Why we built ARK as a security credit score, not a checkbox scanner
Last summer, a user messaged me. She'd run a popular security app, got a green tick, felt safe, then discovered her email in a data breach she'd never heard about. She wasn't angry at us. We weren't her app. But her message stuck: 'I thought I was protected. What does that tick even mean?'
The problem with trust signals that don't signal anything
Most security apps do the same thing. They scan your device for malware. They check your app permissions. They tick boxes. A green light appears. You feel safer. But you don't actually know if you're safer, because a checkbox doesn't tell you much.
Lookout works that way. It's a capable app. It catches real problems. But its interface doesn't answer the question people actually care about: 'On a scale of one to a hundred, how secure am I really?' Instead it offers general threat ratings and permission overviews. Helpful, yes. Comprehensive, no.
When we started building ARK two years ago, we decided to flip that. Instead of checkboxes, we'd give you a single number: your security credit score, 0 to 100. Just like a financial credit score tells a lender something concrete about your risk profile, your security score tells you something concrete about your exposure.
The score is the start, not the finish
Here's what changes when you have a score instead of a checklist. The score forces clarity. If you're 67 out of 100, you know you're above the median but not safe. That knowledge has weight. It invites action in a way a green tick never does.
Then ARK shows you the breakdown. Device security, network exposure, app permissions, breach exposure. Each category has its own score. You see exactly where the weak spots are. And here's the part that matters: every scan ends with a one-tap fix. Not a vague recommendation. Not a link to settings buried three menus deep. A deep-link that takes you directly to the remediation, right now.
Lookout offers threat detection and app scanning. It's solid work. But the remediation is mostly on you. You read an alert, you hunt for the setting, you make a change. We wanted faster action. More people actually fixing things instead of dismissing notifications because the friction is too high.
Privacy as a design choice, not an afterthought
On the free tier, ARK runs scans on your device. Your data doesn't leave your phone. We don't fire analytics events about what we find. We don't build a profile of your security posture to sell to insurers or advertisers. This wasn't accidental. It was a deliberate choice that shaped how we built the whole product.
That constraint forces you to be clever about what you scan and how you scan it. Stalkerware detection, for instance. You don't need to send stalkerware signatures to our servers. You can match them locally. You can do permission analysis on device. You can check whether apps have excessive privileges without ever knowing which apps those are.
Lookout, like most established security vendors, runs cloud analysis on samples and telemetry. That's how they catch new threats at scale. It works. But it means your device data flows through their infrastructure. If privacy is your priority - and if you're reading ARK's blog, it probably is - that's a different trade-off than what we offer on the free tier.
When you need to go deeper: breach exposure and dark-web intelligence
The free score gets you 80 percent of the way there. But if you've ever been in a breach, you need more. That's why Shield exists. £2.99 a month or £29.99 a year.
With Shield, you get breach check through HIBP integration. We verify if your email is in known breaches. You also get a dark-web monitor that actually looks for your credentials, not just your email. Phishing scanner for URLs and QR codes. Wi-Fi analyser to spot network vulnerabilities. Password health check. DNS leak test and 2FA audit to make sure your backup authentication isn't accidentally exposed.
Lookout has similar detection capabilities. But we've found that people need these features integrated into a single score that updates regularly. One number that answers: 'Have new threats appeared since last week?' It's a small thing, but it changes how people think about security. Not as a one-time scan, but as an ongoing measurement.
The tier that exists because we asked ourselves what privacy paranoia actually needs
Fortress is £7.99 a month or £79.99 a year. It exists because we spent weeks interviewing people who'd been burned. Not just in breaches. In data-broker scraping. In creeping surveillance. In AI voices cloning their relatives' voices.
GDPR Autopilot sends data-subject access requests on your behalf, automatically. Data-broker exposure checks tell you which companies have compiled profiles on you and how to get removed. SDK X-Ray and our AI Opt-Out Hub scan your apps for invasive integrations and generate removal commands. Voice-clone risk flags generative AI threats. BYOD audit is for small business owners who need to audit their team's devices without anyone panicking.
Lookout doesn't offer these. Not because they're impossible. Because they're niche. We built them because our audience isn't the average phone owner. It's the person who reads privacy terms. Who worries about data brokers. Who doesn't trust that a single green light means anything.
What actually matters when you choose between them
If you want antivirus scanning and malware detection, Lookout is a fine choice. It's been around since 2007. It has scale and reputation. If you want to be told whether your device is infected, it works.
If you want to understand your actual exposure layer by layer, with one number that moves and tells you whether you're safer than you were last month, with one-tap fixes instead of instructions, and with the option to keep your data on device if you choose to, then ARK is different.
Neither is objectively better. But they're built on different philosophies. Lookout is a security company applying enterprise risk logic to consumer phones. ARK is a privacy-first team asking: what if people actually knew, quantitatively, how exposed they were, and what if fixing things took seconds instead of minutes?
The user who messaged me last summer eventually tried ARK. Her score was 42. That number scared her enough to act. She hit the fixes, got to 78, and messaged again. 'Now I understand what I was missing.' That's the difference a score makes. What's your security score right now, and more importantly, do you actually know it?