Virtual Reality (VR) has gained increasing traction among various domains in recent years, with major companies such as Meta, Pico, and Microsoft launching their application stores to support third-party developers in releasing their applications (or simply apps). These apps offer rich functionality but inherently collect privacy-sensitive data, such as user biometrics, behaviors, and the surrounding environment. Nevertheless, there is still a lack of domain-specific regulations to govern the data handling of VR apps, resulting in significant variations in their privacy practices among app stores. In this work, we present the first comprehensive multi-store study of privacy practices in the current VR app ecosystem, covering a large-scale dataset involving 6,565 apps collected from five major app stores. We assess both declarative and behavioral privacy practices of VR apps, using a multi-faceted approach based on natural language processing, reverse engineering, and static analysis. Our assessment reveals significant privacy compliance issues across all stores, underscoring the premature status of privacy protection in this rapidly growing ecosystem. For instance, one third of apps fail to declare their use of sensitive data, and 21.5\% of apps neglect to provide valid privacy policies. Our work sheds light on the status quo of privacy protection within the VR app ecosystem for the first time. Our findings should raise an alert to VR app developers and users, and encourage store operators to implement stringent regulations on privacy compliance among VR apps.

翻译：近年来，虚拟现实（VR）技术在多个领域日益普及，Meta、Pico、微软等主要公司纷纷推出应用商店以支持第三方开发者发布应用程序（简称应用）。这些应用虽提供丰富功能，但本质上会收集涉及隐私的敏感数据，例如用户生物特征、行为习惯及周围环境信息。然而，目前仍缺乏针对该领域的专门法规来规范VR应用的数据处理行为，导致不同应用商店间的隐私实践存在显著差异。本研究首次对当前VR应用生态系统中的隐私实践进行了全面的多平台分析，涵盖从五大主流应用商店收集的6,565个应用组成的大规模数据集。我们采用基于自然语言处理、逆向工程与静态分析的多维度方法，系统评估了VR应用的声明性隐私实践与行为性隐私实践。评估结果显示所有应用商店均存在显著的隐私合规问题，凸显了这一快速增长生态系统中隐私保护机制尚不成熟。例如，三分之一的应用未声明其对敏感数据的使用，21.5%的应用未能提供有效的隐私政策。本研究首次揭示了VR应用生态系统内隐私保护的现状。我们的发现将为VR应用开发者与用户敲响警钟，并推动应用商店运营商对VR应用的隐私合规性实施更严格的监管规范。