Related papers: A Multi-Store Privacy Measurement of Virtual Reality App Ecosystem

A Multi-Store Privacy Measurement of Virtual Reality App Ecosystem

URL: http://arxiv.org/abs/2510.23024v1
Date: Mon, 27 Oct 2025 05:42:29 GMT
Title: A Multi-Store Privacy Measurement of Virtual Reality App Ecosystem
Authors: Chuan Yan, Zeng Li, Kunlin Cai, Liuhuo Wan, Ruomai Ren, Yiran Shen, Guangdong Bai,
Abstract summary: We present the first comprehensive multi-store study of privacy practices in the current VR app ecosystem.<n>This work covers a large-scale dataset involving 6,565 apps collected from five major app stores.<n>One third of apps fail to declare their use of sensitive data, and 21.5% of apps neglect to provide valid privacy policies.
Score: 12.306640409468047
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Virtual Reality (VR) has gained increasing traction among various domains in recent years, with major companies such as Meta, Pico, and Microsoft launching their application stores to support third-party developers in releasing their applications (or simply apps). These apps offer rich functionality but inherently collect privacy-sensitive data, such as user biometrics, behaviors, and the surrounding environment. Nevertheless, there is still a lack of domain-specific regulations to govern the data handling of VR apps, resulting in significant variations in their privacy practices among app stores. In this work, we present the first comprehensive multi-store study of privacy practices in the current VR app ecosystem, covering a large-scale dataset involving 6,565 apps collected from five major app stores. We assess both declarative and behavioral privacy practices of VR apps, using a multi-faceted approach based on natural language processing, reverse engineering, and static analysis. Our assessment reveals significant privacy compliance issues across all stores, underscoring the premature status of privacy protection in this rapidly growing ecosystem. For instance, one third of apps fail to declare their use of sensitive data, and 21.5\% of apps neglect to provide valid privacy policies. Our work sheds light on the status quo of privacy protection within the VR app ecosystem for the first time. Our findings should raise an alert to VR app developers and users, and encourage store operators to implement stringent regulations on privacy compliance among VR apps.

Related papers

VR ProfiLens: User Profiling Risks in Consumer Virtual Reality Apps [3.7819085647027646]
We propose VR ProfiLens to study user profiling based on VR sensor data and the resulting privacy risks across consumer VR apps.<n>Our results show that sensitive personal information can be inferred with moderately high to high risk (up to 90% F1 score) from abstracted sensor data.<n>Our findings highlight risks to users, including privacy loss, tracking, targeted advertising, and safety threats.
arXiv Detail & Related papers (2026-01-18T20:01:39Z)
Virtual Reality, Real Problems: A Longitudinal Security Analysis of VR Firmware [12.537119061046026]
We present the first comprehensive security analysis of VR firmware.<n>We have identified several security issues in these VR firmware, including missing kernel-level security features.<n>This paper will act as an important security resource for VR developers, users, and vendors.
arXiv Detail & Related papers (2025-08-31T02:16:56Z)
VPVet: Vetting Privacy Policies of Virtual Reality Apps [27.62581114396347]
Virtual reality (VR) apps can harvest a wider range of user data than web/mobile apps running on personal computers or smartphones. Existing law and privacy regulations emphasize that VR developers should inform users of what data are collected/used/shared (CUS) through privacy policies. We propose VPVet to automatically vet privacy policy compliance issues for VR apps.
arXiv Detail & Related papers (2024-09-01T15:07:11Z)
PrivacyLens: Evaluating Privacy Norm Awareness of Language Models in Action [54.11479432110771]
PrivacyLens is a novel framework designed to extend privacy-sensitive seeds into expressive vignettes and further into agent trajectories.<n>We instantiate PrivacyLens with a collection of privacy norms grounded in privacy literature and crowdsourced seeds.<n>State-of-the-art LMs, like GPT-4 and Llama-3-70B, leak sensitive information in 25.68% and 38.69% of cases, even when prompted with privacy-enhancing instructions.
arXiv Detail & Related papers (2024-08-29T17:58:38Z)
An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives [46.995904896724994]
This paper develops a security and privacy assessment tool, namely the VR-SP detector for VR apps. Using the VR-SP detector, we conduct a comprehensive empirical study on 500 popular VR apps. We find that a number of security vulnerabilities and privacy leaks widely exist in VR apps.
arXiv Detail & Related papers (2024-02-21T13:53:25Z)
Deep Motion Masking for Secure, Usable, and Scalable Real-Time Anonymization of Virtual Reality Motion Data [49.68609500290361]
Recent studies have demonstrated that the motion tracking "telemetry" data used by nearly all VR applications is as uniquely identifiable as a fingerprint scan. We present in this paper a state-of-the-art VR identification model that can convincingly bypass known defensive countermeasures.
arXiv Detail & Related papers (2023-11-09T01:34:22Z)
Towards Modeling Software Quality of Virtual Reality Applications from Users' Perspectives [44.46088489942242]
We conduct the first large-scale empirical study to model the software quality of VR applications from users' perspectives. We analyze 1,132,056 user reviews of 14,150 VR applications across seven app stores through a semiautomatic review mining approach. Our analysis reveals that the VR-specific quality attributes are of utmost importance to users, which are closely related to the most unique properties of VR applications.
arXiv Detail & Related papers (2023-08-13T14:42:47Z)
Unique Identification of 50,000+ Virtual Reality Users from Head & Hand Motion Data [58.27542320038834]
We show that a large number of real VR users can be uniquely and reliably identified across multiple sessions using just their head and hand motion. After training a classification model on 5 minutes of data per person, a user can be uniquely identified amongst the entire pool of 50,000+ with 94.33% accuracy from 100 seconds of motion. This work is the first to truly demonstrate the extent to which biomechanics may serve as a unique identifier in VR, on par with widely used biometrics such as facial or fingerprint recognition.
arXiv Detail & Related papers (2023-02-17T15:05:18Z)
Analysis of Longitudinal Changes in Privacy Behavior of Android Applications [79.71330613821037]
In this paper, we examine the trends in how Android apps have changed over time with respect to privacy. We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers. We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
arXiv Detail & Related papers (2021-12-28T16:21:31Z)

This list is automatically generated from the titles and abstracts of the papers in this site.