PrivacyAssist: A User-Centric Agent Framework for Detecting Privacy Inconsistencies in Android Apps
Tran Thanh Lam Nguyen, Edoardo Di Tullio, Barbara Carminati, Elena Ferrari
TL;DR
PrivacyAssist is a user-centric platform utilizing LLMs and RAG to detect privacy inconsistencies in Android apps, aiding users in understanding and managing their privacy settings.
Contribution
It introduces a novel multi-agent LLM-based system that detects privacy inconsistencies and provides real-time explanations and warnings to users.
Findings
Only 16% of apps are fully consistent with declared data practices.
PrivacyAssist effectively helps users identify privacy inconsistencies.
The platform supports informed decision-making during app installation.
Abstract
Mobile apps offer significant benefits, but their privacy protections often remain ineffective and confusing for users. While prior work mainly analyzes app privacy vulnerabilities, few approaches help users understand, set, and enforce their privacy preferences. This paper presents PrivacyAssist, a multi-agent LLM-based platform that detects inconsistencies between user-granted permissions and developers' declared sensitive data collection and sharing practices. Using Retrieval-Augmented Generation (RAG), PrivacyAssist provides concise explanations and real-time on-device warnings to support informed installation decisions. We evaluate PrivacyAssist with 200 users and 2,347 Android apps, finding that only 16% of apps are fully consistent between granted permissions and declared data practices.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.