VR ProfiLens: User Profiling Risks in Consumer Virtual Reality Apps

• URL: http://arxiv.org/abs/2601.12563v1
• Date: Sun, 18 Jan 2026 20:01:39 GMT
• Title: VR ProfiLens: User Profiling Risks in Consumer Virtual Reality Apps
• Authors: Ismat Jarin, Olivia Figueira, Yu Duan, Tu Le, Athina Markopoulou,
• Abstract summary: We propose VR ProfiLens to study user profiling based on VR sensor data and the resulting privacy risks across consumer VR apps.<n>Our results show that sensitive personal information can be inferred with moderately high to high risk (up to 90% F1 score) from abstracted sensor data.<n>Our findings highlight risks to users, including privacy loss, tracking, targeted advertising, and safety threats.
• Score: 3.7819085647027646
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Virtual reality (VR) platforms and apps collect user sensor data, including motion, facial, eye, and hand data, in abstracted form. These data may expose users to unique privacy risks without their knowledge or meaningful awareness, yet the extent of these risks remains understudied. To address this gap, we propose VR ProfiLens, a framework to study user profiling based on VR sensor data and the resulting privacy risks across consumer VR apps. To systematically study this problem, we first develop a taxonomy rooted in the CCPA definition of personal information and expand it by sensor, app, and threat contexts to identify user attributes at risk. Then, we conduct a user study in which we collect VR sensor data from four sensor groups from real users interacting with 10 popular consumer VR apps, followed by a survey. We design and apply an analysis pipeline to demonstrate the feasibility of inferring user attributes using these data. Our results show that sensitive personal information can be inferred with moderately high to high risk (up to 90% F1 score) from abstracted sensor data. Through feature analysis, we further identify correlations among app groups and sensor groups in inferring user attributes. Our findings highlight risks to users, including privacy loss, tracking, targeted advertising, and safety threats. Finally, we discuss design implications and regulatory recommendations to enhance transparency and better protect users' privacy in VR.

Related papers

• Investigating Vulnerabilities of GPS Trip Data to Trajectory-User Linking Attacks [49.1574468325115]
  We propose a novel attack to reconstruct user identifiers in GPS trip datasets consisting of single trips.<n>We show that the risk of re-identification is significant even when personal identifiers have been removed.<n>Further investigations indicate that users who frequently visit locations that are only visited by a small number of others tend to be more vulnerable to re-identification.
  arXiv  Detail & Related papers  (2025-02-12T08:54:49Z)
• I Know What You Did Last Summer: Identifying VR User Activity Through VR Network Traffic [2.0257616108612373]
  Concerns have arisen about the security and privacy implications of VR applications and the impact that they might have on users.<n>We collect network traffic data from 25 VR applications running on the Meta Quest Pro headset and identify characteristics of the generated network traffic.<n>Our results indicate that through the use of ML models, we can identify the VR applications being used with an accuracy of 92.4% and the VR user activities performed with an accuracy of 91%.
  arXiv  Detail & Related papers  (2025-01-25T19:58:29Z)
• How Unique is Whose Web Browser? The role of demographics in browser fingerprinting among US users [50.699390248359265]
  Browser fingerprinting can be used to identify and track users across the Web, even without cookies. This technique and resulting privacy risks have been studied for over a decade. We provide a first-of-its-kind dataset to enable further research.
  arXiv  Detail & Related papers  (2024-10-09T14:51:58Z)
• An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives [46.995904896724994]
  This paper develops a security and privacy assessment tool, namely the VR-SP detector for VR apps. Using the VR-SP detector, we conduct a comprehensive empirical study on 500 popular VR apps. We find that a number of security vulnerabilities and privacy leaks widely exist in VR apps.
  arXiv  Detail & Related papers  (2024-02-21T13:53:25Z)
• Privacy-Preserving Gaze Data Streaming in Immersive Interactive Virtual Reality: Robustness and User Experience [11.130411904676095]
  Eye tracking data, if exposed, can be used for re-identification attacks. We develop a methodology to evaluate real-time privacy mechanisms for interactive VR applications.
  arXiv  Detail & Related papers  (2024-02-12T14:53:12Z)
• Deep Motion Masking for Secure, Usable, and Scalable Real-Time Anonymization of Virtual Reality Motion Data [49.68609500290361]
  Recent studies have demonstrated that the motion tracking "telemetry" data used by nearly all VR applications is as uniquely identifiable as a fingerprint scan. We present in this paper a state-of-the-art VR identification model that can convincingly bypass known defensive countermeasures.
  arXiv  Detail & Related papers  (2023-11-09T01:34:22Z)
• BehaVR: User Identification Based on VR Sensor Data [7.114684260471529]
  We introduce BehaVR, a framework for collecting and analyzing data from all sensor groups collected by multiple apps running on a VR device. We use BehaVR to collect data from real users that interact with 20 popular real-world apps. We build machine learning models for user identification within and across apps, with features extracted from available sensor data.
  arXiv  Detail & Related papers  (2023-08-14T17:43:42Z)
• Unique Identification of 50,000+ Virtual Reality Users from Head & Hand Motion Data [58.27542320038834]
  We show that a large number of real VR users can be uniquely and reliably identified across multiple sessions using just their head and hand motion. After training a classification model on 5 minutes of data per person, a user can be uniquely identified amongst the entire pool of 50,000+ with 94.33% accuracy from 100 seconds of motion. This work is the first to truly demonstrate the extent to which biomechanics may serve as a unique identifier in VR, on par with widely used biometrics such as facial or fingerprint recognition.
  arXiv  Detail & Related papers  (2023-02-17T15:05:18Z)
• Towards Zero-trust Security for the Metaverse [14.115124942695887]
  We develop a holistic research agenda for zero-trust user authentication in social virtual reality (VR) Our proposed research includes four concrete steps: investigating biometrics-based authentication that is suitable for continuously authenticating VR users, leveraging federated learning for protecting user privacy in biometric data, improving the accuracy of continuous VR authentication with multimodal data, and boosting the usability of zero-trust security with adaptive VR authentication.
  arXiv  Detail & Related papers  (2023-02-17T14:13:02Z)
• Automatic Recommendation of Strategies for Minimizing Discomfort in Virtual Environments [58.720142291102135]
  In this work, we first present a detailed review about possible causes of Cybersickness (CS) Our system is able to suggest if the user may be entering in the next moments of the application into an illness situation. The CSPQ (Cybersickness Profile Questionnaire) is also proposed, which is used to identify the player's susceptibility to CS.
  arXiv  Detail & Related papers  (2020-06-27T19:28:48Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.