{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,13]],"date-time":"2026-05-13T17:28:56Z","timestamp":1778693336203,"version":"3.51.4"},"reference-count":79,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"5","license":[{"start":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:00:00Z","timestamp":1746057600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:00:00Z","timestamp":1746057600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:00:00Z","timestamp":1746057600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Hong Kong Baptist University Seed Funding for Collaborative Research","award":["RC-SFCRG\/23-24\/R2\/SCI\/06"],"award-info":[{"award-number":["RC-SFCRG\/23-24\/R2\/SCI\/06"]}]},{"name":"HKPolyU","award":["H-ZGGG"],"award-info":[{"award-number":["H-ZGGG"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2025,5]]},"DOI":"10.1109\/tse.2025.3553283","type":"journal-article","created":{"date-parts":[[2025,3,19]],"date-time":"2025-03-19T19:38:23Z","timestamp":1742413103000},"page":"1437-1454","source":"Crossref","is-referenced-by-count":6,"title":["An Empirical Study on Meta Virtual Reality Applications: Security and Privacy Perspectives"],"prefix":"10.1109","volume":"51","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5687-2655","authenticated-orcid":false,"given":"Hanyang","family":"Guo","sequence":"first","affiliation":[{"name":"Department of Computer Science, Hong Kong Baptist University, Hong Kong, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6165-4196","authenticated-orcid":false,"given":"Hong-Ning","family":"Dai","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Hong Kong Baptist University, Hong Kong, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9082-3208","authenticated-orcid":false,"given":"Xiapu","family":"Luo","sequence":"additional","affiliation":[{"name":"Department of Computing, The Hong Kong Polytechnic University, Hong Kong, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-7221-7845","authenticated-orcid":false,"given":"Gengyang","family":"Xu","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Hong Kong Baptist University, Hong Kong, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-1248-1539","authenticated-orcid":false,"given":"Fengliang","family":"He","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Hong Kong Baptist University, Hong Kong, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7878-4330","authenticated-orcid":false,"given":"Zibin","family":"Zheng","sequence":"additional","affiliation":[{"name":"School of Software Engineering, Sun Yat-sen University, Zhuhai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1007\/s12599-020-00658-9"},{"key":"ref2","article-title":"Virtual reality market size, share and COVID-19 impact analysis, by component (hardware, software, and content), by device type (head mounted display (HMD), VR simulator, VR glasses, treadmills and haptic gloves, and others)"},{"issue":"1","key":"ref3","doi-asserted-by":"crossref","first-page":"486","DOI":"10.3390\/encyclopedia2010031","article-title":"Metaverse","volume":"2","author":"Mystakidis","year":"2022","journal-title":"Encyclopedia"},{"issue":"2","key":"ref4","doi-asserted-by":"crossref","first-page":"51","DOI":"10.56795\/fortech.v3i2.321","article-title":"Aplikasi ruangan maya berbasis Android OS pada headset virtual reality Oculus Quest 2","volume":"3","author":"Santoso","year":"2022","journal-title":"Jurnal FORTECH"},{"issue":"3","key":"ref5","doi-asserted-by":"crossref","DOI":"10.3390\/su14031246","article-title":"Research on art teaching practice supported by virtual reality (VR) technology in the primary schools","volume":"14","author":"Hui","year":"2022","journal-title":"Sustainability"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.26599\/BDMA.2022.9020047"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3180445.3180450"},{"key":"ref8","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102923","article-title":"Rise of the metaverse\u2019s immersive virtual reality malware and the man-in-the-room attack & defenses","volume":"127","author":"Vondr\u00e1\u010dek","year":"2023","journal-title":"Comput. & Secur."},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2019.2907942"},{"key":"ref10","first-page":"3789","article-title":"OVRseen: Auditing network traffic and privacy policies in Oculus VR","volume-title":"Proc. 31st USENIX Secur. Symp. (USENIX Secur. 22)","author":"Trimananda","year":"2022"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639082"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/ICCE-Berlin47944.2019.8966170"},{"key":"ref13","first-page":"3093","article-title":"Playing without paying: Detecting vulnerable payment verification in native binaries of Unity mobile games","volume-title":"Proc. 31st USENIX Secur. Symp. (USENIX Secur.)","author":"Zuo","year":"2022"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/VRW55335.2022.00040"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3140175"},{"key":"ref16","doi-asserted-by":"crossref","DOI":"10.1016\/j.engappai.2022.105581","article-title":"Artificial intelligence for the metaverse: A survey","volume":"117","author":"Huynh-The","year":"2023","journal-title":"Eng. Appl. Artif. Intell."