Grades are assigned using a privacy model that we built. This privacy model measures the gap between people's expectations of an app's behavior and the app's actual behavior. For example, according to studies we have conducted, most people don't expect games like Cut the Rope to use location data, but many of them actually do. This kind of surprise is represented in our privacy model as a penalty to an app’s overall privacy grade. In contrast, most people do expect apps like Google Maps to use location data. This lack of surprise is represented in our privacy model as a small or no penalty.

For more details see our Ubicomp 2012 and SOUPS 2014 research papers.