Language selection

OPC Logo Office of the Privacy Commissioner of Canada

Search

Privacy Analysis of VR/AR Online Shopping Applications

Organization

Concordia University

Published

2024

Project Leader(s)

Mohammad Mannan and Amr Youssef

Summary

The research team at Concordia University conducted a comprehensive study on the privacy and security concerns surrounding virtual try-on (VTO) apps and websites, which use augmented reality (AR) technology in e-commerce and retail. Since virtual reality (VR) shopping apps are still in early development, the team focused on VTO, the most widely deployed AR application in this field. They analyzed 138 websites and 28 Android apps offering VTO to investigate how user data, particularly images, are handled. The findings revealed that 65% of websites and 18% of apps transmit user images to servers, often involving third-party servers. Additionally, 37% of websites use VTO providers that extract facial geometry from user images. The study uncovered significant privacy violations, with 11% of websites and 25% of VTO providers failing to comply with their own privacy policies, such as sharing user images without proper disclosure. Furthermore, 22% of websites use misleading disclaimers regarding data handling practices. The team also identified extensive third-party tracking, with 1446 tracking scripts and 931 cookies found across the websites analyzed. On the security front, the researchers discovered vulnerabilities such as broken authentication in a VTO provider, which could expose merchants to cyberattacks. These findings emphasize the need for greater transparency, improved security, and stronger privacy protections for users of VTO services, even from well-known and trusted brands.

Project deliverables are available in the following language(s):

English

OPC Funded Project

This project received funding support through the Office of the Privacy Commissioner of Canada’s Contributions Program. The opinions expressed in the summary and report(s) are those of the authors and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada. Summaries have been provided by the project authors. Please note that the projects appear in their language of origin.

Contact Information

Mohammad Mannan
CIISE, EV7.640, 1455 De Maisonneuve Blvd., West, Montreal, QC, Canada  H3G 1M8
Email: m.mannan@concordia.ca
Telephone: 514-848-2424 ext. 8972

Date modified: