Security Vulnerability Testing

When you submit a mobile build to any channel in the Oculus Store, an automated security vulnerability scan is run on the app package. This scan checks for security issues such as the usage of known vulnerable SDKs or libraries, known exploits in the Android ecosystem, and the use of non-secure features. When the scan completes, you receive a detailed report that describes any security vulnerabilities found in that application package, and remediation guidance for the vulnerabilities identified.

The following image shows an example of the Security Vulnerability Review Test Results:

If a test fails, there are two possible results:

  • A red icon with an X indicates an issue that must be fixed before the app is released to the public
  • A yellow warning indicates a potential issue that you should fix, but will not block release

You can click the Read More link for each failed or warning result to see more details and recommendations on how to fix the issue. The following image shows an example of the detailed description and recommendation.

After all of the identified security vulnerabilities have been fixed, you can upload a new build and the security vulnerability scan will automatically run on the newly uploaded package.

If you need more details about a failure or help with the recommendations to fix the issues that were identified, see the Oculus Developer Forums for assistance from our developer support team.