Apple introduced \textit{privacy labels} in Dec. 2020 as a way for developers to report the privacy behaviors of their apps. While Apple does not validate labels, they do also require developers to provide a privacy policy, which offers an important comparison point. In this paper, we applied the NLP framework of Polisis to extract features of the privacy policy for 515,920 apps on the iOS App Store comparing the output to the privacy labels. We identify discrepancies between the policies and the labels, particularly as it relates to data collected that is linked to users. We find that 287$\pm196$K apps' privacy policies may indicate data collection that is linked to users than what is reported in the privacy labels. More alarming, a large number of (97$\pm30$\%) of the apps that have {\em Data Not Collected} privacy label have a privacy policy that indicates otherwise. We provide insights into potential sources for discrepancies, including the use of templates and confusion around Apple's definitions and requirements. These results suggest that there is still significant work to be done to help developers more accurately labeling their apps. Incorporating a Polisis-like system as a first-order check can help improve the current state and better inform developers when there are possible misapplication of privacy labels.

翻译：苹果公司于2020年12月引入隐私标签，作为开发者报告其应用程序隐私行为的一种方式。虽然苹果公司不验证这些标签，但他们确实要求开发者提供隐私政策，这提供了一个重要的比较参考点。本文应用Polisis自然语言处理框架，提取了iOS应用商店中515,920款应用程序的隐私政策特征，并将其输出结果与隐私标签进行了比较。我们发现政策和标签之间存在差异，特别是在与用户关联的数据收集方面。结果显示，约有287±19.6万款应用的隐私政策表明其收集了与用户关联的数据，但隐私标签中并未报告这些信息。更令人担忧的是，大量（97±30%）标记为“不收集数据”的应用，其隐私政策却显示相反的情况。我们深入分析了产生差异的潜在原因，包括模板的使用以及开发者对苹果定义和要求的混淆。这些结果表明，在帮助开发者更准确地标注其应用程序方面仍有大量工作要做。引入类似Polisis的系统作为初步检查工具，可以改善当前状况，并在可能误用隐私标签时更好地通知开发者。