What your app's privacy risk score actually means
A week after Guard launched, I got an email from a woman in Manchester. She'd run the audit, seen her banking app come back with a yellow flag, and immediately panicked. The message was simple: 'Does this mean my money is at risk?' It wasn't. But her question made me realise we'd built something people wanted to understand, and we hadn't spent enough time explaining what the number on screen really meant.
The problem with permission lists
Before we built Guard, I used to open my Settings app and stare at the Permissions section the way you'd stare at a car repair estimate. Apps asked for Camera, Microphone, Location, Contacts. Some made sense. Some didn't. But the list itself told you almost nothing about actual risk.
I'd installed Spotify. It wanted Location. Why? I had no idea. Without context, a permission list is just a list. It doesn't tell you whether an app is asking for something unusual for its category, whether that permission gets used constantly or sits dormant, or whether you should care. The number of permissions says nothing about harm.
We decided early on that Guard wouldn't just show you what apps ask for. It had to rank them. That's where the privacy risk score came in. Not as a security verdict, but as a conversation starter. A way to say: this app is asking for more than typical apps in its category, and here's why you might want to look closer.
How we actually built the score
The score is based on five dimensions. One: how many sensitive permissions does the app request? Two: are those permissions necessary for what the app does? Three: is this app in a category where that level of access is normal? Four: can you control the permissions in iOS Settings, or is this something Apple locks down? Five: what's the tracking footprint?
We started with a curated set of twelve common apps. Spotify, Instagram, TikTok, Gmail, iCloud, Photos, Maps, Calendar, Notes, Health, Safari, Settings. We know these apps intimately. We know what they need. We know what's standard in each category and what's odd. A camera app that asks for Location? Unusual. Reasonable to flag. A weather app that asks for Contacts? That's worth a closer look.
When you open Guard, you see a risk score for each app, colour-coded. Green is typical for the category. Yellow means it's asking for something you should review. Red flags a permission that stands out as notably unusual. That doesn't mean red is dangerous. It means different. It means worth a tap.
What the score doesn't do (and why that matters)
Here's the hard truth: iOS sandboxing means no app can audit what another app actually does with permissions. Apple doesn't expose that data to third-party developers. We can't see whether TikTok is genuinely using your camera or not. We can see what it asked for. We can't see what it touches.
This is why Guard is built the way it is. It's a teaching tool. It shows you what permissions are in the system, walks you through what's normal and what's not, and then gives you a direct link into iOS Settings where you can actually control them. The score is the hook that makes you look. The action is what matters.
When the woman from Manchester tapped her banking app's yellow flag, she saw it requested Location. The score made her ask the question. The deep-link took her straight to the Settings toggle where she could turn it off. That's the whole system working. The score gave her permission to care about something that otherwise would have been background noise.
Real scores from real apps
Gmail comes back green. It asks for Camera (for video calls), Microphone, Contacts, Photos. That's expected for an email and chat app. iCloud also green. Typical for a sync and backup tool. Instagram comes back yellow. Video and photo sharing, so Camera and Photos make sense. But it also asks for Location, Bluetooth, Microphone, and Contacts. For a social app, that's a wider net than you see in competitors.
The score isn't a judgment on whether Instagram is evil or good. It's a flag that says: this app asks for more access than a typical Instagram-like app in your phone. Now you can decide if that bothers you. Some people won't care. Some people will immediately revoke Location and Bluetooth. Either choice is informed, which is the whole point.
In Personal Pro, you get real-time alerts when an app changes its permissions. You get a clipboard safety check because we noticed apps reading clipboard data constantly. You get tracking breakdowns and a data exposure profile that shows you which of your sensitive categories are exposed to which apps. But the foundation is still that score. It's the entry point.
Why we didn't call it a threat level
Early versions used language like 'Threat' or 'Safety Risk'. Our test users hated it. They said it made them feel like they had to act immediately, or that they'd made a terrible choice by installing the app. We didn't want that. Most people need Gmail. Most people use Instagram. The score isn't here to make you uninstall things. It's here to make you see what's on your phone.
So we settled on 'Privacy Risk Score'. Risk is neutral. It's real. A permission request is a risk surface. You're exposing something. Now you can choose to control it or not. But you're not being told you've made a stupid decision by downloading the app in the first place.
That distinction mattered to us because we're not building for paranoia. We're building for people who want to know what their phone is doing. Mostly they want to know so they can decide what to do about it. Sometimes the answer is nothing. Sometimes it's a quick toggle in Settings. Either way, you're in control.
When you tap into iOS Settings from Guard and revoke a permission, you're not trusting an algorithm. You're taking back control that was always yours to take. The score is just the thing that made you look. Have you ever checked a single app's permissions without something prompting you to?