What Norton Mobile Security doesn't tell you about your privacy

The Norton trap: paying for peace of mind you don't have

Norton's antivirus-first model made sense in 2005. Your computer could get infected. You bought Norton. Life was simpler. But mobile is different. Your phone doesn't need antivirus the way a Windows machine did. What it needs is visibility. What are the apps doing right now? Which ones have access to your photos, location, contacts? Which of your passwords are weak? Has your email been in a breach?

Norton treats mobile like a scaled-down PC. You get a score, sure. But it's opaque. The score doesn't tell you why it moved. The scanning is generic. And here's the part that bothers me most: Norton collects analytics on free-tier scans. They're building a profile of your device health trends whether you pay them or not.

For someone between 25 and 45, who's probably been in at least one data breach, seen their email on the dark web, or received a phishing text, this feels like the wrong trade-off. You're paying for protection that treats you like a consumer, not a person who has a real stake in keeping their data private.

A security score that actually means something

When we built ARK, we started with a single question: what would make a 35-year-old who's been breached before actually feel safer? Not safer theoretically. Safer in a way they could understand and act on in under five minutes.

The answer was the 0-100 security credit score. It's not a marketing number. It's derived from five real scans: device security (patches, biometrics, encryption), network exposure (is your phone leaking DNS queries?), app permissions (which apps can see what?), breach exposure (have you been in a known breach?), and something Norton doesn't even look at: stalkerware. We check for it free, on every device, because abusive relationships are a real threat and nobody else does this.

The number moves when something changes. And when it does, you see why. You get one-tap links to actually fix things. Not "enable two-factor authentication." A link that opens your Google Account security page and shows you which apps don't have 2FA yet. Real friction reduction.

But here's what makes the difference: on the free tier, none of this creates a profile we sell to advertisers. The scans that matter for privacy run on-device. We don't see your data. Norton does.

The features that aren't optional if you've been burned before

Most people who switch from Norton to ARK have a breach in their past. They received a notification from Have I Been Pwned or a company email saying "we were hacked." They changed passwords. Then what? They forgot about it. Or they didn't, and they spent years wondering which of their accounts were still at risk.

With ARK's Shield tier, we check your email address against known breaches continuously. But that's table stakes now. What matters more is the dark-web monitor. If your email or a password appears in a dumped credential list before it's in HIBP, you hear about it. Real people have told us this has given them weeks of warning before a breach went public.

The other features feel smaller until you need them. The Wi-Fi analyser stops you connecting to a malicious hotspot. The phishing scanner works on QR codes and URLs, catching the attacks that slip past your email filter. The DNS leak test shows whether your VPN is actually working. The 2FA audit tells you which of your accounts don't have two-factor enabled, and it does this by connecting to those services properly, not by guessing.

None of these are flashy. But they're what people actually need. When I talk to users who've been in breaches, they don't want antivirus theatre. They want to know which of their decisions and accounts are putting them at risk right now.

Privacy actually means something when you choose the company carefully

I'll be direct about this: the privacy narrative in mobile security is mostly theatre. Everyone claims to be privacy-first. Almost everyone monetises your data somehow. Norton doesn't hide this. They collect analytics. It's in their privacy policy. Millions of users find this acceptable.

But if you're the kind of person who reads privacy policies, if you're in the 25-45 bracket with a mortgage and family photos and banking apps on your phone, you probably want something different.

With ARK, the on-device scans stay on-device. Your email address isn't stored as plain text somewhere. We use iOS SecureStore and Android EncryptedSharedPreferences. The data that does leave your phone (breach checks, dark-web monitoring) is sent encrypted. We don't build behavioural profiles. We don't sell analytics to third parties. If you're on the free tier, there are no ads.

This sounds like marketing. It's not. It's a choice we made about what we wanted to build. We thought about who needs mobile security most, and we built for them instead of for advertisers.

When Norton isn't enough, the upgrades don't exist

Let's say you've been on Norton for a year and you realise you want more. You want to know which data brokers are selling your information. You want to understand which SDK permissions could be harvested. You want to audit your voice-clone risk (because deepfakes are real now). You want automated GDPR requests sent to companies holding your data.

Norton doesn't have any of this. Their upgrade path ends. You're at the top of what they offer, and it's not enough.

ARK's Fortress tier exists for the person who's gone from "I should probably care about this" to "I actually care about this." The data-broker exposure check scans public records. The SDK X-Ray breaks down which app libraries could leak what. The GDPR Autopilot sends formal data-subject requests to every company that has your information on file. The voice-clone risk check audits whether your biometric data could be spoofed.

These features exist because privacy-conscious people asked for them. We built them. That's the difference between a platform built by and for privacy-conscious users, and one built by a security company that happens to have a mobile app.

The question that actually matters

When you open your security app, what do you want it to tell you? Do you want a score that makes you feel better? Or do you want to know what's actually at risk, and have the tools to do something about it in the next five minutes?

Norton is good at the first thing. ARK is built for the second. If you've been in a breach, received a phishing text, or just realised you don't actually know which apps have permission to your location data, the difference matters.