As someone who just wrote a privacy policy for my app, this gap is real. Are you parsing the policy text, or checking it against what the app actually does?
For now I am parsing the text only. Testing app for real instances would be fun and a dedicated project in itself. I've some ideas, hit me up if you're interested or can collab if you're doing it already.