The 0-100 security score isn't just a number. It's a map.
A user messaged us last month: 'I got a 67. What do I do now?' That question shaped how we rebuilt the score system. A number means nothing without direction.
Why we moved away from the binary pass-fail model
When we launched ARK, I thought the security world worked like a credit score because, well, it does. Banks don't tell you 'you're approved' or 'you're denied' - they give you a number and tell you which accounts to fix. But mobile security was different. Most apps just said 'your phone is safe' or 'your phone is at risk.' Binary. Useless if you land in the middle.
The problem is that nobody's phone is perfectly secure or completely compromised. You've got twenty decent choices and three risky ones. You've got a strong password but an old app asking for camera permissions it doesn't need. You've got location tracking buried four menus deep. A binary system can't tell the difference between 'mildly exposed' and 'catastrophically exposed,' so it defaults to scare tactics.
We wanted something honest. A number between 0 and 100 forces you to make trade-offs visible. It also stops the panic. When someone sees a score of 73, they know they're above water. When they see 42, they know work is needed. And they get a ranked list of what to fix first.
How the action breakdown actually prioritises your problems
The score breaks down into four targeted scans. Device security checks system settings and app installations. Network exposure looks at Wi-Fi and DNS leaks. App permissions audits what you've granted to each app. Breach exposure checks if your email shows up in known data breaches via HIBP integration.
Each scan returns a small number of high-confidence findings, not a wall of noise. We reject the 'flag everything' approach because it causes decision fatigue. One person I spoke to in testing had seventeen security apps that all screamed red - and she'd stopped listening to any of them. Her phone was genuinely at moderate risk, but she couldn't hear it because of the noise.
The action breakdown ranks findings by impact, not by alarm level. Stalkerware on your device is number one, full stop. An app with unnecessary location permissions is number five. A weak Wi-Fi connection you can avoid is number twelve. You see the score change in real-time as you fix things, which creates a feedback loop that actually feels motivating instead of punishing.
The one-tap deep-link strategy that actually gets used
We realised early that telling someone they have a problem is half the work. Sending them to Settings and asking them to navigate three submenus is where most people drop off. So every finding comes with a one-tap remediation link that takes you straight to the setting you need to change.
The stalkerware detector goes into this mode immediately, free for everyone. We don't charge for safety basics. Shield tier adds the dark-web monitor, which watches for your email and credentials being traded on dark-web markets, and the phishing scanner that works on QR codes and URLs in messages. Fortress adds the data-broker exposure check, which tells you which companies are selling your personal data - then provides an automated GDPR Autopilot feature that sends data-subject requests on your behalf.
But the score itself, the 0-100 number and the core action breakdown, stays free. We built that foundation on the principle that security shouldn't be gatewalled. The moment you make basic awareness a paid feature, you've lost most people.
Why we don't claim to be an antivirus
This matters because it's the question we get most. We're not a virus scanner. We're not a VPN. We're not a password manager. What we do is audit the security hygiene of your actual phone, right now, based on settings, exposures, and permissions. It's a very different thing.
You can have zero viruses and still be at serious risk. Your location could be exposed to your Wi-Fi network. Your email could be in five breach databases. Apps could have permissions you forgot you granted. An antivirus catches one class of problem. ARK catches the categories most people actually face in normal life.
We store sensitive data like emails in iOS SecureStore and Android EncryptedSharedPreferences, never in plain text. On the free tier, most scans are on-device, so we're not sending your data anywhere. We don't have an analytics pipeline on free-tier results because that would be dystopian - you're checking your own security, not feeding a marketing engine.
What the score tells you about yourself
The score is personal. A parent checking their teenager's device will read it differently than a freelancer managing multiple devices or someone who's been in a major breach. The action breakdown respects that. It doesn't assume everyone needs the same fixes.
I've seen scores in the 55 to 70 range from people with genuinely sensible security posture, because they're running older devices or using apps that demand certain permissions. I've seen scores in the 85 range from people who are still at real risk because they've ignored one critical item. The number is useful, but the action breakdown is the real tool.
The most satisfying feedback comes from people who've gone from 'I don't know where to start' to 'I fixed three things and my score went from 51 to 74.' That's the moment they feel in control of their own device.
If you've never seen your phone's security in numerical form before, what do you think you'd find in your own action breakdown?