Existing approaches to generating privacy notices often suffer from incompleteness or misleading content due to reliance on manual developer input, limited source code context, or inaccurate privacy policies. This work proposes an automated method that, for the first time, integrates precise extraction of Android app privacy behaviors from source code with large language models (LLMs) to generate concise, accurate, and comprehensive privacy statements without human intervention. By combining static code analysis, privacy behavior identification, and natural language generation, the approach significantly outperforms existing baselines: in expert evaluations, its generated notices were selected 71% of the time, and preferred by LLM-based assessors 76% of the time.

Privacy captions are short sentences that succinctly describe what personal information is used, how it is used, and why, within an app. These captions can be utilized in various notice formats, such as privacy policies, app rationales, and app store descriptions. However, inaccurate captions may mislead users and expose developers to regulatory fines. Existing approaches to generating privacy notices or just privacy captions include using questionnaires, templates, static analysis, or machine learning. However, these approaches either rely heavily on developers'inputs and thus strain their efforts, use limited source code context, leading to the incomplete capture of app privacy behaviors, or depend on potentially inaccurate privacy policies as a source for creating notices. In this work, we address these limitations by developing Privacy Caption Generator (PCapGen), an approach that - i) automatically identifies and extracts large and precise source code context that implements privacy behaviors in an app, ii) uses a Large Language Model (LLM) to describe coarse- and fine-grained privacy behaviors, and iii) generates accurate, concise, and complete privacy captions to describe the privacy behaviors of the app. Our evaluation shows PCapGen generates concise, complete, and accurate privacy captions as compared to the baseline approach. Furthermore, privacy experts choose PCapGen captions at least 71\% of the time, whereas LLMs-as-judge prefer PCapGen captions at least 76\% of the time, indicating strong performance of our approach.