Augmented Reality and Privacy: What You Need to Know

Augmented reality

Sometimes, we need to escape the reality of the real world and detach from reality.

In this world centered around technology, fewer people are relaxing by candlelight with a good book, and more are choosing to substitute the physical world by bringing in elements from augmented reality.

Unfortunately, the privacy issues we face in the real world from companies are still present in augmented reality.

So, if you’re an avid augmented reality user, interested in exploring this world, or just interested in new and innovative technologies, this article will tell you everything you need to know to protect your privacy when using this technology.

Table of contents

What is augmented reality?

Augmented reality (AR) overlays digital information, such as images, videos, or text, onto the real world. One of the most popular AR examples is Pokemon Go.

In case you don’t know, Pokemon Go lets you see and interact with Pokemon as if they exist in the physical space around them, seamlessly blending the real and virtual worlds through the AR technology integrated into the game.

At its peak, Pokemon Go had more than 232 million players exploring reality through people’s smartphones, creating a blend of a virtual and augmented world.

Virtual reality, by contrast, immerses users in a completely virtual environment and is usually experienced via an interface such as videogame headsets or goggles rather than watching content via a screen.

As AR continues to evolve, it has huge potential to transform how people interact with their surroundings, offering new opportunities and tools for creativity, productivity, and engagement.

However, the widespread adoption of AR also requires essential considerations regarding privacy, security, and ethical implications, which users and developers must carefully navigate.

Here are some examples of augmented reality (AR) applications and use cases:

  1. IKEA Place: This app allows users to visualize how IKEA furniture would look in their homes. Using AR, customers can place virtual furniture in their space and see how it fits and complements their existing decor.
  2. Google Maps live view: This feature in Google Maps uses AR to provide real-time navigation directions with the actual surroundings captured by the phone's camera. It helps users navigate unfamiliar places more easily.
  3. Augmented Reality art installations: Many artists and museums use AR to create interactive art installations. For example, AR can overlay additional information or animations onto traditional artwork when viewed through a smartphone or AR headset.
  4. Augmented Reality in Education: AR is increasingly used to create immersive learning experiences. For instance, AR apps can provide interactive models of complex concepts like human anatomy or historical events, making learning more engaging and interactive for students.
  5. Augmented Reality in Retail: Retailers use AR to enhance the shopping experience. For instance, AR can allow customers to try on clothes or accessories virtually using their smartphone cameras before purchasing.
  6. AR in Healthcare: AR is used in healthcare to train medical professionals, facilitate surgical planning, and educate patients. Surgeons can visualize anatomy in 3D overlaid onto a patient's body during surgery planning.
  7. Augmented Reality in Tourism: AR apps can provide tourists with enhanced experiences by overlaying historical information, reviews, or directions onto landmarks and attractions as they explore new places.

Internxt is a cloud storage service based on encryption and privacy.

Augmented reality privacy issues

As augmented reality (AR) becomes more widespread, more security and privacy issues need to be considered to get the full benefits of this technology without compromising your privacy.

In contrast to social media or other websites, AR collects much more data, as it can see what you’re doing. AR also brings increased risks of cyberattacks, and we will consider those issues in this article, too.

1. Data Collection and Usage

AR apps are quickly integrating into various aspects of daily life, from gaming to navigation, shopping, and beyond, often coming at a cost to your privacy.

AR applications provide immersive experiences by relying on collecting a substantial amount of user data. This data collection often includes, but isn’t limited to

  • Location Information: A navigation app such as Google Maps might use AR to overlay directions onto the real-world streets visible through a smartphone camera, necessitating precise location tracking. This data can reveal sensitive information about a user’s movements, routines, and frequented places.
  • Camera Feeds: AR's core functionality relies on capturing the real world through a device's camera and overlaying digital content onto this feed. Applications may continually access the camera to analyze the environment, detect surfaces, and place virtual objects accurately. This continuous access raises concerns about what images and videos are being recorded, how long they are stored, and who has access to them.
  • Biometric Data: Some advanced AR applications might also collect biometric data, such as facial recognition information, to create personalized experiences or enhance security features. For example, an AR app might use facial recognition to ensure that only the authorized user can access certain features.

Augmented Reality (AR) data collection poses significant privacy and security risks. The continuous gathering of location, camera, and biometric data can lead to severe privacy invasions and unauthorized surveillance.

Risks of data collection from AR

The continuous gathering of location, camera, and biometric data can lead to severe privacy invasions and unauthorized surveillance. Inadequate security measures can expose this data to breaches, as we saw in 2023 when the average cost of a data breach reached over $4 million.

Here are some of the risks associated with augmented reality apps collecting your data:

  • Detailed user profiles created from AR data can be exploited for intrusive targeted advertising and manipulative practices, raising ethical concerns about user consent and the impact on non-users.
  • AR apps require access to your device sensors like cameras and microphones, creating potential security vulnerabilities that can be exploited for unauthorized recordings or phishing attacks.
  • The legal landscape for AR data protection is complex, with varying privacy laws and data sovereignty issues adding to the regulatory challenges. This means companies and the general public have to keep up with the evolving privacy issues of augmented reality.

The risks go far beyond the risks to privacy and extend to broader impacts on other people. Similar to how Microsoft's AI can collect data from conversations from your surroundings, public use of AR can inadvertently collect data on non-users. In both cases, this leads to ethical dilemmas regarding consent and surveillance.

