Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.mobile.android > #149450 > unrolled thread

Recognising (or not) QR codes

Back to article view | Back to comp.mobile.android

Contents

  Recognising (or not) QR codes Chris Green <cl@isbd.net> - 2025-07-01 15:15 +0100
    Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-01 15:39 +0100
      Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-01 14:57 +0000
        Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-01 16:12 +0100
          Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-01 15:25 +0000
          Re: Recognising (or not) QR codes Theo <theom+news@chiark.greenend.org.uk> - 2025-07-01 18:07 +0100
    Re: Recognising (or not) QR codes VanguardLH <V@nguard.LH> - 2025-07-01 11:24 -0500
    Re: Recognising (or not) QR codes Arno Welzel <usenet@arnowelzel.de> - 2025-07-01 20:20 +0200
      Re: Recognising (or not) QR codes Chris Green <cl@isbd.net> - 2025-07-01 19:55 +0100
        Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-01 21:15 +0200
        Re: Recognising (or not) QR codes VanguardLH <V@nguard.LH> - 2025-07-01 20:03 -0500
          Re: Recognising (or not) QR codes Chris Green <cl@isbd.net> - 2025-07-02 07:09 +0100
            Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-02 08:48 +0200
              Re: Recognising (or not) QR codes Chris Green <cl@isbd.net> - 2025-07-02 08:07 +0100
                Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-02 09:00 +0100
                  Re: Recognising (or not) QR codes Yusuf Khan <yusuf.khan.nospam@ptcl.net.pk> - 2025-07-02 22:03 +0500
                    Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-02 18:41 +0100
                Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-02 10:05 +0200
                Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-02 12:38 +0200
                  Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-02 17:00 +0200
                  Re: Recognising (or not) QR codes Frank Slootweg <this@ddress.is.invalid> - 2025-07-02 15:31 +0000
                  Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-03 15:54 +0200
            Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-02 08:11 +0100
              Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-02 17:08 +0000
              Re: Recognising (or not) QR codes Arno Welzel <usenet@arnowelzel.de> - 2025-07-03 17:24 +0200
            Re: Recognising (or not) QR codes VanguardLH <V@nguard.LH> - 2025-07-02 08:24 -0500
              Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-02 17:02 +0200
                Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-02 18:40 +0100
                Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-02 20:11 +0200
                  Re: Recognising (or not) QR codes Frank Slootweg <this@ddress.is.invalid> - 2025-07-03 13:41 +0000
                    Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-03 20:13 +0200
                      Re: Recognising (or not) QR codes Frank Slootweg <this@ddress.is.invalid> - 2025-07-03 19:31 +0000
                        Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-03 22:35 +0200
                        Re: Recognising (or not) QR codes Arno Welzel <usenet@arnowelzel.de> - 2025-07-06 12:50 +0200
                Re: Recognising (or not) QR codes Allodoxaphobia <trepidation@example.net> - 2025-07-03 12:19 +0000
                  Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-03 17:22 +0200
                    Re: Recognising (or not) QR codes Arno Welzel <usenet@arnowelzel.de> - 2025-07-03 17:26 +0200
                      Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-03 18:17 +0200
                        Re: Recognising (or not) QR codes Arno Welzel <usenet@arnowelzel.de> - 2025-07-06 12:52 +0200
                    Re: Recognising (or not) QR codes Frank Slootweg <this@ddress.is.invalid> - 2025-07-03 19:28 +0000
                      Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-04 17:20 +0000
                        Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-04 19:47 +0100
                          Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-04 23:59 +0000
                        Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-04 18:51 +0000
                        Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-05 20:10 +0200
                        Re: Recognising (or not) QR codes Arno Welzel <usenet@arnowelzel.de> - 2025-07-06 12:55 +0200
              Re: Recognising (or not) QR codes Frank Slootweg <this@ddress.is.invalid> - 2025-07-02 15:44 +0000
                Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-02 17:16 +0000
                Re: Recognising (or not) QR codes VanguardLH <V@nguard.LH> - 2025-07-02 22:18 -0500
                  Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-03 11:24 +0200
                  Re: Recognising (or not) QR codes Frank Slootweg <this@ddress.is.invalid> - 2025-07-03 19:08 +0000
          Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-02 08:05 +0100
            Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-02 10:29 +0200
            Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-02 12:43 +0200
              Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-02 11:53 +0100
                Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-02 17:49 +0000
            Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-02 17:32 +0000
              Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-03 00:34 +0100
        Re: Recognising (or not) QR codes Arno Welzel <usenet@arnowelzel.de> - 2025-07-03 17:22 +0200

