Predicting Android Application Security and Privacy Risk with Static Code Metrics.