Mobile App Permission Risk Scorer

ANALife Services AuthorityNational Calculator Authority›Mobile App Permission Risk Scorer

.calc-container { max-width: 640px; margin: 2rem 0; padding: 1.5rem; background: #fff; border: 1px solid #ddd; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.06); font-family: system-ui, -apple-system, sans-serif; } .calc-container h3 { font-family: Georgia, serif; font-size: 1.15rem; color: #1a1a1a; margin-bottom: 1rem; padding-bottom: 0.5rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-row { display: flex; align-items: center; gap: 0.75rem; margin-bottom: 0.75rem; flex-wrap: wrap; } .calc-row label { min-width: 160px; font-size: 0.9rem; color: #333; font-weight: 500; } .calc-row input[type="number"], .calc-row select { flex: 1; min-width: 120px; max-width: 200px; padding: 0.5rem 0.6rem; border: 1px solid #ccc; border-radius: 4px; font-size: 0.9rem; font-family: system-ui, sans-serif; color: #1a1a1a; background: #fafaf8; } .calc-row input:focus, .calc-row select:focus { outline: none; border-color: var(--ac, #3d5a80); box-shadow: 0 0 0 2px rgba(26,74,138,0.12); } .calc-row .unit { font-size: 0.82rem; color: #888; min-width: 30px; } .calc-btn { display: inline-block; margin-top: 0.5rem; padding: 0.55rem 1.5rem; background: var(--ac, #3d5a80); color: #fff; border: none; border-radius: 4px; font-size: 0.9rem; font-weight: 600; cursor: pointer; font-family: system-ui, sans-serif; } .calc-btn:hover { opacity: 0.9; } .calc-result { margin-top: 1.25rem; padding: 1rem 1.25rem; background: #f0f6fc; border-left: 3px solid var(--ac, #3d5a80); border-radius: 0 6px 6px 0; display: none; } .calc-result.visible { display: block; } .calc-result-label { font-size: 0.78rem; text-transform: uppercase; letter-spacing: 0.06em; color: #666; margin-bottom: 0.25rem; } .calc-result-value { font-size: 1.6rem; font-weight: 700; color: var(--ac, #3d5a80); } .calc-result-detail { font-size: 0.85rem; color: #555; margin-top: 0.5rem; line-height: 1.5; } .calc-note { margin-top: 1rem; font-size: 0.8rem; color: #888; font-style: italic; } .calc-grid { display: grid; grid-template-columns: 1fr 1fr; gap: 0.75rem; margin-top: 0.75rem; } .calc-grid-item { padding: 0.6rem 0.8rem; background: #f8f9fa; border-radius: 4px; border: 1px solid #eee; } .calc-grid-item .label { font-size: 0.75rem; color: #888; text-transform: uppercase; letter-spacing: 0.04em; } .calc-grid-item .value { font-size: 1.1rem; font-weight: 600; color: #1a1a1a; } @media (max-width: 720px) { .calc-row { flex-direction: column; align-items: flex-start; gap: 0.3rem; } .calc-row label { min-width: auto; } .calc-row input[type="number"], .calc-row select { max-width: 100%; width: 100%; } .calc-grid { grid-template-columns: 1fr; } } .calc-chart { margin: 1rem 0; text-align: center; } .calc-chart svg { max-width: 100%; height: auto; } .calc-chart-legend { display: flex; flex-wrap: wrap; justify-content: center; gap: 0.6rem 1.2rem; margin-top: 0.6rem; font-size: 0.8rem; color: #555; } .calc-chart-legend span { display: inline-flex; align-items: center; gap: 0.3rem; } .calc-chart-legend i { display: inline-block; width: 10px; height: 10px; border-radius: 2px; font-style: normal; } .calc-related { max-width: 640px; margin: 2rem 0 1rem; padding: 1.25rem 1.5rem; background: #f8f9fa; border: 1px solid #e8e8e8; border-radius: 8px; } .calc-related h3 { font-family: Georgia, serif; font-size: 1rem; color: #1a1a1a; margin: 0 0 0.75rem; padding-bottom: 0.4rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-related-list { list-style: none; padding: 0; margin: 0 0 0.75rem; display: grid; grid-template-columns: 1fr 1fr; gap: 0.4rem 1.5rem; } .calc-related-list li a { font-size: 0.88rem; color: var(--ac, #3d5a80); text-decoration: none; } .calc-related-list li a:hover { text-decoration: underline; } .calc-browse-all { margin: 0.5rem 0 0; font-size: 0.9rem; font-weight: 600; } .calc-browse-all a { color: var(--ac, #3d5a80); text-decoration: none; } .calc-browse-all a:hover { text-decoration: underline; } @media (max-width: 720px) { .calc-related-list { grid-template-columns: 1fr; } }