Page 2 of 3 — ← Prev page 1 [2] 3  Next page →

#149520

Carlos E.R. <robin_listas@es.invalid> wrote:
> On 2025-07-02 09:07, Chris Green wrote:
> > Jörg Lorenz <hugybear@gmx.net> wrote:
> >> On 02.07.25 08:09, Chris Green wrote:
> >>> However my comment still stands about places that say "just scan the
> >>> QR code" without pointing out that you might have to install a program
> >>> for this to work.
> >>
> >> 99.9% of the smartphones do exactly that out of the box without the need
> >> to install additional software.
> >>
> > Not 99.9% of the ones in our household they don't! :-)  Ok, mine is
> > not a mainstream one (but bought because it reputedly has very close
> > to 'standard' Android apps), but the other is a Moto which is pretty
> > 'ordinary'.
> 
> My Motos do recognize dot codes in the supplied camera app. Maybe yours 
> is too old.

  Indeed. Chris' Umidigi Bison phone is Android 11 and perhaps the Moto
is similarly 'old'.

  My Samsung Glaxy A51 came with Android 10 and I'm quite sure it's
(Samsung's) Camera app did not support QR code scanning at the time.
Later - it was upgraded to Android 11, 12 and 13 - it did support QR
code scanning. So possible Chris' phones had a similar (non-)feature
history.

[toc] | [prev] | [next] | [standalone]

#149563

On 02.07.25 12:38, Carlos E.R. wrote:
> On 2025-07-02 09:07, Chris Green wrote:
>> Jörg Lorenz <hugybear@gmx.net> wrote:
>>> On 02.07.25 08:09, Chris Green wrote:
>>>> However my comment still stands about places that say "just scan the
>>>> QR code" without pointing out that you might have to install a program
>>>> for this to work.
>>>
>>> 99.9% of the smartphones do exactly that out of the box without the need
>>> to install additional software.
>>>
>> Not 99.9% of the ones in our household they don't! :-)  Ok, mine is
>> not a mainstream one (but bought because it reputedly has very close
>> to 'standard' Android apps), but the other is a Moto which is pretty
>> 'ordinary'.
> 
> My Motos do recognize dot codes in the supplied camera app. Maybe yours
> is too old.

Buy a new one.

QR codes were invented in 1994 by the Japanese company Denso Wave, a 
subsidiary of Toyota. The QR code system was developed to track vehicles 
during the manufacturing process and to scan components at high speeds. 
The invention was led by Masahiro Hara from the Denso Wave company.

As of my last update in November 2024, many Motorola smartphones come 
with built-in support for QR code recognition through their camera apps. 
This feature is typically available out of the box, allowing users to 
scan QR codes without needing to download additional apps.

However, the availability of this feature can depend on the specific 
model and the version of the operating system it is running. If you have 
a specific Motorola model in mind, I can look up more detailed 
information about its capabilities.

With a little help from Mistral AI.


-- 
"Roma locuta, causa finita" (Augustinus)

[toc] | [prev] | [next] | [standalone]

#149497

Chris Green wrote:

> OP here. Yes, I've installed Google Lens (easiest option) and now I
> can scan QR codes.

Years ago I used to install ZXing for various types of barcodes (I think 
it started as a Google employee's 20% side-project) the technology from 
that is now in GoogleLens, and GoogleCamera makes use of GoogleLens

Plus ça change ...

