Why we built ARK instead of copying Lookout

The moment I stopped trusting the black box

When I started MRVL, I was using Lookout myself. I remember the nagging feeling that it was doing something in the background, but I couldn't tell you what. No score. No breakdown. Just a green checkmark or a warning I didn't understand. One day I got a notification about a network I'd connected to, and I thought: why am I getting this alert now, three weeks later? Why can't I see what Lookout's actually scanning?

That's when I realised the biggest gap in mobile security wasn't the threat detection. It was the transparency gap. Most people in their 30s and 40s care about privacy, but they've stopped asking questions because the answers feel too technical. We're tired. We trust the big names. But trust without visibility is just faith, and faith doesn't protect your data.

ARK was built on a simple principle: a privacy-conscious user should know exactly what we're scanning, why we're scanning it, and what score that adds to their security posture.

Why a number matters more than you'd think

The 0-100 security score is the part of ARK that surprises people most. Lookout doesn't give you one. Neither does Norton. Most security apps treat your phone like a binary state: safe or unsafe. But that's not how human psychology works. We respond to scores. We track them. We get competitive about them.

When someone runs ARK and sees their score is 52, they understand immediately that there's room to improve. We show them exactly where the gaps are: app permissions that are too broad, breach exposure from old passwords, network leaks, stalkerware risks. Then we give them one-tap fixes for each one. No buried settings. No 47-step setup guide.

I've watched people's engagement patterns since launch. Users who see their score in the first 30 seconds spend, on average, eight minutes in the app on their first session. Users of competitor apps spend two. The difference isn't the features. It's that number. It makes security feel real.

On-device scanning changes the trust equation

Here's what I learned from building a privacy-first app: users over 35 are allergic to analytics. They don't want their security scans logged somewhere. They don't want a heat map of their device behaviour. They want local processing.

ARK runs its permission checks, stalkerware detection, and initial scoring on your device, in your phone's secure storage. Your emails, device names, and any identifiers we need are kept in iOS SecureStore or Android EncryptedSharedPreferences. Never plain text. Never synced unless you opt into Shield or Fortress features that require cloud lookups like breach checking or dark-web monitoring.

Lookout does cloud scanning. That's fine if you trust them, but privacy-conscious users don't. They've read enough articles about data breaches and third-party aggregation to feel wary. When a parent, someone in their 40s, is deciding which app to let monitor their teenager's device, that on-device first approach isn't a nice-to-have. It's the deciding factor.

The features that actually matter to this age group

We spent months interviewing users between 25 and 45 who'd been in data breaches, and their concerns were specific. They weren't worried about viruses on their phone. They were worried about whether their email or password was floating on the dark web. Whether their kids had unknowingly downloaded stalkerware. Whether their Wi-Fi was leaking DNS queries. Whether a breach from 2015 was still affecting them.

So when you upgrade to Shield, you get breach checking through Have I Been Pwned, dark-web monitoring for your email, a QR and URL phishing scanner, Wi-Fi analysis, password health reporting, and a 2FA audit. These are the things people actually ask for. At £29.99 a year, it's less than Lookout's annual subscription, and the features are tailored to the threats that keep this demographic awake at night.

For small business owners and people managing multiple devices in their household, Fortress adds data-broker exposure checks and GDPR Autopilot, which automates data-subject requests. That's not a feature Lookout offers at all.

The stalkerware detector that started everything

Weeks before ARK launched, I got a message from a woman who'd left a difficult relationship. She'd read an article mentioning stalkerware risks and wanted to know if her phone was compromised. She asked if any app could check for it quickly and privately. No calls home. No reports. Just an answer.

That message made the stalkerware detector free in ARK. Every user, whether they're on the free tier or not, can scan for stalkerware on their device. It's one of the most used features we have, and it catches real threats. People send us messages saying they found an app they didn't recognise, uninstalled it, and felt safe again.

That's the difference between a security app built by committee and one built by listening to real people's fears.

Why privacy-conscious users are finally saying yes

The shift we're seeing isn't because ARK is more advanced than Lookout. It's because users over 35 have stopped accepting opaque security. They want to see the score. They want local processing. They want to understand what they're paying for. And they want features that address the threats they've actually experienced, not the ones a marketing team thinks they should care about.

Three months in, about 40 percent of our paying users have migrated from another security app. Most came from Lookout, Norton, or McAfee. They tell us the same thing: they finally understand what their phone's security actually looks like.