Lately, there seems to be a growing interest for QR code scanner apps on both platforms, iOS and Android. We at QRu have seen an increase in traffic from search engines with search terms hinting in that direction, too. So here we go with a few recommendations for QR code scanners. This post will cover apps for the iPhone and iPad, a later post will tackle QR code reader apps for Android. [UPDATE: the promised post with reviews of QR code scanners for Android is finally here!]

Scanning a QR code with an iPhone

Barcoo

Barcoo app icon Barcoo is not actually a QR code scanner as such. Its main objective is shopping: you can, e.g., scan product barcodes with it to compare prices. But it also scans QR codes which is of interest to us here and now. It does so fairly reliably and quickly. It understands what to do with pretty much everything you can put in a QR code.

If the QR code contains a link it’s opened immediately. That’s fast and easy but has two catches.

  1. Unfortunately, it opens links in an embedded browser so the web page you wanted to visit might not be fully functional. We had some bad experiences with this. It’s always better to hand the web off to where it really belongs: Safari (as far as iOS is concerned).
    Also, the page will be disfigured with ads.
  2. The web site might be malicious! While it might seem tedious to tap one more time to open that page, it may save you from a lot of trouble. So do have a good look at the URL before you follow that link!

That looses Barcoo some points.

All in all, Barcoo is an OK QR code scanner. If you already use it for your shopping, it provides you with the means to scan a QR code without installing another app. There are better QR code scanners, though, so keep on reading…

Download Barcoo from the app store.

ZBar

ZBar app icon After the ZXing project discontinued their efforts for iOS this is the only open source scanner app remaining in the app store. If you know any others, please let us know!

Unfortunately, the app was supposed to be only a demo. Still, it scans QR codes well and very fast, so that part of the demo is definitely convincing. (It can also recognize other types of bar codes but we have not tested those.) It’s a very simple app, but it does it’s job mostly well. It does not, however, show the URL of web pages before opening them. So if you scanned a QR code with a link inside, it better be a safe one… Also, it uses an embedded browser with all it’s problems. It would really be better to hand that off to Safari. (See the review of Barcoo above.) It does not even offer to open the page in Safari after already showing the page, like Barcoo does. Instead, it shoves more ads in your face alongside the web page you actually wanted to see.

We tested ZBar also with a QR code containing a contact data set. Digital business cards are what we do, after all. Unfortunately, ZBar does not understand this. Neither the well known vCard standard (virtually used by all digital address books, even Outlook) nor the MeCard format that was explicitly invented to store contact data in QR codes so that they don’t get quite as large. That clearly rules out a recommendation for ZBar from us.

Download ZBar from the app store.

QRafter

QRafter app icon Now this is an app dedicated entirely to QR codes.The bad news up front: QRafter has become fairly aggressive in pushing ads in front of you. You can get rid of them, though, by investing in the pro version of QRafter.

QRafter is a full featured and very standards-compliant scanner app. That makes it exceptionally reliable in recognizing and decoding QR codes. QRafter may not be the fastest QR code reader out there, but it’s still swift. And it is even able to scan inverted QR codes, i.e. with black and white swapped. As far as we know, this makes it unique in the world of QR code scanners. It successfully handled everything we threw at it during testing, be it URLs, phone numbers, calendar entries, contact data sets as MeCards or full-flegged digital business cards in a vCard.

Coming back to security concerns with links in QR codes. This is where QRafter really shines. Where others open the page without letting you see the URL first to judge whether you really want that, QRafter not only shows you what’s in the QR code it just scanned for you, it also pre-fetches the web page to see whether that redirects you to a different page or is really the final destination. An attacker might be able to make a vulnerable site redirect to his malicious page, so the link looks like the link leads to a trustworthy destination at first glance, e.g. http://publish.yahoo.com//%77%77%77%2eg%6f%6fg%6ce%2ec%6fm/%2e%2e takes you to Yahoo. Or does it? (At the time of this writing it does not! But don’t worry, this example is harmless. [UPDATE: the vulnerability is fixed by now because the service does not exist anymore.]) This is called an open redirect attack. So by looking up whether the link redirects and where, QRafter enables you to judge where the link is taking you in the end and you can decide whether you really want to go there. It then offers you a list of choices how to proceed, including (finally someone getting it right) opening the page in Safari.

So except for the obnoxious ads this is really a very solid QR code reader app. For the occasional scan the ads are probably bearable. If you regularly use QR codes, you may want to consider getting the pro version.

Download QRafter from the app store.