[toc] | [prev] | [next] | [standalone]

#149523

On Wed, 2 Jul 2025 08:11:11 +0100, Andy Burns wrote :


>> OP here. Yes, I've installed Google Lens (easiest option) and now I
>> can scan QR codes.
> 
> Years ago I used to install ZXing for various types of barcodes (I think 
> it started as a Google employee's 20% side-project) the technology from 
> that is now in GoogleLens, and GoogleCamera makes use of GoogleLens

So as to always add value to every topic, long ago I wrote a barcode
tutorial which covered more than just scanning them (e.g., it covered
identifying the type & generating valid ones).

Looking up in my logs, for others to benefit from, as always, here are some
of the hits that remained on my device after the initial tests completed.

 --- note this is an unedited paste of an old worklog ---

For the topic of barcodes, this barcode scanner supports a lot of formats.
https://play.google.com/store/apps/details?id=com.manateeworks.barcodescanners

This barcode scanner will output the identity of an unknown barcode format.
https://play.google.com/store/apps/details?id=com.srowen.bs.android

This will faithfully generate a barcode of many standard formats for you.
https://play.google.com/store/apps/details?id=com.blogspot.aeioulabs.barcode

Barcode Scanner+ (Plus) by Sean Owen (of ZXing Team)
3.9 star 3.16K reviews 1M+ Downloads
https://play.google.com/store/apps/details?id=com.srowen.bs.android
https://github.com/srowen/zxing-bsplus
https://github.com/srowen/zxing-bsplus/releases/tag/BS%2B-1.12.3

Barcode Scanner Cognex Corporation 4.6 star 11.7K reviews 1M+ Downloads
https://play.google.com/store/apps/details?id=com.manateeworks.barcodescanners

Barcode Generator Aeiou 4.5 star 19.2K reviews 1M+ Downloads
https://play.google.com/store/apps/details?id=com.blogspot.aeioulabs.barcode

QR Code Scanner - Scan Barcode Tap Shapes Co., Ltd 5.0 star 48 reviews 10K+
Downloads
https://play.google.com/store/apps/details?id=barcodescanner.qrscanner

QR & Barcode Reader QR SCAN Team 4.7 star 29.5K reviews 5M+ Downloads
https://play.google.com/store/apps/details?id=com.scanteam.qrcodereader
QR Code Reader <krow.dev.qrcode>
QR Code Scanner <com.scanteam.qrcodereader>
QR Code Scanner - Scan Barcode <barcodecanner.qrscanner>
QR Scanner <com.secuso.privacyFriendlyCodeScanner>

[toc] | [prev] | [next] | [standalone]

#149566

Andy Burns, 2025-07-02 09:11:

> Chris Green wrote:
> 
>> OP here. Yes, I've installed Google Lens (easiest option) and now I
>> can scan QR codes.
> 
> Years ago I used to install ZXing for various types of barcodes (I think 
> it started as a Google employee's 20% side-project) the technology from 
> that is now in GoogleLens, and GoogleCamera makes use of GoogleLens

ZXing still exists as a library and is used in apps like Binary Eye.


-- 
Arno Welzel
https://arnowelzel.de

[toc] | [prev] | [next] | [standalone]

#149514

Chris Green <cl@isbd.net> wrote:

> OP here. Yes, I've installed Google Lens (easiest option) and now I
> can scan QR codes.

I have an 8-year old old Android 8.0.0 phone that has the Google search
bar as a widget on the home screen.  At some point, it got updated to
add a camera icon.  I tap on that icon, and use it to take a snapshot of
something.  I've used it to identify plants.  It can also read QR codes.

My concern is a QR code can contain a URL.  Those are sometimes used to
prevent typos by users to define a URL to a web site, or, I suppose, to
add convenience of not having to enter a string into an address bar of a
web browser.  In any case, the QR scanner could just open a web browser
to the URL without prompting the user to tell them to where the QR code
points.  You could end up going somewhere you don't want to go, or
somewhere malicious.  QR codes can be produced by anyone, and I've seen
them online, too.  

