More Modalities, More Problems: Examining User Understanding of The Meta Quest Permissions Framework
Authors: Sarah Radway (Harvard University), Matthew Soto (Carnegie Mellon University), Suvi Lama (Massachusetts Institute of Technology), Carson Powers (Tufts University), Daniel Votipka (Tufts University)
Volume: 2026
Issue: 4
Pages: 438–454
DOI: https://doi.org/10.56553/popets-2026-0129
Abstract: Compared with preceding consumer technologies, virtual reality (VR) requires extensive collection of sensitive biometric data. On the Meta Quest 2 (the most popular consumer headset), application access to sensitive data is mediated by a permissions system adapted from Android’s model. In this work, we examine how VR’s immersive nature necessitates new permissions considerations beyond preceding technology and current VR devices. We analyze the Meta Quest 2’s permissions system, identifying where it diverges from Android's user-facing behavior surrounding biometric data. We then investigate the implications of both conventional Android and novel Quest permission flows through an in-person VR interview study with 23 participants. We observe that many participants lacked awareness of how VR collects data or the extent of passive tracking in VR. Based on these findings, we offer recommendations for VR permissions models and suggest directions for future work.
Keywords: virtual reality, permissions, VR/AR/XR, privacy
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.