An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives
CoRR(2024)
摘要
Although Virtual Reality (VR) has accelerated its prevalent adoption in
emerging metaverse applications, it is not a fundamentally new technology. On
one hand, most VR operating systems (OS) are based on off-the-shelf mobile OS.
As a result, VR apps also inherit privacy and security deficiencies from
conventional mobile apps. On the other hand, in contrast to conventional mobile
apps, VR apps can achieve immersive experience via diverse VR devices, such as
head-mounted displays, body sensors, and controllers though achieving this
requires the extensive collection of privacy-sensitive human biometrics.
Moreover, VR apps have been typically implemented by 3D gaming engines (e.g.,
Unity), which also contain intrinsic security vulnerabilities. Inappropriate
use of these technologies may incur privacy leaks and security vulnerabilities
although these issues have not received significant attention compared to the
proliferation of diverse VR apps. In this paper, we develop a security and
privacy assessment tool, namely the VR-SP detector for VR apps. The VR-SP
detector has integrated program static analysis tools and privacy-policy
analysis methods. Using the VR-SP detector, we conduct a comprehensive
empirical study on 500 popular VR apps. We obtain the original apps from the
popular Oculus and SideQuest app stores and extract APK files via the Meta
Oculus Quest 2 device. We evaluate security vulnerabilities and privacy data
leaks of these VR apps by VR app analysis, taint analysis, and privacy-policy
analysis. We find that a number of security vulnerabilities and privacy leaks
widely exist in VR apps. Moreover, our results also reveal conflicting
representations in the privacy policies of these apps and inconsistencies of
the actual data collection with the privacy-policy statements of the apps.
Based on these findings, we make suggestions for the future development of VR
apps.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要