Snapchat and augmented reality privacy concerns

Snapchat recently provided a recent example of augmented reality (AR) location data collection and usage concerns. Snapchat has widely adopted AR through its various features, such as Lenses and Filters, which overlay digital effects onto users’ faces and environments using the device's camera.

One privacy issue with Snapchat was Snapchat's Snap Map feature, an augmented reality feature that overlays the user's Bitmoji (avatar) onto a map, showing their current location. You can choose to share your location with all friends, select friends, or remain in "Ghost Mode" to keep your location private.

Showing exactly where users are caused major privacy concerns related to stalking, harassment, or doxing by knowing exactly where people are located.

Internxt is a cloud storage service based on encryption and privacy.
  • Location Privacy: This feature potentially exposes users' whereabouts to anyone on their friend list, which can be a concern for personal safety.
  • Public Display: Even though users can choose to share their location with only select friends, the default setting, when Snap Map was introduced, was to share location with all friends unless users actively chose Ghost Mode. This raised concerns about inadvertent exposure of users' locations.
  • User Awareness: Many users were not initially aware of how Snap Map worked or how their location was being shared. This lack of awareness can lead to unintended privacy violations, especially among younger users who may need help understanding the implications of sharing their location.

In response, Snapchat made Ghost Mode more prominent and educated users on how to control their location-sharing settings. They also enhanced privacy controls to give users more granular control over who can see your location on Snap Map.

Even so, there are still measures to take if you use Snapchat, as it’s privacy policy demonstrates, it does take measures to limit how it shares your data, it will still share with other companies, depending on how you use the app as we can see below.

"If you’ve explicitly granted device-level permissions, device information may also include information about your device phonebook (contacts and related information), images and other information from your device’s camera, photos, and microphone."
"We share information about your activity with business and integrated partners in order to provide the Services."
"Our Services may contain content and integrations offered by our integrated partners. Through these integrations, you may be providing information to the integrated partner as well as to Snap."
"Our Services connect you with your friends around the world. To make that possible, we may collect your personal information from, transfer it to, and store and process it in the United States or other countries outside of where you live."

Snapchat is one example of the importance of transparency, user education, and awareness of privacy settings in augmented reality applications.

2. Social Engineering and Phishing Attacks

One significant threat is the creation of fake AR content designed to deceive users. For example, attackers might develop malicious AR overlays or virtual objects that appear legitimate but actually redirect users to phishing websites.

In a scenario resembling an AR scavenger hunt, users could be instructed to interact with virtual items that, when clicked, lead them to fake login pages or initiate downloads of malware onto their devices.

3. Cyber Attacks via AR Infrastructure

Augmented Reality (AR) applications are built upon complex infrastructure that includes cloud servers and communication protocols, which are integral to their functionality. Hackers might target these weaknesses to gain unauthorized access to user accounts or manipulate virtual content visible to users.

For instance, if a hacker successfully breaches an AR platform's backend server, they could potentially access sensitive user data stored within the platform. This data may include personal information, user preferences, or even real-time location data.

Stealing credentials

Customers typically store their payment information within user profiles in retail scenarios utilizing AR shopping apps to facilitate seamless transactions. This convenience, however, also makes them vulnerable to hacking attempts.

Cybercriminals may exploit vulnerabilities in wearable devices or AR/VR applications to gain unauthorized access to these stored credentials.

Internxt VPN lets you browse the web securely and privately.


Ransomware poses a significant threat in the realm of augmented reality (AR), where hackers can exploit vulnerabilities to gain access to a user's AR device. Once infiltrated, hackers might clandestinely record the user's activities and interactions within the AR environment.

Subsequently, they could threaten to expose these recordings publicly unless a ransom is paid. This type of attack can be deeply troubling, particularly for users engaged in personal or sensitive activities within AR applications, such as gaming or virtual interactions, where privacy is paramount.

How to prevent augmented reality apps from stealing or compromising your data

Preventing cyberattacks and privacy breaches in augmented reality (AR) involves a combination of user awareness, best practices, and technological measures. Some of these are specific to AR, but can be applied to other platforms, like your cloud storage, emails, or social media accounts.

For AR, you should be aware of the following measures to protect your privacy and limit cyberattacks.

Use Trusted AR Apps: Stick to well-known, reputable AR applications from trusted app stores. Check reviews and permissions required before installing any AR app to understand what data it accesses.

  • Update Software Regularly: Keep AR devices, smartphones, and AR apps up to date with the latest security patches and updates. This helps protect against known vulnerabilities.
  • Understand Permissions: Be cautious about granting unnecessary permissions to AR apps. Review and adjust app permissions to limit access to sensitive data such as location, camera, and microphone.
  • Secure Network Connections: Use secure Wi-Fi networks and avoid connecting to public Wi-Fi networks without a VPN (Virtual Private Network) for added security. This prevents unauthorized access to data transmitted between the AR device and external servers.

By following these preventive measures, individuals can minimize the risk of cyberattacks and privacy breaches while enjoying the benefits of augmented reality technology safely and securely.

Internxt is a cloud storage service based on encryption and privacy.

Facing the reality of AR privacy

For many people, augmented reality is just another tech feature that may die out over time, like many other gadgets that have come and gone over the past few years.

Whether AR will become integral to our lives remains to be seen. Until then, it can’t hurt to be aware of the privacy risks involved if you ever encounter an AR app or game.

As technologies continue to develop, remember to subscribe to Internxt to protect your files and data from cyberattacks that threaten our data. Keep up to date with our blog for reviews, news, and more about the world of cybersecurity!