Mobile phones and apps have become a ubiquitous part of digital life. There is a large variety and volume of personal data sent to and used by mobile apps, leading to various privacy issues. Privacy regulations protect and promote the privacy of individuals by requiring mobile apps to provide a privacy policy that explains what personal information is gathered and how these apps process and safely keep this information. However, developers often do not have sufficient legal knowledge to create such privacy policies. Online Automated Privacy Policy Generators (APPGs) can create privacy policies, but their quality and other characteristics can vary. In this paper, we conduct the first large-scale, comprehensive empirical study of APPGs for mobile apps. Specifically, we collected and analyzed 46,472 Android app privacy policies from the Google Play Store and systematically evaluated 10 APPGs on multiple dimensions. We reported analyses on how widely APPGs are used and whether policies are consistent with app permissions. We found that nearly 20.1% of privacy policies could be generated by APPGs and summarized the potential and limitations of APPGs.

翻译：移动手机与应用已成为数字生活中无处不在的组成部分。大量且多样化的个人数据被移动应用收集与使用，引发了诸多隐私问题。隐私法规通过要求移动应用提供隐私政策，说明收集哪些个人信息以及应用如何处理和妥善保存这些信息，来保护并促进个人隐私权益。然而，开发者通常缺乏足够的法律知识来制定此类隐私政策。在线自动隐私政策生成器（APPGs）能够生成隐私政策，但其质量及其他特性可能参差不齐。本文首次针对移动应用的APPGs开展了大规模、全面的实证研究。具体而言，我们从Google Play商店收集并分析了46,472份Android应用隐私政策，从多个维度系统评估了10个APPGs。我们报告了关于APPGs使用广泛程度及隐私政策与应用权限是否一致的统计分析。研究发现，近20.1%的隐私政策可能由APPGs生成，并总结了APPGs的潜力与局限性。