An empirical study on Oculus virtual reality applications: security and privacy perspectives. Hanyang Guo, Hong-Ning Dai, Xiapu Luo, Zibin Zheng, Gengyang Xu, and Fengliang He. 2024. An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives. In 2024 IEEE/ACM 46th International Conference on Software Engineering (ICSE '24), April 14–20, 2024, Lisbon, Portugal. ACM, New York, NY, USA, 13 pages. https://doi.org/10.1145/3597503.3639082 Virtual Reality (VR) has rapidly grown in adoption, especially in metaverse applications. However, VR apps inherit security and privacy issues from conventional mobile apps and introduce new risks due to the collection of biometric data and use of 3D game engines. This study proposes the VR-SP detector, a tool for assessing security and privacy risks in VR apps. Using this tool, the authors analyzed 500 popular VR apps from the Oculus and SideQuest app stores, identifying numerous security vulnerabilities and privacy leaks. The results show that most VR apps lack proper security measures, such as root detection and secure random number generation, and have inconsistent privacy policies. The study also reveals that many VR apps collect biometric data without proper permission requests or privacy policy statements. The authors provide recommendations for improving VR app security and privacy, including setting secure flags, enabling root detection, avoiding insecure encryption algorithms, and adapting privacy policies to new VR features. The study highlights the need for better regulation and oversight of VR app development to protect user privacy and security.An empirical study on Oculus virtual reality applications: security and privacy perspectives. Hanyang Guo, Hong-Ning Dai, Xiapu Luo, Zibin Zheng, Gengyang Xu, and Fengliang He. 2024. An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives. In 2024 IEEE/ACM 46th International Conference on Software Engineering (ICSE '24), April 14–20, 2024, Lisbon, Portugal. ACM, New York, NY, USA, 13 pages. https://doi.org/10.1145/3597503.3639082 Virtual Reality (VR) has rapidly grown in adoption, especially in metaverse applications. However, VR apps inherit security and privacy issues from conventional mobile apps and introduce new risks due to the collection of biometric data and use of 3D game engines. This study proposes the VR-SP detector, a tool for assessing security and privacy risks in VR apps. Using this tool, the authors analyzed 500 popular VR apps from the Oculus and SideQuest app stores, identifying numerous security vulnerabilities and privacy leaks. The results show that most VR apps lack proper security measures, such as root detection and secure random number generation, and have inconsistent privacy policies. The study also reveals that many VR apps collect biometric data without proper permission requests or privacy policy statements. The authors provide recommendations for improving VR app security and privacy, including setting secure flags, enabling root detection, avoiding insecure encryption algorithms, and adapting privacy policies to new VR features. The study highlights the need for better regulation and oversight of VR app development to protect user privacy and security.