From Perception to Protection: A Developer-Centered Study of Security and Privacy Threats in Extended Reality (XR)
Kunlin Cai
Network and Distributed System Security (NDSS) Symposium 2026 · Day 2 · Wireless Security
Kunlin Cai from USC presents a first-of-its-kind developer-centered study examining why XR (Extended Reality) applications remain riddled with security and privacy vulnerabilities despite growing academic research on XR threats. Through semi-structured interviews with **23 professional XR developers** recruited from over 400 LinkedIn candidates, the study reveals a profound awareness gap: developers could only identify **2.1 out of 9** categories of sensitive data types collected by their own applications and **0.9 out of 7** known attack categories before being shown demonstrations. The research finds that XR threats persist not because developers are careless, but because the technology evolves faster than developer awareness, threats blend with UX issues making them easy to overlook, and there is a massive diffusion of ownership with no clear standards or guidance.
AI review
A developer survey study that quantifies what most security researchers already intuit: XR developers do not know about XR security threats. No new vulnerabilities, no exploitation, no technical depth. The finding that developers identified 0.9 of 7 known attacks is interesting as a data point but the contribution is sociological rather than technical.