In AR/VR platforms—particularly those enforcing single-application execution (e.g., Meta Quest)—malicious applications can still infer sensitive user activities (e.g., location, browsing history) via GPU-based cross-app side channels, circumventing conventional high-resolution performance analysis. This work introduces OVRWatcher, the first low-resolution (1 Hz) GPU utilization–based cross-app side-channel primitive that requires no concurrent app execution, elevated privileges, custom SDKs, or fine-grained hardware counters. OVRWatcher models the correlation between GPU load patterns and 3D interaction semantics—including scene rendering complexity, interaction distance, and manipulation velocity—to enable both application fingerprinting and virtual-object–level inference. Evaluation demonstrates >99% application identification accuracy and >98% object-level inference accuracy. It successfully reconstructs immersive shopping preferences and estimates virtual meeting attendance, exposing a previously overlooked privacy threat in constrained AR/VR execution environments.

Over the past decade, AR/VR devices have drastically changed how we interact with the digital world. Users often share sensitive information, such as their location, browsing history, and even financial data, within third-party apps installed on these devices, assuming a secure environment protected from malicious actors. Recent research has revealed that malicious apps can exploit such capabilities and monitor benign apps to track user activities, leveraging fine-grained profiling tools, such as performance counter APIs. However, app-to-app monitoring is not feasible on all AR/VR devices (e.g., Meta Quest), as a concurrent standalone app execution is disabled. In this paper, we present OVRWatcher, a novel side-channel primitive for AR/VR devices that infers user activities by monitoring low-resolution (1Hz) GPU usage via a background script, unlike prior work that relies on high-resolution profiling. OVRWatcher captures correlations between GPU metrics and 3D object interactions under varying speeds, distances, and rendering scenarios, without requiring concurrent app execution, access to application data, or additional SDK installations. We demonstrate the efficacy of OVRWatcher in fingerprinting both standalone AR/VR and WebXR applications. OVRWatcher also distinguishes virtual objects, such as products in immersive shopping apps selected by real users and the number of participants in virtual meetings, thereby revealing users' product preferences and potentially exposing confidential information from those meetings. OVRWatcher achieves over 99% accuracy in app fingerprinting and over 98% accuracy in object-level inference.