I use a QR scanner app that shows the content of the QR code BEFORE ever
going anywhere; i.e., you get told what is the content, and if a URL
then you see it before you choose to use it.  Since the app focuses on
scanning QR codes instead of taking pictures of anything and then trying
to identify what's in the pic, it auto-focuses on a QR image.  I just
tried it: load the QR scanner, point the camera at something with a QR
code image, and the app detects where is the image, locks in on it, and
captures it.  Then it shows the content.  Makes it easier to get the
phone at the right distance for its camera to get the image in focus,
and then takes a pic without me having to move the phone a bit while my
fingers manage to tap a button to take a pic.  Auto-locking onto the QR
image also lets me know it found one rather than taking a pic and hoping
the QR image was fully within view and right-distanced to be in focus.

While Google Lens got embedded into the Google search bar widget, so
that is also usable for scanning QR codes, and taking pics of other
stuff to identify, a dedicated QR scan app might be more convenient, and
perhaps safer.

Alas, with Kaspersky discontinuing their QR scanner app back in 2022,
it's not on the Google Play Store site anymore.  If I lost it, like
uninstall to find it was no longer available to reinstall, or for a new
phone setup, I'd have to find another QR scan app that first shows me
the content of a QR code rather than conveniencing me by automatically
loading a URL into a web browser to go their without asking first for
permission to go there.  

Trend Micro has one at the Play Store.  It will pause to show the URL
(if that is what the QR image contains), and prompt if you want to go
there.  It also indicates if the target site is evil, but I suspect it's
just using Google's SafeBrowsing API to check reputation.

I didn't have any handy QR coded stuff around my home to check if any
contained URLs.  Mostly they were text strings used to identify the
product, like a QR image in the product label on some tools.  As such, I
didn't bother to test if Trend's QR scanner was better or worse than the
defunct QR scan app by Kaspersky, or if Google Lens (embedded into the
Google search bar widget) is safe for QR codes containing URLs (i.e., ig
Google Lens "shows before go").

Never assume a QR code is safe.

> However my comment still stands about places that say "just scan the
> QR code" without pointing out that you might have to install a program
> for this to work.

When you told someone you drove to work, do you bother to describe to
them what type of vehicle you drove, or its brand and model?  That info
is not germaine to the topic of you driving to work unless the topic
involves describing the vehicle rather than you drive instead of walk,
bicycle, motorcycle, or bus to work.  The instructions probably also
don't mention you have to turn on your phone.  Can't possibly describe
everything without easily losing your audience, or have a pearl of
wisdom lost in a sea of bivalves.

[toc] | [prev] | [next] | [standalone]

#149519

On 02.07.25 15:24, VanguardLH wrote:
> My concern is a QR code can contain a URL.

That is their purpose.

-- 
"Roma locuta, causa finita." (Augustinus)

[toc] | [prev] | [next] | [standalone]

#149527

On 02/07/2025 16:02, Jörg Lorenz wrote:
> On 02.07.25 15:24, VanguardLH wrote:
>> My concern is a QR code can contain a URL.
> 
> That is their purpose.
Well, it's *a* purpose.

[toc] | [prev] | [next] | [standalone]

#149532

On 2025-07-02 17:02, Jörg Lorenz wrote:
> On 02.07.25 15:24, VanguardLH wrote:
>> My concern is a QR code can contain a URL.
> 
> That is their purpose.
> 

Nope. Their purpose is to contain an string. The string can be anything, 
even an URL. :-)

For instance, I had somewhere a QR code with the identifier and password 
of my wifi.

-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]

#149562

Carlos E.R. <robin_listas@es.invalid> wrote:
> On 2025-07-02 17:02, Jörg Lorenz wrote:
> > On 02.07.25 15:24, VanguardLH wrote:
> >> My concern is a QR code can contain a URL.
> > 
> > That is their purpose.
> > 
> 
> Nope. Their purpose is to contain an string. The string can be anything, 
> even an URL. :-)
> 
> For instance, I had somewhere a QR code with the identifier and password 
> of my wifi.

  And I use them to login to my bank accounts, governmental websites,
medical/hospital websites, etc., etc.. No URLs involved, because my
browser is already connected to the websites in question.

