An Empirical Study on Oculus Virtual Reality Applications: Security and
Privacy Perspectives
- URL: http://arxiv.org/abs/2402.13815v1
- Date: Wed, 21 Feb 2024 13:53:25 GMT
- Title: An Empirical Study on Oculus Virtual Reality Applications: Security and
Privacy Perspectives
- Authors: Hanyang Guo, Hong-Ning Dai, Xiapu Luo, Zibin Zheng, Gengyang Xu,
Fengliang He
- Abstract summary: This paper develops a security and privacy assessment tool, namely the VR-SP detector for VR apps.
Using the VR-SP detector, we conduct a comprehensive empirical study on 500 popular VR apps.
We find that a number of security vulnerabilities and privacy leaks widely exist in VR apps.
- Score: 46.995904896724994
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Although Virtual Reality (VR) has accelerated its prevalent adoption in
emerging metaverse applications, it is not a fundamentally new technology. On
one hand, most VR operating systems (OS) are based on off-the-shelf mobile OS.
As a result, VR apps also inherit privacy and security deficiencies from
conventional mobile apps. On the other hand, in contrast to conventional mobile
apps, VR apps can achieve immersive experience via diverse VR devices, such as
head-mounted displays, body sensors, and controllers though achieving this
requires the extensive collection of privacy-sensitive human biometrics.
Moreover, VR apps have been typically implemented by 3D gaming engines (e.g.,
Unity), which also contain intrinsic security vulnerabilities. Inappropriate
use of these technologies may incur privacy leaks and security vulnerabilities
although these issues have not received significant attention compared to the
proliferation of diverse VR apps. In this paper, we develop a security and
privacy assessment tool, namely the VR-SP detector for VR apps. The VR-SP
detector has integrated program static analysis tools and privacy-policy
analysis methods. Using the VR-SP detector, we conduct a comprehensive
empirical study on 500 popular VR apps. We obtain the original apps from the
popular Oculus and SideQuest app stores and extract APK files via the Meta
Oculus Quest 2 device. We evaluate security vulnerabilities and privacy data
leaks of these VR apps by VR app analysis, taint analysis, and privacy-policy
analysis. We find that a number of security vulnerabilities and privacy leaks
widely exist in VR apps. Moreover, our results also reveal conflicting
representations in the privacy policies of these apps and inconsistencies of
the actual data collection with the privacy-policy statements of the apps.
Based on these findings, we make suggestions for the future development of VR
apps.
Related papers
- mmSpyVR: Exploiting mmWave Radar for Penetrating Obstacles to Uncover Privacy Vulnerability of Virtual Reality [20.72439781800557]
This paper reveals a novel vulnerability in VR systems that allows attackers to capture VR privacy through obstacles.
We propose mmSpyVR, a novel attack on VR user's privacy via mmWave radar.
arXiv Detail & Related papers (2024-11-15T03:22:44Z) - VPVet: Vetting Privacy Policies of Virtual Reality Apps [27.62581114396347]
Virtual reality (VR) apps can harvest a wider range of user data than web/mobile apps running on personal computers or smartphones.
Existing law and privacy regulations emphasize that VR developers should inform users of what data are collected/used/shared (CUS) through privacy policies.
We propose VPVet to automatically vet privacy policy compliance issues for VR apps.
arXiv Detail & Related papers (2024-09-01T15:07:11Z) - Virtual Reality and Augmented Reality Security: A Reconnaissance and Vulnerability Assessment Approach [0.0]
Various industries have widely adopted Virtual Reality (VR) and Augmented Reality (AR) technologies to enhance productivity and user experiences.
This systematic literature review focuses on identifying devices used in AR and VR technologies and specifies the associated vulnerabilities.
arXiv Detail & Related papers (2024-07-22T18:51:59Z) - Deep Motion Masking for Secure, Usable, and Scalable Real-Time Anonymization of Virtual Reality Motion Data [49.68609500290361]
Recent studies have demonstrated that the motion tracking "telemetry" data used by nearly all VR applications is as uniquely identifiable as a fingerprint scan.
We present in this paper a state-of-the-art VR identification model that can convincingly bypass known defensive countermeasures.
arXiv Detail & Related papers (2023-11-09T01:34:22Z) - Towards Modeling Software Quality of Virtual Reality Applications from
Users' Perspectives [44.46088489942242]
We conduct the first large-scale empirical study to model the software quality of VR applications from users' perspectives.
We analyze 1,132,056 user reviews of 14,150 VR applications across seven app stores through a semiautomatic review mining approach.
Our analysis reveals that the VR-specific quality attributes are of utmost importance to users, which are closely related to the most unique properties of VR applications.
arXiv Detail & Related papers (2023-08-13T14:42:47Z) - Unique Identification of 50,000+ Virtual Reality Users from Head & Hand
Motion Data [58.27542320038834]
We show that a large number of real VR users can be uniquely and reliably identified across multiple sessions using just their head and hand motion.
After training a classification model on 5 minutes of data per person, a user can be uniquely identified amongst the entire pool of 50,000+ with 94.33% accuracy from 100 seconds of motion.
This work is the first to truly demonstrate the extent to which biomechanics may serve as a unique identifier in VR, on par with widely used biometrics such as facial or fingerprint recognition.
arXiv Detail & Related papers (2023-02-17T15:05:18Z) - Learning Effect of Lay People in Gesture-Based Locomotion in Virtual
Reality [81.5101473684021]
Some of the most promising methods are gesture-based and do not require additional handheld hardware.
Recent work focused mostly on user preference and performance of the different locomotion techniques.
This work is investigated whether and how quickly users can adapt to a hand gesture-based locomotion system in VR.
arXiv Detail & Related papers (2022-06-16T10:44:16Z) - Security and Privacy in Virtual Reality -- A Literature Survey [0.0]
We explore the state-of-the-art in VR privacy and security, we categorise potential issues and threats, and we analyse causes and effects of the identified threats.
We focus on the research previously conducted in the field of authentication in VR, as it stands as the most investigated area in the topic.
We also provide an overview of other interesting uses of VR in the field of cybersecurity, such as the use of VR to teach cybersecurity or evaluate the usability of security solutions.
arXiv Detail & Related papers (2022-04-30T08:45:09Z) - Wireless Edge-Empowered Metaverse: A Learning-Based Incentive Mechanism
for Virtual Reality [102.4151387131726]
We propose a learning-based Incentive Mechanism framework for VR services in the Metaverse.
First, we propose the quality of perception as the metric for VR users in the virtual world.
Second, for quick trading of VR services between VR users (i.e., buyers) and VR SPs (i.e., sellers), we design a double Dutch auction mechanism.
Third, for auction communication reduction, we design a deep reinforcement learning-based auctioneer to accelerate this auction process.
arXiv Detail & Related papers (2021-11-07T13:02:52Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.