Data publicare: Primăvară 2026
This paper presents a structured security and privacy assessment of Unity Authenticationapproaches for immersive applications, with emphasis on Unity Player Accounts, OpenID Connect,and Custom ID sign-in. The study combines documentation analysis, prototype implementation,and Wireshark-based traffic observation to identify developer responsibilities and practicalintegration risks. The analysis focuses on trust boundaries, token handling, account linking, sessionpersistence, backend hardening, service-account protection, and GDPR-relevant data processing.A Unity XR prototype was implemented to examine the Unity Player Accounts sign-in workflowand to identify authentication-related network endpoints during passive Wireshark observation.The results show that HTTPS/TLS protects authentication payload confidentiality during passivecapture, but observable metadata still reveals infrastructure dependencies and identity-providerinvolvement. The paper argues that the main security risks in Unity-based authentication areimplementation-level weaknesses rather than transport-layer exposure. The contribution is areproducible assessment framework and a set of practical recommendations for integrating UnityAuthentication securely and privacy-consciously in metaverse and XR environments. Unlike priorwork that addresses metaverse authentication at a general level, this paper focuses specificallyon Unity Authentication as a commercial game-engine identity layer and evaluates its integrationrisks in an XR prototype.