Try OVRseen Yourself - UCI-Networking-Group/OVRseen GitHub Wiki

OVRseen is a system/framework with many parts. Thus, it can take too much time to run the entire OVRseen's workflow, e.g., collecting network traffic from hundreds of apps may take days/weeks. Here, we provide instructions to run and demonstrate OVRseen's workflow quickly. Performing all the below steps may take only a few hours.

Network Traffic

The entire workflow of OVRseen's network traffic part requires a real Oculus Quest 2 device that is connected to a local machine. We have also tested the complete traffic collection workflow using a Quest 2 device that is connected to a local machine that is running the provided VM.

Traffic Collection

When a Quest 2 device is not available, we cannot perform the entire traffic collection flow. On the other hand, it took our team days/weeks to collect network traffic for 140 VR apps. Thus, this would be impractical for OVRseen's quick demo.

Nevertheless, we can still run the APK repackaging part that consists of step 2) of the Setup and step 10) of the App Experiment to get a glimpse of OVRseen's traffic collection. These two steps downloads the necessary Frida libraries, set up a keystore for APK signing and repackaging, and perform the repackaging: they will only take a few minutes to perform. For convenience, we provide a sample APK from a free Oculus app to test this part (please see step 10) of the App Experiment). When running the APK repackaging without the actual Quest 2 device being connected, we will see the error message below since the script repackages the app's APK and attempts to install it directly onto the device.

error: no devices found
adb: error: failed to get feature set: no devices found
- waiting for device -

Please ignore this message and press Ctrl+C to abort the failed installation process.

Post-processing

Running OVRseen's post-processing on our entire network traffic dataset (collected from 140 VR apps) would require huge amount of resources: this can take, at least, a few hours (with up to 20GB of RAM and around 80-100GB of disk space). With the current VM that is set up with 4GB of RAM and 30GB of disk space, one can run OVRseen's post-processing on the partial dataset. Currently, the extract_datasets.sh script has been set to only copy and unzip the PCAP files for Oculus-Paid (please see Table 1 in our paper). This should take less than one hour to run.

If you can provide enough RAM and disk space for post-processing the entire network traffic dataset, please uncomment these two lines in the extract_datasets.sh script

#unzip "../network_traffic/post-processing/PCAPs/Oculus-Paid/*.zip" -d ../network_traffic/post-processing/PCAPs/Oculus-Paid/
#unzip "../network_traffic/post-processing/PCAPs/SideQuest/*.zip" -d ../network_traffic/post-processing/PCAPs/SideQuest/

and comment out the following two lines in the script before running it.

rm -rf ../network_traffic/post-processing/PCAPs/Oculus-Free/
rm -rf ../network_traffic/post-processing/PCAPs/SideQuest/

For convenience, we provide the files generated by OVRseen's post-processing in intermediate_outputs in our datasets, including the all-merged-with-esld-engine-privacy-developer-party.csv version generated using our entire network traffic dataset. Using this file, we can reproduce our results reported in Sections 3.3 and 3.4 in our paper. We have also provided scripts that will reproduce Tables 1, 2, 3 and Figure 2 in our paper.

Privacy Policy

Network-to-Policy Consistency

The entire workflow of OVRseen's network-to-policy consistency analysis can be run using the output from the OVRseen's post-processing step or using the same file, provided for convenience, in intermediate_outputs in our datasets. OVRseen's network-to-policy consistency analysis should take less than one hour using our datasets. Running OVRseen's network-to-policy consistency analysis allows us to reproduce our detailed results we reported in Section 4.1.3 in our paper. We have also provided scripts that will reproduce Figures 4, 5, and 6 in our paper.

Purpose Extraction

There are two parts in OVRseen's purpose extraction: (1) running privacy policy analysis on Polisis website, and (2) running the translation layer that maps data flows from PoliCheck to text segments annotated with purposes by Polisis. For the first part, one needs a special token to use Polisis API on their website (www.pribot.org). This token can be acquired by contacting the Polisis authors, but, unfortunately, they mentioned that they had to discontinue their privacy policy analysis online service as of September 2021 due to some technical issue. Thus, the first part cannot be performed.

The second part can be run for OVRseen's quick demo to reproduce our results in Section 4.2 and Figure 7 in our paper. This should take less than one hour. We provide the output of the first part (i.e., privacy policy analysis by Polisis) as part of our datasets, so that OVRseen users can use it to perform the second part.