Users often struggle to understand and correctly configure privacy preferences, and Android applications frequently exhibit discrepancies between their declared data collection practices and actual permission usage. This work proposes the first user-centric platform that integrates multi-agent large language models with retrieval-augmented generation (RAG) to automatically detect inconsistencies between app permission requests and privacy policies. By combining sensitive data flow analysis with Android permission inspection, the system delivers interpretable, real-time, on-device alerts. Evaluated across 2,347 applications and 200 users, the approach revealed that only 16% of apps demonstrated full consistency between stated and actual privacy practices, underscoring both the effectiveness of the method and the widespread prevalence of real-world privacy risks.

Mobile apps offer significant benefits, but their privacy protections often remain ineffective and confusing for users. While prior work mainly analyzes app privacy vulnerabilities, few approaches help users understand, set, and enforce their privacy preferences. This paper presents PrivacyAssist, a multi-agent LLM-based platform that detects inconsistencies between user-granted permissions and developers' declared sensitive data collection and sharing practices. Using Retrieval-Augmented Generation (RAG), PrivacyAssist provides concise explanations and real-time on-device warnings to support informed installation decisions. We evaluate PrivacyAssist with 200 users and 2,347 Android apps, finding that only 16% of apps are fully consistent between granted permissions and declared data practices.