To address the high latency, excessive resource consumption, and privacy-security risks inherent in cloud-based recommender systems (CloudRSs), this work presents the first systematic survey of device-oriented recommender systems (DeviceRSs). We propose a comprehensive, three-dimensional lifecycle framework covering deployment & inference, model training & updating, and security & privacy. Within this framework, we introduce a fine-grained, unified taxonomy that integrates key enabling technologies—including edge computing, federated learning, lightweight modeling, differential privacy, and model compression. This survey clarifies the research landscape of DeviceRSs, identifies core technical challenges and open problems, and fills a critical gap in the literature by providing the first holistic, systematic treatment of this emerging field. It delivers a foundational technical benchmark, methodological guidance, and a forward-looking development roadmap for both academia and industry.

Recommender systems have been widely deployed in various real-world applications to help users identify content of interest from massive amounts of information. Traditional recommender systems work by collecting user-item interaction data in a cloud-based data center and training a centralized model to perform the recommendation service. However, such cloud-based recommender systems (CloudRSs) inevitably suffer from excessive resource consumption, response latency, as well as privacy and security risks concerning both data and models. Recently, driven by the advances in storage, communication, and computation capabilities of edge devices, there has been a shift of focus from CloudRSs to on-device recommender systems (DeviceRSs), which leverage the capabilities of edge devices to minimize centralized data storage requirements, reduce the response latency caused by communication overheads, and enhance user privacy and security by localizing data processing and model training. Despite the rapid rise of DeviceRSs, there is a clear absence of timely literature reviews that systematically introduce, categorize and contrast these methods. To bridge this gap, we aim to provide a comprehensive survey of DeviceRSs, covering three main aspects: (1) the deployment and inference of DeviceRSs (2) the training and update of DeviceRSs (3) the security and privacy of DeviceRSs. Furthermore, we provide a fine-grained and systematic taxonomy of the methods involved in each aspect, followed by a discussion regarding challenges and future research directions. This is the first comprehensive survey on DeviceRSs that covers a spectrum of tasks to fit various needs. We believe this survey will help readers effectively grasp the current research status in this field, equip them with relevant technical foundations, and stimulate new research ideas for developing DeviceRSs.