Disclosure Divergence: Measuring Privacy Policy and Data Safety Misalignment at Scale
Authors: Mst Eshita Khatun (Louisiana State University), Lamine Noureddine (Louisiana State University), Sideeq Bello (Louisiana State University), Aisha Ali-Gombe (Louisiana State University)
Volume: 2026
Issue: 4
Pages: 213–231
DOI: https://doi.org/10.56553/popets-2026-0117
Artifact: Available, Functional, Reproduced
Abstract: With the rapid growth of mobile applications, user data privacy has become an increasing concern. While privacy policies describe how apps collect and share data, platforms such as Google Play provide Data Safety labels intended to summarize these practices. Because these disclosure channels are declared separately, they may present inconsistent representations of app data practices, creating uncertainty for users and regulators. In this work, we conducted a large-scale empirical study of disclosure consistency across 6,051 Android apps. Using an LLM-based extraction framework and a unified schema over 14 Google Play data categories and two operations (collection and sharing), we measure per-app and per-category consistency and introduce a sensitivity-weighted risk score that emphasizes high-risk data types. We find that misalignment disproportionately affects sensitive categories such as personal information and device identifiers, with sharing disclosures exhibiting lower consistency than collection disclosures. Elevated privacy risk is concentrated in app categories associated with persistent monitoring and communication. Overall, our findings highlight structural gaps in current disclosure mechanisms and underscore the need for stronger verification and greater transparency in platform-level privacy reporting.
Keywords: Data Safety, User Privacy, Privacy Policy, Privacy Analysis, LLM
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.