The App Privacy Report introduced in iOS 15.2 aims to enhance privacy transparency but suffers from ambiguous data access purposes and unclear domain descriptions, with no empirical validation of its actual user control efficacy. To address this, we conduct focus group studies and systematic analysis to identify critical limitations in comprehensibility and practical utility. Building on these findings, we propose a large language model–based purpose inference framework and a domain clarification pipeline that automatically identifies the intent behind third-party data accesses and enriches domain labels with semantically grounded explanations. Experimental evaluation demonstrates that our enhancement significantly improves users’ accuracy in understanding app data behaviors (+42%) and strengthens their perceived privacy controllability. The approach provides a reproducible methodology and empirical evidence for designing effective privacy tools on mobile platforms.

The prevalent engagement with mobile apps underscores the importance of understanding their data practices. Transparency plays a crucial role in this context, ensuring users to be informed and give consent before any data access occurs. Apple introduced a new feature since iOS 15.2, App Privacy Report, to inform users about detailed insights into apps' data access and sharing. This feature continues Apple's trend of privacy-focused innovations (following Privacy Nutrition Labels), and has been marketed as a big step forward in user privacy. However, its real-world impacts on user privacy and control remain unexamined. We thus proposed an end-to-end study involving systematic assessment of the App Privacy Report's real-world benefits and limitations, LLM-enabled and multi-technique synthesized enhancements, and comprehensive evaluation from both system and user perspectives. Through a structured focus group study with twelve everyday iOS users, we explored their experiences, understanding, and perceptions of the feature, suggesting its limited practical impact resulting from missing important details. We identified two primary user concerns: the clarity of data access purpose and domain description. In response, we proposed enhancements including a purpose inference framework and domain clarification pipeline. We demonstrated the effectiveness and benefits of such enhancements for mobile app users. This work provides practical insights that could help enhance user privacy transparency and discusses areas for future research.