Why 80 became our privacy risk threshold

The problem with one number

When we started building Guard, we knew we wanted to give users a single, glanceable score. Not a table of percentages or a cryptic colour wheel. One number that meant something.

But we made an error early on. We published scores across a 0 to 100 scale with no anchor. A score of 65 felt bad. A score of 45 felt okay. But nobody knew why. We were handing people a metric without context, which is almost worse than no metric at all. It creates the kind of anxiety that makes people disable every app, or ignore the score entirely.

We needed a threshold. A line in the sand that said: below this, you're managing your privacy reasonably well. Above this, you should take action now.

What actually goes into the score

Our risk score reflects the permissions an app requests and what those permissions could theoretically access on your device. Location, contacts, photos, clipboard, microphone access. We weight them by severity. A clock app asking for your location data scores higher in risk than one asking for the time zone.

We don't claim to know what an app actually does with those permissions. iOS sandboxing prevents that kind of visibility. What we do is show you the surface area of exposure, then let you decide. That's the philosophy behind Guard. We educate; you choose.

But that surface area varies wildly. A photography editor needs photo library access and camera. A weather app needs location. Neither is inherently sinister. A notes app asking for your contacts, calendar, and clipboard? That's the kind of request that makes you pause.

The threshold conversation

We gathered in a call in October with early users, a few privacy researchers, and our team. One person said something I'll remember: 'If I see a high score, I want to feel like I should do something today. Not maybe eventually. Today.'

That shaped the decision. A high score needed to reflect genuine, actionable concern. Not pedantry. Not every single permission request, no matter how benign.

We ran the numbers on the 12 apps in Guard's demo set. Built up the scoring on real permission manifests. Maps, Facebook, WhatsApp, Instagram, TikTok, Gmail, Uber, Twitter, Spotify, LinkedIn, iCloud, Messenger. Apps that real people install and use every day.

Some scored in the 40s. Others in the high 70s. A few crossed into the 80s and 90s.

We asked ourselves: when we see a score above 80, does the combination of permissions feel like something we'd personally want to know about? Would we take action? The answer was yes, consistently.

Why 80, not 75 or 85

The temptation in these decisions is to overthink. Find the perfect number through statistical significance or user testing panels. We didn't do that. We looked at the apps in our demo set, asked what felt right, and 80 kept appearing as the natural boundary.

Below 80: an app is asking for permissions you'd expect. Maybe you revoke one or two. That's normal friction.

At 80 and above: the combination of requested permissions suggests you should stop and think. Really think. Maybe look up what each permission is actually for. Maybe test the app with fewer permissions enabled and see if it still works. Maybe find an alternative.

It's not a science. It's a line we drew based on real conversations and real permission data. It could have been 78. It might be 82 next year if iOS changes or apps shift their behaviour. But right now, for the apps people are installing today, 80 separates the 'check before you act' zone from the 'take action now' zone.

What happens next

We built Guard to walk you straight into iOS Settings from any flagged permission. Tap the score, see which permissions caused the risk, tap one, and you're in the system settings screen where you can revoke it immediately. That was intentional. A risk score means nothing if acting on it is friction.

For people using Personal Pro, real-time alerts tell you the moment an app changes its permission requests. That's when the score matters most. Your trusted apps don't usually ask for new permissions. When they do, you should know.

The score itself is only part of the picture. It's the conversation starter. The thing that makes you notice. But your own judgment, your own knowledge of what each app should reasonably need, is where the real privacy decision happens.