The security team compute for the app's retention rate, or the "percentage of all retained devices that downloaded [it] in one day" using the formula below wherein:

N = Number of devices that downloaded the app.

x = Number of retained devices that downloaded the app.

p = Probability of a device downloading any app will be retained.

Z = Represents the DOI score.

If Z or the DOI score falls below -3.7, it means a large number of phones or tablets stopped checking with Verify the moment they installed the app. Google then inspects it more closely to determine if it's truly harmful before removing existing installs and preventing future downloads. The company says this method allowed the Security team to find a lot of apps loaded with the Hummingbad, Ghost Push and Gooligan malware in the past. Those applications would've slipped by unnoticed if they didn't employ this technique.