A Large-scale Empirical Study of Online Automated Privacy Policy Generators for Mobile Apps

Mobile phones and apps have become a ubiquitous part of digital life. There is a large variety and volume of personal data sent to and used by mobile apps, leading to various privacy issues. Privacy regulations protect and promote the privacy of individuals by requiring mobile apps to provide a privacy policy that explains what personal information is gathered and how these apps process and safely keep this information. However, developers often do not have sufficient legal knowledge to create such privacy policies. Online Automated Privacy Policy Generators (APPGs) can create privacy policies, but their quality and other characteristics can vary. In this paper, we conduct the first large-scale, comprehensive empirical study of APPGs for mobile apps. Specifically, we collected and analyzed 46,472 Android app privacy policies from the Google Play Store and systematically evaluated 10 APPGs on multiple dimensions. We reported analyses on how widely APPGs are used and whether policies are consistent with app permissions. We found that nearly 20.1% of privacy policies could be generated by APPGs and summarized the potential and limitations of APPGs.