Related papers: AUTOVR: Automated UI Exploration for Detecting Sensitive Data Flow Exposures in Virtual Reality Apps

AUTOVR: Automated UI Exploration for Detecting Sensitive Data Flow Exposures in Virtual Reality Apps

URL: http://arxiv.org/abs/2508.12187v1
Date: Sun, 17 Aug 2025 00:22:58 GMT
Title: AUTOVR: Automated UI Exploration for Detecting Sensitive Data Flow Exposures in Virtual Reality Apps
Authors: John Y. Kim, Chaoshun Zuo, Yanjie Zhao, Zhiqiang Lin,
Abstract summary: We present AUTOVR, an automatic framework for dynamic UI and user event interaction in VR apps built on the Unity Engine.<n>Unlike conventional Android and GUI testers, AUTOVR analyzes the app's internal binary to reveal hidden events and resolves generative event dependencies.<n>Our empirical evaluation demonstrates AUTOVR's superior performance, triggering an order of magnitude of more sensitive data exposures and significantly enhancing the privacy of VR apps.
Score: 31.735550965389482
License: http://creativecommons.org/licenses/by/4.0/
Abstract: The rise of Virtual Reality (VR) has provided developers with an unprecedented platform for creating games and applications (apps) that require distinct inputs, different from those of conventional devices like smartphones. The Meta Quest VR platform, driven by Meta, has democratized VR app publishing and attracted millions of users worldwide. However, as the number of published apps grows, there is a notable lack of robust headless tools for user interface (UI) exploration and user event testing. To address this need, we present AUTOVR, an automatic framework for dynamic UI and user event interaction in VR apps built on the Unity Engine. Unlike conventional Android and GUI testers, AUTOVR analyzes the app's internal binary to reveal hidden events, resolves generative event dependencies, and utilizes them for comprehensive exploration of VR apps. Using sensitive data exposure as a performance metric, we compare AUTOVR with Android Monkey, a widely used headless Android GUI stress testing tool. Our empirical evaluation demonstrates AUTOVR's superior performance, triggering an order of magnitude of more sensitive data exposures and significantly enhancing the privacy of VR apps.

Related papers

Side-channel Inference of User Activities in AR/VR Using GPU Profiling [9.072390470827283]
We present OVRWatcher, a novel side-channel primitive for AR/VR devices that infers user activities by monitoring low-resolution (1Hz) GPU usage via a background script.<n>OVRWatcher captures correlations between GPU metrics and 3D object interactions under varying speeds, distances, and rendering scenarios.<n>It achieves over 99% accuracy in app fingerprinting and over 98% accuracy in object-level inference.
arXiv Detail & Related papers (2025-09-12T21:44:56Z)
I Know What You Did Last Summer: Identifying VR User Activity Through VR Network Traffic [2.0257616108612373]
Concerns have arisen about the security and privacy implications of VR applications and the impact that they might have on users.<n>We collect network traffic data from 25 VR applications running on the Meta Quest Pro headset and identify characteristics of the generated network traffic.<n>Our results indicate that through the use of ML models, we can identify the VR applications being used with an accuracy of 92.4% and the VR user activities performed with an accuracy of 91%.
arXiv Detail & Related papers (2025-01-25T19:58:29Z)
An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives [46.995904896724994]
This paper develops a security and privacy assessment tool, namely the VR-SP detector for VR apps. Using the VR-SP detector, we conduct a comprehensive empirical study on 500 popular VR apps. We find that a number of security vulnerabilities and privacy leaks widely exist in VR apps.
arXiv Detail & Related papers (2024-02-21T13:53:25Z)
Deep Motion Masking for Secure, Usable, and Scalable Real-Time Anonymization of Virtual Reality Motion Data [49.68609500290361]
Recent studies have demonstrated that the motion tracking "telemetry" data used by nearly all VR applications is as uniquely identifiable as a fingerprint scan. We present in this paper a state-of-the-art VR identification model that can convincingly bypass known defensive countermeasures.
arXiv Detail & Related papers (2023-11-09T01:34:22Z)
BehaVR: User Identification Based on VR Sensor Data [7.114684260471529]
We introduce BehaVR, a framework for collecting and analyzing data from all sensor groups collected by multiple apps running on a VR device. We use BehaVR to collect data from real users that interact with 20 popular real-world apps. We build machine learning models for user identification within and across apps, with features extracted from available sensor data.
arXiv Detail & Related papers (2023-08-14T17:43:42Z)
Towards Modeling Software Quality of Virtual Reality Applications from Users' Perspectives [44.46088489942242]
We conduct the first large-scale empirical study to model the software quality of VR applications from users' perspectives. We analyze 1,132,056 user reviews of 14,150 VR applications across seven app stores through a semiautomatic review mining approach. Our analysis reveals that the VR-specific quality attributes are of utmost importance to users, which are closely related to the most unique properties of VR applications.
arXiv Detail & Related papers (2023-08-13T14:42:47Z)
Learning Effect of Lay People in Gesture-Based Locomotion in Virtual Reality [81.5101473684021]
Some of the most promising methods are gesture-based and do not require additional handheld hardware. Recent work focused mostly on user preference and performance of the different locomotion techniques. This work is investigated whether and how quickly users can adapt to a hand gesture-based locomotion system in VR.
arXiv Detail & Related papers (2022-06-16T10:44:16Z)
Wireless Edge-Empowered Metaverse: A Learning-Based Incentive Mechanism for Virtual Reality [102.4151387131726]
We propose a learning-based Incentive Mechanism framework for VR services in the Metaverse. First, we propose the quality of perception as the metric for VR users in the virtual world. Second, for quick trading of VR services between VR users (i.e., buyers) and VR SPs (i.e., sellers), we design a double Dutch auction mechanism. Third, for auction communication reduction, we design a deep reinforcement learning-based auctioneer to accelerate this auction process.
arXiv Detail & Related papers (2021-11-07T13:02:52Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.