{"id":"https://openalex.org/W7154948887","doi":"https://doi.org/10.48550/arxiv.2604.16128","title":"PolicyGapper: Automated Detection of Inconsistencies Between Google Play Data Safety Sections and Privacy Policies Using LLMs","display_name":"PolicyGapper: Automated Detection of Inconsistencies Between Google Play Data Safety Sections and Privacy Policies Using LLMs","publication_year":2026,"publication_date":"2026-04-17","ids":{"openalex":"https://openalex.org/W7154948887","doi":"https://doi.org/10.48550/arxiv.2604.16128"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.16128","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.16128","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.16128","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5134018478","display_name":"Luca Ferrari","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Ferrari, Luca","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133854799","display_name":"Billel Habbati","orcid":"https://orcid.org/0009-0000-8315-7182"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Habbati, Billel","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085443705","display_name":"Meriem Guerar","orcid":"https://orcid.org/0000-0003-4566-1382"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Guerar, Meriem","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019508589","display_name":"Mariano Ceccato","orcid":"https://orcid.org/0000-0001-7325-0316"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ceccato, Mariano","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5086504975","display_name":"Luca Verderame","orcid":"https://orcid.org/0000-0001-7155-7429"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Verderame, Luca","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5134018478"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9488000273704529,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9488000273704529,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.020400000736117363,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11446","display_name":"Mobile Health and mHealth Applications","score":0.005499999970197678,"subfield":{"id":"https://openalex.org/subfields/3600","display_name":"General Health Professions"},"field":{"id":"https://openalex.org/fields/36","display_name":"Health Professions"},"domain":{"id":"https://openalex.org/domains/4","display_name":"Health Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/mobile-apps","display_name":"Mobile apps","score":0.516700029373169},{"id":"https://openalex.org/keywords/data-collection","display_name":"Data collection","score":0.48260000348091125},{"id":"https://openalex.org/keywords/information-privacy","display_name":"Information privacy","score":0.4625000059604645},{"id":"https://openalex.org/keywords/privacy-policy","display_name":"Privacy policy","score":0.4221999943256378},{"id":"https://openalex.org/keywords/data-access","display_name":"Data access","score":0.37310001254081726},{"id":"https://openalex.org/keywords/replication","display_name":"Replication (statistics)","score":0.3637000024318695},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.3264999985694885}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7534999847412109},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.6123999953269958},{"id":"https://openalex.org/C2988145974","wikidata":"https://www.wikidata.org/wiki/Q620615","display_name":"Mobile apps","level":2,"score":0.516700029373169},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.503000020980835},{"id":"https://openalex.org/C133462117","wikidata":"https://www.wikidata.org/wiki/Q4929239","display_name":"Data collection","level":2,"score":0.48260000348091125},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.4625000059604645},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.43970000743865967},{"id":"https://openalex.org/C102938260","wikidata":"https://www.wikidata.org/wiki/Q1999831","display_name":"Privacy policy","level":3,"score":0.4221999943256378},{"id":"https://openalex.org/C47487241","wikidata":"https://www.wikidata.org/wiki/Q5227230","display_name":"Data access","level":2,"score":0.37310001254081726},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.36559998989105225},{"id":"https://openalex.org/C12590798","wikidata":"https://www.wikidata.org/wiki/Q3933199","display_name":"Replication (statistics)","level":2,"score":0.3637000024318695},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.3264999985694885},{"id":"https://openalex.org/C3020493868","wikidata":"https://www.wikidata.org/wiki/Q55631277","display_name":"Real world data","level":2,"score":0.32260000705718994},{"id":"https://openalex.org/C81669768","wikidata":"https://www.wikidata.org/wiki/Q2359161","display_name":"Precision and recall","level":2,"score":0.31119999289512634},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.30979999899864197},{"id":"https://openalex.org/C100660578","wikidata":"https://www.wikidata.org/wiki/Q18733","display_name":"Recall","level":2,"score":0.29750001430511475},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.29440000653266907},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.2840999960899353},{"id":"https://openalex.org/C2780129039","wikidata":"https://www.wikidata.org/wiki/Q1931107","display_name":"Section (typography)","level":2,"score":0.2809000015258789},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.27649998664855957},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.27230000495910645},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.26969999074935913}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.16128","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.16128","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.16128","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.16128","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"score":0.6772119998931885,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Mobile":[0],"application":[1,121],"developers":[2,44],"are":[3],"required":[4],"to":[5,45,120,152,157],"disclose":[6],"how":[7],"they":[8,58],"collect,":[9],"use,":[10],"and":[11,68,104,115,155,184,203,208],"share":[12],"user":[13],"data":[14,48,153,158],"in":[15,109,140],"compliance":[16],"with":[17,62],"privacy":[18,65,105],"regulations.":[19],"To":[20,188],"support":[21,189],"transparency,":[22],"major":[23],"app":[24],"marketplaces":[25],"have":[26],"introduced":[27],"standardized":[28],"disclosure":[29],"mechanisms.":[30],"In":[31],"2022,":[32],"Google":[33,41,136],"mandated":[34],"the":[35,63,198],"Data":[36],"Safety":[37],"Section":[38],"(DSS)":[39],"on":[40,126,162],"Play,":[42],"requiring":[43,118],"summarize":[46],"their":[47],"practices.":[49],"However,":[50],"compiling":[51],"accurate":[52],"DSS":[53,89,102],"disclosures":[54,103],"is":[55],"challenging,":[56],"as":[57],"must":[59],"remain":[60],"consistent":[61],"corresponding":[64],"policy":[66],"(PP),":[67],"no":[69],"automated":[70],"tool":[71],"currently":[72],"verifies":[73],"this":[74],"alignment.":[75],"Prior":[76],"studies":[77],"indicate":[78],"that":[79],"nearly":[80],"80%":[81],"of":[82,129,176,179,182,186],"popular":[83],"apps":[84,132],"contain":[85],"incomplete":[86],"or":[87],"misleading":[88],"declarations.":[90],"We":[91,123],"present":[92],"PolicyGapper,":[93],"an":[94,173],"LLM-based":[95],"methodology":[96],"for":[97],"automatically":[98],"detecting":[99],"discrepancies":[100],"between":[101],"policies.":[106],"PolicyGapper":[107,125],"operates":[108],"four":[110],"stages:":[111],"scraping,":[112],"pre-processing,":[113],"analysis,":[114],"post-processing,":[116],"without":[117],"access":[119],"binaries.":[122],"evaluate":[124],"a":[127,163,193],"dataset":[128],"330":[130],"top-ranked":[131],"spanning":[133],"all":[134],"33":[135],"Play":[137],"categories,":[138],"collected":[139],"Q3":[141],"2025.":[142],"The":[143],"approach":[144],"identifies":[145],"2,689":[146],"omitted":[147],"disclosures,":[148],"including":[149,197],"2,040":[150],"related":[151],"collection":[154],"649":[156],"sharing.":[159],"Manual":[160],"validation":[161],"stratified":[164],"10%":[165],"subset,":[166],"repeated":[167],"across":[168],"three":[169],"independent":[170],"runs,":[171],"yields":[172],"average":[174],"Precision":[175],"0.75,":[177],"Recall":[178],"0.77,":[180],"Accuracy":[181],"0.69,":[183],"F1-score":[185],"0.76.":[187],"reproducibility,":[190],"we":[191],"release":[192],"complete":[194],"replication":[195],"package,":[196],"dataset,":[199],"prompts,":[200],"source":[201],"code,":[202],"results":[204],"available":[205],"at":[206],"https://github.com/Mobile-IoT-Security-Lab/PolicyGapper":[207],"https://doi.org/10.5281/zenodo.19628493.":[209]},"counts_by_year":[],"updated_date":"2026-04-21T06:12:34.886580","created_date":"2026-04-21T00:00:00"}