  So QR codes are multi-purpose, *some* are dangerous, but others
*enhance* security/safety/privacy/<whatever>! :-)

[toc] | [prev] | [next] | [standalone]

#149579

On 2025-07-03 15:41, Frank Slootweg wrote:
> Carlos E.R. <robin_listas@es.invalid> wrote:
>> On 2025-07-02 17:02, Jörg Lorenz wrote:
>>> On 02.07.25 15:24, VanguardLH wrote:
>>>> My concern is a QR code can contain a URL.
>>>
>>> That is their purpose.
>>>
>>
>> Nope. Their purpose is to contain an string. The string can be anything,
>> even an URL. :-)
>>
>> For instance, I had somewhere a QR code with the identifier and password
>> of my wifi.
> 
>    And I use them to login to my bank accounts, governmental websites,
> medical/hospital websites, etc., etc.. No URLs involved, because my
> browser is already connected to the websites in question.
> 
>    So QR codes are multi-purpose, *some* are dangerous, but others
> *enhance* security/safety/privacy/<whatever>! :-)

And AFAIK, the danger is only when opening an URL without pausing.

-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]

#149583

Carlos E.R. <robin_listas@es.invalid> wrote:
> On 2025-07-03 15:41, Frank Slootweg wrote:
> > Carlos E.R. <robin_listas@es.invalid> wrote:
> >> On 2025-07-02 17:02, Jörg Lorenz wrote:
> >>> On 02.07.25 15:24, VanguardLH wrote:
> >>>> My concern is a QR code can contain a URL.
> >>>
> >>> That is their purpose.
> >>>
> >>
> >> Nope. Their purpose is to contain an string. The string can be anything,
> >> even an URL. :-)
> >>
> >> For instance, I had somewhere a QR code with the identifier and password
> >> of my wifi.
> > 
> >    And I use them to login to my bank accounts, governmental websites,
> > medical/hospital websites, etc., etc.. No URLs involved, because my
> > browser is already connected to the websites in question.
> > 
> >    So QR codes are multi-purpose, *some* are dangerous, but others
> > *enhance* security/safety/privacy/<whatever>! :-)
> 
> And AFAIK, the danger is only when opening an URL without pausing.

  Indeed. VanguardLH sort of implied that there are QR scanning apps (or
QR scanning parts of camera, etc. apps), which directly open the URL
without pausing, but didn't give details, so for the moment that's FUD.

[toc] | [prev] | [next] | [standalone]

#149586

On 2025-07-03 21:31, Frank Slootweg wrote:
> Carlos E.R. <robin_listas@es.invalid> wrote:
>> On 2025-07-03 15:41, Frank Slootweg wrote:
>>> Carlos E.R. <robin_listas@es.invalid> wrote:
>>>> On 2025-07-02 17:02, Jörg Lorenz wrote:
>>>>> On 02.07.25 15:24, VanguardLH wrote:
>>>>>> My concern is a QR code can contain a URL.
>>>>>
>>>>> That is their purpose.
>>>>>
>>>>
>>>> Nope. Their purpose is to contain an string. The string can be anything,
>>>> even an URL. :-)
>>>>
>>>> For instance, I had somewhere a QR code with the identifier and password
>>>> of my wifi.
>>>
>>>     And I use them to login to my bank accounts, governmental websites,
>>> medical/hospital websites, etc., etc.. No URLs involved, because my
>>> browser is already connected to the websites in question.
>>>
>>>     So QR codes are multi-purpose, *some* are dangerous, but others
>>> *enhance* security/safety/privacy/<whatever>! :-)
>>
>> And AFAIK, the danger is only when opening an URL without pausing.
> 
>    Indeed. VanguardLH sort of implied that there are QR scanning apps (or
> QR scanning parts of camera, etc. apps), which directly open the URL
> without pausing, but didn't give details, so for the moment that's FUD.

Nono, I have heard/read before comments about dangerous QR even from the 
police. It is true, they exist. And the only reason I can think of, is 
applications that open them without pause to review. But the people that 
say they are dangerous do not explain.