},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.21860\/j.13.1.10"},{"key":"ref18","article-title":"A survey on metaverse: The state-of-the-art, technologies, applications, and challenges","author":"Ning","year":"2021"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00101"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2896003"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ICECCS.2015.17"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.41"},{"key":"ref23","first-page":"343","article-title":"Towards HTTPS everywhere on android: We are not there yet","volume-title":"Proc. 29th USENIX Secur. Symp. (USENIX Secur.)","author":"Possemato","year":"2020"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2016.2548426"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/URTC51696.2020.9668870"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2018.8622115"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/NSysS.2017.7885802"},{"issue":"4","key":"ref28","doi-asserted-by":"crossref","first-page":"764","DOI":"10.3390\/jcp2040039","article-title":"Detection of SQL injection attack using machine learning techniques: A systematic literature review","volume":"2","author":"Alghawazi","year":"2022","journal-title":"J. Cybersecur. Privacy"},{"key":"ref29","first-page":"4347","article-title":"Why Eve and Mallory still love Android: Revisiting TLS (in) security in Android applications","volume-title":"Proc. 30th USENIX Secur. Symp. (USENIX Secur.)","author":"Oltrogge","year":"2021"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3546933"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/MOBISECSERV.2019.8686583"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM42981.2021.9488728"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/MPRV.2021.3115478"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/DASC.2014.22"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3472873.3472881"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813714"},{"key":"ref37","first-page":"181","article-title":"A fait accompli? An empirical study into the absence of consent to Third-Party tracking in Android apps","volume-title":"Proc. 17th Symp. Usable Privacy Secur. (SOUPS)","author":"Kollnig","year":"2021"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/2889160.2889178"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978333"},{"key":"ref40","first-page":"919","article-title":"Automated third-party library detection for Android applications: Are we there yet?","volume-title":"Proc. 35th IEEE\/ACM Int. Conf. Automated Softw. Eng. (ASE)","author":"Zhan","year":"2020"},{"key":"ref41","article-title":"Unity documentation - 2D or 3D projects","year":"2023"},{"key":"ref42","article-title":"Unreal Engine","year":"2023"},{"key":"ref43","article-title":"Androguard documentation","author":"Desnos"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3560512"},{"key":"ref45","first-page":"945","article-title":"Towards discovering and understanding task hijacking in Android","volume-title":"Proc. 24th USENIX Conf. Secur. Symp. (SEC)","author":"Ren","year":"2015"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/2886012"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/ICCES.2009.5383254"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.38"},{"key":"ref49","first-page":"3385","article-title":"LibScan: Towards more precise third-party library identification for Android applications","volume-title":"Proc. 32nd USENIX Secur. Symp. (USENIX Secur. 23)","author":"Wu","year":"2023"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382222"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00052"},{"key":"ref52","article-title":"dnSpy","year":"2020"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-23597-0_4"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN48605.2020.9206660"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.2196\/17134"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427250"},{"key":"ref58","first-page":"585","article-title":"PolicyLint: Investigating internal privacy policy contradictions on Google Play","volume-title":"Proc. 28th USENIX Secur. Symp. (USENIX Secur.)","author":"Andow","year":"2019"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1080\/1097198x.2019.1569186"},{"key":"ref60","article-title":"GDPRWise policy checker","author":"BV","year":"2023"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00012"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179301"},{"key":"ref63","first-page":"985","article-title":"Actions speak louder than words: Entity-Sensitive privacy policy and data flow analysis with PoliCheck","volume-title":"Proc. 29th USENIX Secur. Symp. (USENIX Secur.)","author":"Andow","year":"2020"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2019.2956690"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23091"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/3324884.3416637"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/2808117.2808126"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/2701415"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-49409-8_75"},{"key":"ref70","first-page":"13","volume-title":"The LibGDX Framework","author":"Stemkoski","year":"2015"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970368"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/ICCS45141.2019.9065765"},{"key":"ref73","first-page":"603","article-title":"50 ways to leak your data: An exploration of apps\u2019 circumvention of the Android permissions system","volume-title":"Proc. 28th USENIX Secur. Symp. (USENIX Secur. 19)","author":"Reardon","year":"2019"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2915339"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE5003.2020.00025"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1145\/3296957.3177153"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2018.00034"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/6280768"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1145\/3555858.3555898"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/32\/11006365\/10934745.pdf?arnumber=10934745","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,19]],"date-time":"2025-05-19T17:57:01Z","timestamp":1747677421000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10934745\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5]]},"references-count":79,"journal-issue":{"issue":"5"},"URL":"https:\/\/doi.org\/10.1109\/tse.2025.3553283","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"},{"value":"2326-3881","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,5]]}}}