One Score, One Tap, Real Change

The checklist problem

Before we launched ARK, people expected a list. Every security app shows you a list: 47 things you should worry about. 12 apps with dangerous permissions. 3 trackers on your device. Most users look at that list, feel overwhelmed, close the app, and forget about it.

The score solves that. Instead of drowning you in data, we give you one number. Zero to 100. Your device right now is, say, a 64. That clarity is everything. You don't need to understand cryptography or network protocols to know that 64 is 'I should probably do something about this.'

But a score alone is useless if you don't know what moved it. That's where the action breakdown comes in. When you tap your score, you see exactly which scans made up that number: device security (maybe 78), app permissions (maybe 52), breach exposure (maybe 71). Each one shows you the specific issues, ranked by severity.

The scans that actually matter

We started with four core scans because we kept hearing the same four worries from users: 'Are my apps asking for too much?', 'Have I been in a breach?', 'Is my network safe?', and 'Am I being tracked?'

Device security looks at your phone's own setup. Are your updates current? Is your lock screen properly set? Are suspicious apps installed? It's the baseline.

App permissions is the one that usually hits hardest. We check every app you've installed and cross-reference its requested permissions against what it actually needs to function. A photo editor asking for your contacts? That moves your score. A weather app wanting microphone access? We catch it.

Breach exposure runs against Have I Been Pwned. If your email appears in a known breach, you'll see which one, when it happened, and what data was compromised. This is Shield tier only because the data lookups cost us money to run safely.

Network exposure checks whether your device is leaking data over unsecured connections or whether your DNS queries are being logged. Network exposure is part of what Shield adds alongside the Wi-Fi analyser, DNS leak test, and 2FA audit.

Why one tap matters more than you'd think

Knowing you have a problem and being able to fix it are two different things. We saw users get their score, understand the issue, and then get stuck because fixing it meant diving into Settings, finding the right app, digging through nested menus, and remembering which permission to revoke.

So every issue in your action breakdown has a one-tap remediation deep-link. Found a permission you want to revoke? Tap it, and your phone opens directly to that app's permission settings. Found stalkerware or suspicious network activity? Tap it, see what we found, and uninstall from there. We're not fixing your phone for you because you should always be in control of what happens on your device. But we're not making you hunt for the fix either.

This is why we also built in the stalkerware detector as a free feature. That one scan doesn't call out to any server. It runs on your device, checks for known stalkerware signatures, and tells you if anything looks suspicious. No compromise on privacy for something this important.

Privacy stays local when it can

People ask me whether we track what you scan. We don't on the free tier. Your score calculation, your permission check, your stalkerware scan, everything happens on your device. Nothing leaves your phone unless you explicitly choose Shield or Fortress and opt into dark-web monitoring or data-broker checks. Even then, your personal information is stored encrypted, not in plain text.

The reason we built it this way is simple: we're asking you to show us the most sensitive data on your phone. The apps you've installed, the permissions you've given, the files you store, the networks you join. If we're going to ask for that access, we shouldn't be monetising your privacy to pay for it. Free should mean free, even if it means we make less money.

For users on Shield or Fortress who want deeper checks, we added the things that do require servers: breach monitoring via HIBP, dark-web scanning for your email, phishing detection on links you send us, and password health checks. All of it encrypted, all of it stored safely.

The score is a conversation starter

We also built ARK for people checking their family's devices or managing phones across a small business. A parent can run a scan on their teenager's phone and see the score, understand what it means, and then sit down and talk about why giving TikTok location access indefinitely might be worth a second look. A business owner can scan team devices, flag the ones below a certain threshold, and start a conversation about security hygiene without turning it into a punishment.

The score doesn't shame. It just tells you where you stand. From there, you decide whether a 64 is acceptable to you, or whether you want to spend 15 minutes bringing it up to an 82. Privacy is personal. Security is individual. We built a number and a roadmap so you can decide what's right for your threat model, not ours.