Table of Contents
Fetching ...

Hybrid Privacy Policy-Code Consistency Check using Knowledge Graphs and LLMs

Zhenyu Mao, Xinxin Fan, Yifei Wang, Jacky Keung, Jialong Li

TL;DR

This paper addresses the mismatch between smartphone apps' declared privacy policies and their actual data handling by proposing a hybrid privacy policy-code consistency framework. It combines knowledge-graph-based deterministic checking with LLM-driven preliminary semantic analysis to reduce over-alignment bias and computational cost. Experimental results show substantial improvements in precision and F1-score, with dramatic reductions in token usage and runtime compared to a pure LLM approach. The work advances practical policy-code alignment and points to future directions in regulatory compliance and actionable remediation guidance.

Abstract

The increasing concern in user privacy misuse has accelerated research into checking consistencies between smartphone apps' declared privacy policies and their actual behaviors. Recent advances in Large Language Models (LLMs) have introduced promising techniques for semantic comparison, but these methods often suffer from low accuracies and expensive computational costs. To address this problem, this paper proposes a novel hybrid approach that integrates 1) knowledge graph-based deterministic checking to ensure higher accuracy, and 2) LLMs exclusively used for preliminary semantic analysis to save computational costs. Preliminary evaluation indicates this hybrid approach not only achieves 37.63% increase in precision and 23.13% increase F1-score but also consumes 93.5% less tokens and 87.3% shorter time.

Hybrid Privacy Policy-Code Consistency Check using Knowledge Graphs and LLMs

TL;DR

This paper addresses the mismatch between smartphone apps' declared privacy policies and their actual data handling by proposing a hybrid privacy policy-code consistency framework. It combines knowledge-graph-based deterministic checking with LLM-driven preliminary semantic analysis to reduce over-alignment bias and computational cost. Experimental results show substantial improvements in precision and F1-score, with dramatic reductions in token usage and runtime compared to a pure LLM approach. The work advances practical policy-code alignment and points to future directions in regulatory compliance and actionable remediation guidance.

Abstract

The increasing concern in user privacy misuse has accelerated research into checking consistencies between smartphone apps' declared privacy policies and their actual behaviors. Recent advances in Large Language Models (LLMs) have introduced promising techniques for semantic comparison, but these methods often suffer from low accuracies and expensive computational costs. To address this problem, this paper proposes a novel hybrid approach that integrates 1) knowledge graph-based deterministic checking to ensure higher accuracy, and 2) LLMs exclusively used for preliminary semantic analysis to save computational costs. Preliminary evaluation indicates this hybrid approach not only achieves 37.63% increase in precision and 23.13% increase F1-score but also consumes 93.5% less tokens and 87.3% shorter time.
Paper Structure (6 sections, 2 figures, 2 tables, 1 algorithm)

This paper contains 6 sections, 2 figures, 2 tables, 1 algorithm.

Figures (2)

  • Figure 1: Overview of Hybrid Approach
  • Figure 2: Example of Generated Inconsistency Report