Mobile App Permission Risk Scorer

Assess the privacy and security risk of a mobile app based on its requested permissions. Each permission carries a base risk weight; dangerous permission combinations add bonus risk. The final score (0–100) classifies the app as Low, Moderate, High, or Critical risk.

Location Permissions ACCESS_FINE_LOCATION (GPS) — weight 8 ACCESS_COARSE_LOCATION (Network) — weight 5 ACCESS_BACKGROUND_LOCATION — weight 10

Communication Permissions READ_CONTACTS — weight 7 WRITE_CONTACTS — weight 6 READ_SMS — weight 9 SEND_SMS — weight 8 READ_CALL_LOG — weight 8 PROCESS_OUTGOING_CALLS — weight 7

Device Hardware Permissions CAMERA — weight 7 RECORD_AUDIO (Microphone) — weight 9 BODY_SENSORS — weight 6

Storage & Files READ_EXTERNAL_STORAGE — weight 5 WRITE_EXTERNAL_STORAGE — weight 6 MANAGE_EXTERNAL_STORAGE (All Files) — weight 9

System & Identity Permissions READ_PHONE_STATE (IMEI/SIM) — weight 8 GET_ACCOUNTS — weight 7 USE_BIOMETRIC — weight 5 REQUEST_INSTALL_PACKAGES — weight 10 BIND_ACCESSIBILITY_SERVICE — weight 10 BIND_DEVICE_ADMIN — weight 10

Network & Connectivity INTERNET — weight 3 CHANGE_WIFI_STATE — weight 4 BLUETOOTH_SCAN — weight 5 NFC — weight 4

App Category:

General / Unknown Navigation / Maps Health & Fitness Camera / Photo Communication / Messaging Utility / System Tool Flashlight / Simple Tool Finance / Banking Games

Category multiplier adjusts risk: a flashlight app requesting microphone is far more suspicious than a messaging app doing so.

Calculate Risk Score

function mobCalc() { // --- Permission weights --- var permissions = { mob_fine_location: { label: "ACCESS_FINE_LOCATION", w: 8 }, mob_coarse_location: { label: "ACCESS_COARSE_LOCATION", w: 5 }, mob_background_location: { label: "ACCESS_BACKGROUND_LOCATION", w: 10 }, mob_read_contacts: { label: "READ_CONTACTS", w: 7 }, mob_write_contacts: { label: "WRITE_CONTACTS", w: 6 }, mob_read_sms: { label: "READ_SMS", w: 9 }, mob_send_sms: { label: "SEND_SMS", w: 8 }, mob_read_call_log: { label: "READ_CALL_LOG", w: 8 }, mob_process_outgoing_calls: { label: "PROCESS_OUTGOING_CALLS", w: 7 }, mob_camera: { label: "CAMERA", w: 7 }, mob_record_audio: { label: "RECORD_AUDIO", w: 9 }, mob_body_sensors: { label: "BODY_SENSORS", w: 6 }, mob_read_storage: { label: "READ_EXTERNAL_STORAGE", w: 5 }, mob_write_storage: { label: "WRITE_EXTERNAL_STORAGE", w: 6 }, mob_manage_storage: { label: "MANAGE_EXTERNAL_STORAGE", w: 9 }, mob_read_phone_state: { label: "READ_PHONE_STATE", w: 8 }, mob_get_accounts: { label: "GET_ACCOUNTS", w: 7 }, mob_use_biometric: { label: "USE_BIOMETRIC", w: 5 }, mob_install_packages: { label: "REQUEST_INSTALL_PACKAGES", w: 10 }, mob_accessibility: { label: "BIND_ACCESSIBILITY_SERVICE", w: 10 }, mob_device_admin: { label: "BIND_DEVICE_ADMIN", w: 10 }, mob_internet: { label: "INTERNET", w: 3 }, mob_change_wifi: { label: "CHANGE_WIFI_STATE", w: 4 }, mob_bluetooth_scan: { label: "BLUETOOTH_SCAN", w: 5 }, mob_nfc: { label: "NFC", w: 4 } };

