Finally, I get around to putting a few words about QR code scanner apps for Android devices into writing. If Android is not your thing, see my previous post on QR code readers for the iPhone and iPad. For Android, things are far worse than for iOS while, at the same time, making a good choice in QR code readers is vastly easier: On the one hand, there are even more apps to scan QR codes than for iOS. And most of them come for free. Or so they claim…
On the other hand, if you don’t already have an app that also scans QR codes there is really only one viable candidate for a pure QR code reader app on Android: Barcode Scanner.
Barcode Scanner is an open source app by the Zebra Crossing (ZXing) project. It actually does a good job in everything you could ask for in a QR code scanner. It is fairly fast and reliable and pretty much any content you can put into a QR code is handled correctly. At least it dealt with everything we threw at it during testing.
And it is absolutely free of advertising.
With it’s default settings, any data contained in the scanned QR code are displayed as soon they have beed decoded and the user is prompted what to do with the result, e.g. open a URL in the browser, call a scanned contact etc. You can change the behaviour so that URLs are opened as soon as they are scanned, but this poses a security risk: it might take you to a website that tries to attack your phone! So you may want to stick with the prompting so that you can have a look at that link before you follow it.
The only thing missing with respect to security is a check for redirects: the URL within the QR code may not be the final destination, but send you on to a different site which may be malicious. The developers of Barcode Scanner may want to have a look at what QRafter is doing to mitigate such risks.
The app also has several other features such as some QR code generation capabilities and it also scans several other barcode formats. But since I want to review QR code scanner apps I will simply ignore these features.
What About All The Other QR Code Scanners?
Yes they are there. Especially, there are a lot of free ones. But beware: most of them use the ZXing code for scanning QR codes so they are no better than the original Barcode Scanner. For most of them, handling the contents of the scanned QR codes is not done any better, either. So why bother with these apps?
Also, keep in mind that the privileges you will have to grant to such apps. Any useful QR code scanner will need the permission to access your phone’s address book: a QR code may contain contact information in the well known vCard standard (virtually used by all digital address books, even Outlook) or the MeCard format. To create a new or update an existing address book entry the app really needs that address book privilege. (BTW: such QR codes are huge and ugly! See Maren’s post for making a better digital business card.)
Unfortunately, this privilege can also be abused. Any app that you grant the permission to access your phone’s address book can also read your entire address book and upload all of your contacts’ data to an unknown server for potentially malicious purposes. So: Only install that QR code scanner if you trust the ones making it! Generally, open source has a good track record of avoiding such abuses: anyone can have a look inside to see what the app is actually doing. (At least all those who know how to read the code.)
That’s why I recommend that, if you are just looking for a QR code scanner app right now, you stick with Barcode Scanner.
Of course there are others that are just fine and, for completeness sake, here are a few. (You might have one of those installed already for different reasons and, thus, you might already have a QR code reader app without knowing it.)
These are two apps by Sean Owen, a main developer of the Zebra Crossing (ZXing) project. Not surprisingly, they are based on Barcode Scanner and add advanced features handling QR code contents such as price comparisons. If you have a need for that sort of thing you may want to give it a spin.
There is a second version of Barcode Scanner+ that is called Simple. This one has less features. While that may sound like a dumb idea at first, bear with me for a bit so that I can explain why this may be important for you.
Barcode Scanner+ Simple is lacking most functionalities that require security- or privacy-sensitive permissions. For example, while the big version can scan barcodes and QR codes from images on your phone such as fotos from the Gallery, the simple version cannot. Since photos taken with your phone have the date and time as well as the geographical position embedded in them, giving an app access to your photos makes you trackable by that app. If you want to be really sure that does not happen to you, don’t install apps that want to access photos on your device.
Another potentially dangerous feature is configuring WLAN. It seems so practical: you can encode all the information needed to connect to a WLAN into a QR code such as the one shown here, e.g. to make it easy for your guests to go online in your home. But obviously that makes your network password known to the scanner app and, once the device is online, it can upload that to a malicious server. (BTW: for that very reason iOS does not allow apps to configure network settings at all.)
And these are only two examples of features that, while adding convenience, have security and privacy implications. Access to the address book and blindly following links are two more, as mentioned above. And there are many more, maybe even warranting a post on their own.
So ultimately, installing a QR code scanner (or any app for that matter) is a question of trust. If you are concerned about the permissions asked by QR code scanner apps you may want to take a look at Barcode Scanner+ Simple.
Barcoo’s main objective is shopping: you can, e.g., scan product barcodes with it to compare prices. But it also scans QR codes—which is of interest to us here and now. It does so fairly reliably and quickly. It understands what to do with pretty much everything you can put into a QR code.
Just as the iOS version of Barcoo, any link contained in a QR code is opened immediately. So the same caveats apply to the Android version: firstly, the embedded browser view is not a fully-featured browser and some pages may simply break (we don’t even mention the ads you are presented alongside the site you actually wanted to see) and, secondly, the site may be malicious!
This is Google’s by now somewhat aged attempt to make a point-me-at-anything-and-I-will-do-what-you-need app. The basic idea is that you can use it to handle all sorts of visual input and do something useful with it, such as searching (What am I seeing here?), digitising text (a thing called OCR—optical character recogniton) e.g. on business cards, translate text, scanning barcodes and … QR codes.
Since it tries to do so many tings, it is not exactly the fastest contender when it comes to reading a QR code. Nevertheless it does the job. If you have Google Goggles already installed and need QR code scanning only occasionally, just use it.