PrivacyOn
Privacy GuideMay 26, 20268 min read

Privacy Risks of Augmented Reality Apps

SC

By Sarah Chen

Head of Privacy Research

Privacy Risks of Augmented Reality Apps

Augmented reality (AR) apps have moved far beyond Pokémon Go. From navigation and shopping to interior design and social media filters, AR is everywhere — and it's collecting an unprecedented amount of personal data. Unlike traditional apps, AR requires constant access to your camera, location, and surroundings, creating privacy risks that most users never consider.

What Data Do AR Apps Collect?

AR applications need real-time sensor data to overlay digital content onto your physical world. This means they collect far more information than a typical mobile app:

  • High-frequency location data — AR apps like Pokémon Go and Google Maps AR stream GPS updates up to 13 times per minute, creating detailed logs of everywhere you go
  • Camera and video feeds — your camera must be active for AR to work, capturing everything in view including other people, buildings, documents, and private spaces
  • Spatial mapping — AR apps create 3D maps of your environment, including the layout of your home, office, or other private spaces
  • Biometric data — face filters and AR try-on features capture detailed facial geometry, eye-tracking data, and expressions
  • Device sensor data — accelerometer, gyroscope, and compass data reveal your movement patterns, posture, and physical activities
  • Audio — some AR apps request microphone access for voice commands, potentially recording ambient conversations

The Bystander Problem

When you use an AR app in public, your camera captures everyone around you — their faces, clothing, companions, and locations. These bystanders never consented to being recorded, and their images may be processed on remote servers. This creates a mass surveillance concern that goes far beyond your own personal privacy.

How AR Data Gets Exploited

Location Profiling

The high-frequency location tracking required by AR apps creates mobility logs of extraordinary detail. Unlike background location tracking that pings your GPS every few minutes, AR apps can track your position multiple times per second. This data reveals:

  • Your daily routine — commute times, lunch spots, gym schedule
  • Places you visit frequently — doctors' offices, places of worship, political gatherings
  • Your social connections — locations where you repeatedly meet the same people
  • Your income level and lifestyle — the neighborhoods, stores, and restaurants you frequent

Facial Recognition and Biometrics

AR face filters may seem harmless, but they generate precise 3D maps of your facial geometry — the same kind of data used by facial recognition systems. This data can be:

  • Used to train facial recognition AI models
  • Shared with advertising networks to identify you across platforms
  • Stored in databases that could be breached
  • Compared against law enforcement facial recognition databases

Environmental Intelligence

When AR apps map your surroundings, they capture surprisingly detailed information about your physical spaces:

  • The size and layout of your home or office
  • The brands and products visible in your environment
  • Whether you have security cameras, alarm systems, or valuable items
  • The contents of documents or screens captured by the camera

This spatial data is valuable to advertisers, insurers, and data brokers who can infer your income level, lifestyle, and purchasing habits from the physical environment you inhabit.

Popular AR Apps and Their Privacy Practices

Social Media AR Filters

Snapchat, Instagram, and TikTok all use AR for face filters and effects. These apps collect facial geometry data, which is particularly sensitive under biometric privacy laws like Illinois' BIPA. Snapchat settled a $35 million BIPA lawsuit in 2022 related to its facial recognition data collection.

Shopping and Try-On Apps

Virtual try-on features for eyeglasses, makeup, and clothing require detailed facial or body measurements. Retailers like Warby Parker, Sephora, and IKEA use AR to let you visualize products, but the body and facial data collected may be shared with analytics and advertising partners.

Navigation and Mapping

Google Maps' Live View AR feature and similar navigation tools capture continuous video of your surroundings. While useful, this creates detailed records of public and semi-private spaces, including street views, building interiors, and the people around you.

Gaming and Entertainment

AR games like Pokémon Go and Ingress map player movements across entire cities. Niantic, the company behind these games, has built one of the world's largest databases of real-world 3D maps — derived entirely from player camera feeds and GPS data.

The Data Broker Connection

Location data from AR apps frequently flows to data brokers through advertising SDKs embedded in the apps. These brokers sell detailed movement profiles to anyone willing to pay — marketers, hedge funds, private investigators, and sometimes law enforcement agencies, often without a warrant.

How to Protect Your Privacy

Before Installing AR Apps

  • Read the privacy policy — look specifically for language about biometric data collection, location tracking frequency, and third-party data sharing
  • Check permissions — be wary of AR apps that request access to contacts, microphone, or storage beyond what's needed for AR functionality
  • Research the developer — check whether the company has been involved in data privacy controversies or breaches

Permission Management

  • Grant camera access only when using the app — set permissions to "While Using" rather than "Always" on both iOS and Android
  • Deny location access when possible — some AR features work without GPS; deny the permission and see if the features you use still function
  • Disable microphone access unless voice commands are essential to the app
  • Revoke permissions for AR apps you haven't used recently

Usage Practices

  • Avoid using AR in sensitive locations — don't activate AR features in your home, at the doctor's office, or near private documents
  • Be mindful of bystanders — remember that your camera is capturing everyone around you
  • Use AR features selectively — you don't need AR navigation for a route you know; save it for when you genuinely need it
  • Delete AR data — periodically clear cached maps, spatial data, and face scans from AR apps
  • Use a VPN to prevent your IP address from being linked to your AR usage patterns

The Bigger Picture

AR apps are just one source of the personal data that flows into the data broker ecosystem. Your location data, facial geometry, and behavioral patterns from AR apps get combined with information from social media, public records, purchase histories, and other sources to create detailed profiles that are bought and sold without your knowledge.

PrivacyOn helps protect you by removing your personal information from over 100 data broker and people-search sites. While you control what data AR apps collect through permissions and usage habits, PrivacyOn handles the broader ecosystem of data brokers that aggregate and sell your information. With 24/7 monitoring and dark web scanning, PrivacyOn provides continuous protection against the many ways your personal data gets exposed and exploited.

SC
Sarah Chen

Head of Privacy Research

CIPP/US CertifiedIAPP MemberB.S. Computer Science

CIPP/US-certified privacy researcher with over a decade of experience helping consumers remove their personal information from data brokers.

Related Articles

Privacy Guide

Privacy Risks of Virtual Reality and the Metaverse

Privacy Guide

Privacy Risks of AI Wearables and Smart Rings

Privacy Guide

How to Protect Your Privacy From AI Facial Recognition

Ready to Protect Your Privacy?

Let PrivacyOn automatically remove your personal information from data broker sites and keep it removed.