in the 2019 Facebook leak, or the Equifax breach, or that time MailChimp got breached, something shifts. It's not theoretical anymore. It's their data.
The Shield tier users who run the breach check tell us it's the moment they realised why they need to start paying attention. One user said: 'I've been the victim of this whole time and nobody told me.' We added a section explaining what that actually means for them, what passwords to change, and whether they should monitor their credit. Because a security score is only half useful if you don't know what to do with it.
Dark web monitoring isn't paranoia
We added dark-web monitoring to the Shield tier because I kept hearing the same thing from the 25-45 age group we built ARK for: 'I'm not important enough to be on the dark web.' That's the exact thinking that makes them vulnerable.
Dark-web monitoring isn't about catching spies. It's about knowing if your credentials are for sale somewhere you can't see. A parent who's been in a breach, a small business owner juggling multiple devices, someone who's been through a divorce and is worried about surveillance - these are the people who need to know, quietly, if something changed.
What matters is that it works silently. We don't spam you with false positives. We watch. When we find something, you know about it. And because it's paired with the password health check and 2FA audit, you've got everything you need to actually respond to it.
When privacy stops being a feature
We made ARK privacy-first from day one. On-device when possible. No analytics baked into the free tier. When you run a basic security check, we're not harvesting data about your habits or your device. That sounds simple until you realise how many security tools treat your data as a product.
But here's the honest part: privacy isn't something people get excited about in isolation. What they get excited about is trust. They trust ARK because they know we're not selling their breach history to data brokers. They trust it because when they run a scan, nothing leaves their phone unless they explicitly ask it to.
The Fortress tier goes further. GDPR Autopilot lets you send data-subject requests to companies that are holding your information. SDK X-Ray shows you which tracking libraries are packed into your apps. Voice-clone risk alerts you to deepfake technology. These aren't paranoia features. They're features for people who understand that data is currency, and they want to know who's holding their wallet.
Why stalkerware matters more than it should
We made the stalkerware detector free for everyone. That decision came from somewhere specific: we know abuse happens, and we know that sometimes the only way someone realises they're being tracked is if an app tells them.
Stalkerware isn't exotic. It's apps that hide in plain sight and report location, messages, and calls to someone else. We check for it because someone using ARK might be a parent escaping a controlling relationship, or a person in a situation where knowing they're being watched is the first step to getting help.
Free doesn't mean we cheap out. The detector is thorough. And we keep the list updated because stalkerware evolves faster than most security vendors are willing to track it.
The conversation we wanted to start
Security for the average person has always been framed as either paranoia or irrelevance. Either you're worried about nothing, or you're a target and there's nothing you can do anyway. Both are lies.
ARK exists because we wanted to build for the person in the middle. Someone who has a job, a family, maybe some money in a savings account, and enough self-respect to want to know what's happening on their phone. Not because they're famous or rich, but because it's their device and their data.
That 34 to 71 user? She's been running ARK for a year now. She doesn't think about security constantly. But once a month she checks her score. If it dips, she knows something changed and she fixes it. That's the behaviour we wanted to create. Not panic. Not apathy. Just attention.
When was the last time you actually knew what was on your phone? Not guessed. Knew.