PrivMetrics App rating system is based on ndersing basic anomaly detection methods along five metrics that we consider as indicators of a privacy level of an app. The underlying idea is that apps can be grouped according to their high level functionality (E.g. Social Networks and Maps & Navigation) and each group should have a similar pattern when it comes to request permissions or executed API calls. An app deviating significantly from the peers of the group can be considered as an anomalous app. The groups are either existing Google Play Store app categories or more narrowed down groups derived by applying k-means clustering in app descriptions.
E.g. Some Google categories such as Tools can be very broad and may contain apps multiple sub groups such as Back-Up apps, Calendar apps, and Anti-Virus apps, each will be having different permission request patterns.
Number of requested permissions.
Deviation of requested permissions from average behavior (Google Categories)
Number of integrated third party trackers
Number of executed dangerous API Calls by the trackers
In the current version each of these metrics have an equal weight towards the final rating. I.e. The final rating is the average of each of the above-calculated probabilities.
In addition, we check whether an app contains malware by using a malware DB and if it is found to contain malware the rating will be 1 irrespective of the values of other metrics.
PrivMetrics was not designed as a replacement of antivirus software or to immediately analyze every individual app in your phone. A high privacy score may not necessarily mean that the app/phone is free from malware or safe from data breaches. PrivMetrics does not collect any personal data from your device and you should not send us any information that contains personal, confidential or sensitive data.