Truecaller catches spam. ARK catches what Truecaller misses.

The permission problem

Truecaller's core function is legitimate: it identifies spam callers using a crowdsourced database. But to do that well, it asks for contacts, call logs, location, and SMS access. For most people in their twenties, this feels normal. By the time you hit 30, 35, 40, you've usually been in at least one data breach. You've seen a LinkedIn profile sold. You've received a phishing email that looked credible enough to make you pause. Suddenly those permissions feel less like a convenience and more like a vulnerability.

That customer wasn't asking us to build a call blocker. He was asking why his phone's security felt like an afterthought. He'd been in the Ticketmaster breach. He knew his email was out there. And he wanted something that treated that reality seriously, not just stopped him missing a call from PPI claims firms.

What a 0 to 100 score actually tells you

When you open ARK, the first thing you see is a number. A security credit score from 0 to 100. It sounds like marketing. It isn't. That number is a gut-check. It tells you immediately whether your phone is leaking data, whether your apps have suspicious permissions, whether you've been exposed in a known breach, whether your network is exposing you to man-in-the-middle attacks. One number. One direction. Then one tap to fix the highest priority issue.

Truecaller gives you a call history and a spam filter. ARK gives you visibility into what's actually happening on your device. On Shield, you get breach history via the Have I Been Pwned integration, dark-web monitoring for your email, a phishing scanner that checks URLs and QR codes in real time, a Wi-Fi analyser that tells you if your home network is broadcasting your device to anyone in range, and a password health check so you know which accounts are still using that 2009 password you forgot you had. On Fortress, we add data-broker exposure checking, so you know which companies are selling your personal information, and our GDPR Autopilot, which automatically files data-subject access requests on your behalf.

Privacy first, not privacy theatre

Here's where most alternatives fall apart. They claim to be privacy-first, then they collect analytics. We made a different call. On the free tier, every scan runs on your device. Your email, your phone number, your app list - none of it leaves your phone. It sits in encrypted storage. We don't send it to servers we don't control. We don't use it to build profiles. That's not a feature we mention in a banner. That's how we operate.

When you move to Shield or Fortress, some checks need server-side processing (breach checking, dark-web monitoring, data-broker lookups). But even then, we're minimal. We use HIBP's API for breach data, which means we only send your email hash, not your email. Dark-web monitoring works the same way. You don't hand us credentials or data; you hand us a hash. And anything we do store (your preferences, your scan history, which notifications you want) lives in encrypted storage on your device, accessible only to you.

This matters because it's 2025, not 2015. Privacy isn't optional. It's not a premium feature that only paranoid people buy. By 45, most people have realised that their data is being treated like currency. ARK respects that.

Stalkerware detection isn't paranoia, it's necessary

We built stalkerware detection into the free tier because we kept seeing the same story. Someone would download ARK, run it, and suddenly realise their ex-partner had been monitoring their location. Or a parent would check their teenager's device and find tracking software installed by someone else entirely. Stalkerware is quieter than malware. It doesn't spam you with ads. It doesn't brick your phone. It just watches. And most security tools ignore it completely because it's not a 'threat' in the traditional sense.

Truecaller doesn't care about this. It's not a phone security app. But if you're between 25 and 45, if you've ever been in a relationship that ended badly, if you're a parent, if you manage devices for people who might be at risk, stalkerware detection isn't a nice-to-have. It's essential.

The forest versus the trees

Truecaller solves one problem brilliantly: spam calls. There's value in that. But spam calls are symptoms. The real question is whether your phone, your data, and your identity are actually safe. Those are different problems entirely. One requires a call database. The other requires understanding permissions, breach history, network exposure, app behaviour, and data broker activity.

A user in our Shield tier got an alert last week that her email was in three separate breaches, none of which she'd seen publicly disclosed. She changed passwords, set up 2FA on the critical accounts, and moved on. She had no idea that information was out there. Truecaller wouldn't have told her. No spam filter would have mattered once her credentials were already compromised.

That's the difference. One tool stops you getting bothered. The other helps you stay actually safe.