The stalkerware detector nobody asked for (until they needed it)

Why stalkerware matters more than you might think

Stalkerware isn't a category most security conversations touch. Antivirus vendors ignore it. VPN companies never mention it. It doesn't fit neatly into "threats" because it's legal software, weaponised. A person with physical access to your phone can download legitimate monitoring apps and watch your location, read your messages, see your passwords. The apps sit there, mostly invisible.

We started building ARK's security score around app permissions. You know the screen you skip through when you install something new? The one asking for camera, contacts, location? That's where stalkerware hides. But not everyone reads those prompts. And some people read them under pressure, or don't understand what "background activity" means.

When that email came in, I realised our stalkerware detector wasn't a feature add-on. It was the feature. Everything else we'd built in ARK was aimed at your own digital habits. This one aimed at protecting you from someone else's.

How we actually detect it

The detector works by scanning your installed apps against a database of known stalkerware packages. We maintain a list of applications that meet specific criteria: they run silently, request sensitive permissions, and are designed to monitor someone without their knowledge. Apps like SpyBubble, mSpy, Spyix, Flexispy. The list grows.

When you run a scan in ARK, we cross-reference every app on your device against that database. If there's a match, we surface it immediately. No false positives. No scare tactics. Just a clean signal: this app is flagged as stalkerware.

The technical side is straightforward. We pull package names from your device, compare them server-side, and return results. On iOS, we rely on what's visibly installed. On Android, the same. We're not looking for hidden processes or rootkits. We're looking for stalkerware that relies on being installed openly, then hidden in a folder with an innocuous name or tucked behind a fake calculator icon.

This is why the detector is free for every user, regardless of tier. It's not a premium feature locked behind a paywall. If someone's being monitored, they shouldn't have to pay to know about it.

What happens when we find something

Detection is half the battle. The other half is giving you an immediate way to act.

When ARK flags stalkerware, we surface a one-tap remediation link. You don't have to navigate Settings, hunt for the app in your device administrator list, or contact support. You tap the button. It takes you directly to the uninstall screen.

Some stalkerware hides itself in device administrator settings (particularly on Android), which prevents normal uninstall. We flag that too. If the app's blocking removal, we tell you exactly where to go in your settings to revoke admin access first, then uninstall.

We're not stopping there. If you're on Shield or Fortress tier, you have access to breach checks via Have I Been Pwned integration and dark-web monitoring. So if your email was compromised, we show you that in context. Sometimes someone's monitoring you because they already have your credentials. The full picture matters.

The conversations this started

Building the stalkerware detector forced difficult conversations inside our team. How aggressive should our warnings be? Should we ever suggest someone's being monitored if the evidence is ambiguous? What if someone's parent installed a monitoring app legally on their teenager's phone?

We landed on this: we flag known stalkerware. We don't speculate about intent. A parent managing a child's device through legitimate parental controls is different from an abusive partner covertly monitoring someone. The apps themselves tell that story through their design and reputation.

What surprised us was the feedback. People weren't using the detector to reassure themselves they were safe. They were using it because they *knew* something felt off. A partner's behaviour changed. A phone that overheated. Battery draining in hours. Location shared without consent. These weren't abstract concerns. These were people in difficult situations who needed a concrete answer.

That framing changed how we talk about ARK. It's not about being paranoid. It's about having clarity when you need it.

What the detector can't do

It's important to be clear about limits. We scan for known stalkerware. New apps, obscure packages, or custom builds won't show up in our database until we catalogue them. It's a game of catch-up.

We're also not scanning for general spyware or rootkits. That requires kernel-level access and would drain your battery in minutes. We're looking for installed applications, not hidden system processes. If someone's monitoring you through network-level tools or carrier-based solutions, that's outside our scope.

And here's something we had to accept early: if someone with administrator or root access to your device wants to monitor you, you're already compromised. No app can fully protect you from that. What we can do is help you spot the common, obvious ones, and give you a path to remove them fast.

Why this matters now

Coercive control is often invisible. It operates through technology. People's phones contain their entire lives, and increasingly, someone else's control over those phones is part of intimate abuse, workplace harassment, or family coercion. We can't solve the human side of that. But we can remove a tool from the equation.

Every time someone uses ARK's stalkerware detector and finds nothing, that's reassurance. Every time they find something and remove it, that's agency returned. We built this feature because it turned out not to be optional.