PrivacyAssist: A User-Centric Agent Framework for Detecting Privacy Inconsistencies in Android Apps
For Android users, it provides a tool to understand and enforce privacy preferences, addressing a gap in user-centric privacy analysis.
PrivacyAssist detects inconsistencies between user-granted permissions and developers' declared data practices in Android apps, finding that only 16% of 2,347 apps are fully consistent.
Mobile apps offer significant benefits, but their privacy protections often remain ineffective and confusing for users. While prior work mainly analyzes app privacy vulnerabilities, few approaches help users understand, set, and enforce their privacy preferences. This paper presents PrivacyAssist, a multi-agent LLM-based platform that detects inconsistencies between user-granted permissions and developers' declared sensitive data collection and sharing practices. Using Retrieval-Augmented Generation (RAG), PrivacyAssist provides concise explanations and real-time on-device warnings to support informed installation decisions. We evaluate PrivacyAssist with 200 users and 2,347 Android apps, finding that only 16% of apps are fully consistent between granted permissions and declared data practices.