// --- Collect checked permissions --- var checked = {}; var baseScore = 0; var checkedLabels = [];

for (var id in permissions) { var el = document.getElementById(id); if (el && el.checked) { checked[id] = true; baseScore += permissions[id].w; checkedLabels.push(permissions[id].label + " (+" + permissions[id].w + ")"); } }

if (checkedLabels.length === 0) { alert("Please select at least one permission."); return; }

// --- Dangerous combination bonuses --- // Each combo: { ids: [...], bonus: N, desc: "..." } var combos = [ { ids: ["mob_record_audio", "mob_camera"], bonus: 8, desc: "Microphone + Camera: silent surveillance risk (+8)" }, { ids: ["mob_fine_location", "mob_background_location"], bonus: 7, desc: "GPS + Background Location: continuous tracking (+7)" }, { ids: ["mob_read_sms", "mob_get_accounts"], bonus: 6, desc: "SMS + Accounts: OTP interception / account takeover risk (+6)" }, { ids: ["mob_accessibility", "mob_internet"], bonus: 9, desc: "Accessibility + Internet: keylogging / data exfiltration risk (+9)" }, { ids: ["mob_device_admin", "mob_internet"], bonus: 9, desc: "Device Admin + Internet: remote device control risk (+9)" }, { ids: ["mob_install_packages", "mob_internet"], bonus: 8, desc: "Install Packages + Internet: malware dropper risk (+8)" }, { ids: ["mob_read_contacts", "mob_read_sms", "mob_read_call_log"], bonus: 7, desc: "Contacts + SMS + Call Log: full communication surveillance (+7)" }, { ids: ["mob_fine_location", "mob_record_audio", "mob_camera"], bonus: 10, desc: "GPS + Mic + Camera: comprehensive spyware profile (+10)" }, { ids: ["mob_manage_storage", "mob_internet"], bonus: 5, desc: "All-Files Access + Internet: bulk data exfiltration risk (+5)" }, { ids: ["mob_read_phone_state", "mob_get_accounts", "mob_internet"], bonus: 6, desc: "IMEI + Accounts + Internet: device fingerprinting / identity theft (+6)" } ];

var comboScore = 0; var triggeredCombos = [];

for (var i = 0; i " + finalScore + " / 100";

document.getElementById("mob_level_display").innerHTML = "" + level + "" + "" + advice + "";

var breakdownHtml = "Score Breakdown:" + "Base permission score: " + baseScore + "" + "Dangerous combination bonus: +" + comboScore + "" + "Category multiplier: ×" + categoryMultiplier.toFixed(1) + "" + "Raw score: " + rawScore.toFixed(1) + " / " + MAX_RAW.toFixed(1) + "" + "Normalized final score: " + finalScore + " / 100" + "Permissions selected (" + checkedLabels.length + "):" + checkedLabels.join("");

document.getElementById("mob_breakdown").innerHTML = breakdownHtml;

var combosHtml = ""; if (triggeredCombos.length > 0) { combosHtml = "⚠️ Dangerous Combinations Detected:" + triggeredCombos.map(function(c) { return "• " + c; }).join(""); } else { combosHtml = "No dangerous permission combinations detected."; } document.getElementById("mob_combos").innerHTML = combosHtml; }

#### Formula

Step 1 — Base Score: BaseScore = Σ weight(pᵢ) for each selected permission pᵢ

Step 2 — Combination Bonus: ComboScore = Σ bonus(cⱼ) for each dangerous combination cⱼ where all member permissions are selected

Step 3 — Category Adjustment: RawScore = (BaseScore + ComboScore) × CategoryMultiplier

Step 4 — Normalization (0–100): FinalScore = min(100, round(RawScore / MAX_RAW × 100)) where MAX_RAW = 332.8 (theoretical maximum: all permissions + all combos × max multiplier 1.3)

Risk Levels: 0–20 → Low | 21–45 → Moderate | 46–70 → High | 71–100 → Critical

#### Assumptions & References

More Calculators

References

Related Authorities

Life Services Authority › Professional Services Authority › Trade Services Authority › United States Authority ›