This work addresses the widespread fine-grained inconsistencies between data safety disclosures on Google Play and the actual privacy policies of mobile applications, which mislead users and violate regulatory compliance. The authors propose the first scalable automated detection framework that integrates an encoder-decoder language model with static code analysis to systematically extract and compare data practices described in both sources, thereby identifying potentially sensitive data access behaviors. An evaluation of 7,770 popular apps reveals that 53% of games and 61% of general-purpose apps exhibit such inconsistencies. Furthermore, privacy policies cover only 66.8% of actual sensitive data accesses, while data safety disclosures cover a mere 36.4%, exposing systemic compliance gaps at the platform level.

End-users seldom read verbose privacy policies, leading app stores like Google Play to mandate simplified data safety declarations as a user-friendly alternative. However, these self-declared disclosures often contradict the full privacy policies, deceiving users about actual data practices and violating regulatory requirements for consistency. To address this, we introduce PrivPRISM, a robust framework that combines encoder and decoder language models to systematically extract and compare fine-grained data practices from privacy policies and to compare against data safety declarations, enabling scalable detection of non-compliance. Evaluating 7,770 popular mobile games uncovers discrepancies in nearly 53% of cases, rising to 61% among 1,711 widely used generic apps. Additionally, static code analysis reveals possible under-disclosures, with privacy policies disclosing just 66.8% of potential accesses to sensitive data like location and financial information, versus only 36.4% in data safety declarations of mobile games. Our findings expose systemic issues, including widespread reuse of generic privacy policies, vague / contradictory statements, and hidden risks in high-profile apps with 100M+ downloads, underscoring the urgent need for automated enforcement to protect platform integrity and for end-users to be vigilant about sensitive data they disclose via popular apps.