Enhancing Security and Privacy in Web Applications: A Focus on Children’s Data and Health Information
摘要
The rapid growth of web applications has significantly transformed the way individuals interact with technology, offering different levels of convenience, on-demand access to a wide range of services, and highly personalized user experiences. However, this growth has also brought challenges, particularly in the areas of data security and user privacy. These concerns are especially critical when applications handle sensitive and personal user data, including health information and, most importantly, data related to children. As digital services increasingly integrate into everyday life, ensuring the responsible handling of such data becomes not only a technical necessity but also a legal and ethical imperative. In response to these challenges, this project focuses on investigating key security and privacy concerns in web applications, with a particular emphasis on safeguarding children’s data and health-related information. To address this, the project leverages advanced machine learning techniques, specifically transformer-based natural language processing (NLP) models such as BERT and Legal-BERT, to systematically analyze and interpret application privacy policies. These models are used to classify sections of privacy policies for compliance with major regulatory frameworks, including the Children’s Online Privacy Protection Act (COPPA) and the Health Insurance Portability and Accountability Act (HIPAA). By identifying and categorizing mentions of children’s data and health information, the models help highlight whether an application’s policy adequately addresses relevant legal protections. In parallel, we also examine whether web applications follow through on the promises made in their privacy policies. This part of our work involves analyzing app behavior such as when and how permissions are requested, whether secure data transmission is used, and what kind of third-party services are integrated. Often, we find a disconnect between the language in a privacy policy and what the app actually does, especially in web apps aimed at children or those that deal with health data. Our early findings suggest that while many web apps use the right terminology, they often fall short when it comes to clarity, completeness, or meaningful transparency. For example, some policies mention COPPA compliance but do not explain how consent is obtained or how long data is stored. Others mention HIPAA but omit any description of how data is encrypted or accessed. These gaps can create real risks not only for end users, but also for app developers who may unknowingly expose themselves to legal and ethical consequences. By combining legal knowledge, machine learning, and a user-centered perspective, this research aims to build tools that help make privacy protections more visible and enforceable. Ultimately, we hope our work supports a more trustworthy app ecosystem—one where users can feel confident that their most sensitive information is handled with care and compliance. Additionally, through this analysis, uncover gaps in privacy policies and determine whether applications are complying with legal requirements that protect children’s online privacy and safeguard health data.