Why we built dark-web monitoring into ARK

The gap between a credit score and what people actually needed

When we launched ARK's security score last year, we thought we'd solved a real problem. Your phone gets a 0-100 score. You see which permissions are risky, which networks are exposing you, which apps have asked for access they don't need. One tap fixes most of it. That part works. We've had thousands of users run scans.

But the score was only looking inward. It measured your phone's hygiene, not your digital footprint beyond it. We were giving people a clean bill of health on their device, then sending them out into a world where their credentials were already on sale. That felt incomplete.

The Ticketmaster customer's email wasn't her mistake. It wasn't her phone's fault. Her data breach had nothing to do with her device permissions or her Wi-Fi security. But it absolutely affected her risk profile. She needed to know.

Listening to the people who've actually been breached

We spent November and December talking to users. Not focus groups. Real conversations. Parents who'd had their email in the MOVEit breach and wanted to check if their kids' accounts were exposed. Small business owners managing five or six staff phones, all of them worried about the Latitude breach. A woman in her 40s who'd been in three separate breaches in the last four years and was, frankly, exhausted by the uncertainty.

The pattern was consistent. They didn't want another scanning tool. They didn't want an antivirus or a VPN. They wanted to know, specifically, if their credentials were already circulating underground. And they wanted that information right there in ARK, where they were already checking their phone security. One app. One score. One place to act.

We realised the security score wasn't just about your device anymore. It had to account for your presence in the wider threat landscape.

Building dark-web monitoring without the privacy tradeoffs

Here's where it got tricky. Dark-web monitoring sounds simple until you start building it. Every other service we looked at wanted your email address, your phone number, sometimes your credit card details, all uploaded to their cloud. They'd scan breach databases on your behalf. Most of them also fed analytics data back to their servers. That defeated the entire purpose of ARK.

We wanted to add dark-web monitoring, but we had a hard constraint: your personal information stays on your device unless you explicitly ask us to check it. So we built it differently. Your email address and any other PII you want to monitor lives in iOS SecureStore or Android EncryptedSharedPreferences. Never plain text. Never in the cloud unless you've opted into Shield tier.

When you run a dark-web scan, we query breach databases on your behalf, but we're not uploading your data to a third-party API and waiting for results. The check happens, and the results stay with you. We don't track who checked what. We don't build a profile. It's privacy-first by design, not by accident.

We shipped it in Shield tier alongside the Wi-Fi analyser, DNS leak test, password health check, and 2FA audit. Things that made sense together. Things that completed the picture of your actual risk.

What the data told us about our actual users

Three weeks into the Shield launch, we had a number that surprised us. Forty-two percent of people who ran a dark-web scan discovered they were actually in a breach they didn't know about. Not the big ones on the news. Small vendor breaches. Old platforms. Fitness apps. Newsletter services. Things people had forgotten they'd signed up for.

Some of them had been exposed for years. One user, a property manager in Manchester, discovered her credentials were in the 2019 Collection #1 dump. She'd changed her password everywhere once, years ago, and assumed she was clear. She wasn't. The scan found it. The one-tap remediation links told her exactly which accounts to prioritise.

That's when we understood what ARK was actually becoming. Not a device security scanner with a dark-web add-on. A tool that bridges the gap between what's happening on your phone and what's happening to you online. Your score accounts for both now.

The scans you run tell you what matters most

ARK still starts with a free scan. Permission check, stalkerware detector. No paywall. That's intentional. Privacy-conscious people should be able to see what their phone is doing without handing us money.

But if you've been breached, or you're managing family devices, or you're a small business owner who needs to know your people are secure, you run the scans that matter. Dark-web monitoring. QR phishing detection. Password health. DNS leak tests to see if your network is leaking queries. The full picture costs £2.99 a month on Shield tier.

We're not trying to scare people into paid tiers. We're trying to let them choose what they actually need to know. Some people just want to check their phone. Some people need to check the entire threat landscape around them. Both are legitimate. Both now have a place in ARK.

A security score that meant something

The original question we set out to answer was simple. Can you give your phone a score that actually matters? Now, a year in, the question's bigger. Can you give people clarity on their actual security posture, not just their device hygiene?

That Ticketmaster customer who emailed us in October? She's been using ARK Shield for four months now. She ran a dark-web scan. Found herself in two more breaches she didn't know about. Fixed them. Now she runs a monthly check. Her security score is in the 70s. Not because her phone got worse. Because she knows what's actually at risk.

That feels like progress.