Mohaisen, DavidAlghamdi, Abdulaziz2025-05-212025https://hdl.handle.net/20.500.14154/75424The rapid evolution of Augmented Reality (AR) and Virtual Reality (VR) technologies on mobile platforms has significantly impacted the digital landscape, raising concerns about security and privacy. As these technologies integrate into everyday life, understanding their security infrastructure and privacy policies is crucial to protect user data. To address this, our first study analyzes AR/VR applications from a security and performance perspective. Recognizing the lack of benchmark datasets for security research, we compiled a dataset of 408 AR/VR applications from the Google Play Store. The dataset includes control flow graphs, strings, functions, permissions, API calls, hexdump, and metadata, providing a valuable resource for improving application security. In the second study, we use BERT to analyze the privacy policies of AR/VR applications. A comparative analysis reveals that while AR/VR apps offer more comprehensive privacy policies than free content websites, they still lag behind premium websites. Additionally, we assess 20 U.S. state privacy regulations using the Coverage Quality Metric (CQM), identifying strengths, gaps, and enforcement measures. This study highlights the importance of critical privacy practices and key terms to enhance policy effectiveness and align industry standards with evolving regulations. Finally, our third study introduces a scalable approach to malware detection using machine learning models, specifically Random Forest (RF) and Graph Neural Networks (GNN). Utilizing two datasets—one with Android apps, including AR/VR, and Executable and Linkable Format (ELF) files—this research incorporates features such as API call groups and Android-specific features. The GNN model outperforms RF, demonstrating its ability to capture complex feature relationships and significantly improve malware detection accuracy. This work contributes to enhancing AR/VR application security, improving privacy practices, and advancing malware detection techniques.154en-USAR/VRDatasetBERTPrivacy PolicyAPI CallGNNRandom ForestThesis