I asked chatgpt, it confirms my suspicions and expands some:


+++··················
Q: Why do some people say that QR codes are dangerous? I can only think 
of apps opening web sites directly from the QR without pause to check them.

A:
Great question — you're absolutely right that **automatic URL opening** 
is one of the main reasons people consider QR codes potentially 
"dangerous." But let’s break it down a bit more, because QR codes 
themselves are **not inherently dangerous**, but the **way they’re 
handled** by devices and apps can be.

---

### 🔍 Why QR Codes *Can* Be Dangerous:

1. **They hide what you're scanning.**

    * A QR code is a block of data (usually a URL) that **you can’t 
visually inspect**, unlike a regular link.
    * A malicious QR code might link to:

      * A **phishing site**
      * A **malware download**
      * A **Wi-Fi access point** with a spoofed name
      * A **malicious app** in an app store

2. **Automatic actions with no prompt.**

    * Some QR reader apps or phone cameras will **automatically open the 
URL** or **take action without confirmation**, which makes phishing or 
drive-by downloads easier.
    * If the device is poorly secured, this might lead to exploitation.

3. **QR codes can encode more than URLs.**

    * They can contain:

      * Email addresses or pre-filled SMS messages
      * vCards (contacts)
      * Wi-Fi credentials
      * App store URIs
      * Payment requests
    * If apps auto-process those actions, you could **accidentally 
connect to a rogue Wi-Fi**, send a message, or add a fake contact.

4. **Social engineering factor.**

    * Fake QR code stickers can be placed over real ones (e.g., 
restaurant menus, parking meters, or payment terminals).
    * Users trust the context and scan without thinking.

---

### 🔒 How to Stay Safe:

* **Always preview the URL** — most modern phones do show a URL before 
opening it.
* **Don’t use sketchy QR reader apps** — stick to the built-in camera 
app or trusted apps.
* **Be wary of QR codes in public spaces** — especially for payments or 
login.
* **Watch for shortened URLs** — they can obscure the final destination.
* **Disable auto-connect to unknown Wi-Fi networks.**

---

### ✅ Bottom line:

You’re absolutely right — the main risk is when apps **automatically 
open a URL** or perform an action **without giving you a chance to 
review** it. That’s the key security concern.

QR codes themselves are just dumb data, but **how apps and humans handle 
them** can create real-world risks.
··················++-

-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]

#149640

Frank Slootweg, 2025-07-03 21:31:

> Carlos E.R. <robin_listas@es.invalid> wrote:
>> On 2025-07-03 15:41, Frank Slootweg wrote:
[...]
>>>    So QR codes are multi-purpose, *some* are dangerous, but others
>>> *enhance* security/safety/privacy/<whatever>! :-)
>>
>> And AFAIK, the danger is only when opening an URL without pausing.
> 
>   Indeed. VanguardLH sort of implied that there are QR scanning apps (or
> QR scanning parts of camera, etc. apps), which directly open the URL
> without pausing, but didn't give details, so for the moment that's FUD.

An URL itself is never "dangerous" - because if you assume that, that
*all* links in the web are dangerous as well, if you do not check, where
the link will bring you, before clicking it.

In fact the danger comes from trusting an URL to be a known website,
where you usually enter your account details to get access to your
e-mail account, bank account or similar. That's one of the reasons why
you should never open the website for online banking using a provided
third party QR code since you can never know, if the URL is trustworthy.
And since we have unicode nowadays and IDN domains, it may be possible
to substitude single letters by very similar looking unicode symbols, so
the URL still looks legit, even though it brings you to a fake phishing
website.

So the better approach is to enter the URL of your bank account or
webmail always manually or use a bookmark for that which you have
created on your own before. The problem of phishing on the other hand is
at least partly mitigated by using 2FA, TOTP (time-based one-time
password) or Passkey - in this case the username and password and not
enough, since you still need the second factor, the TOTP or the browser
needs to provide a valid key for the Passkey authentication. And Passkey
won't work at all on fake websites since the authentication with Passkey
is only registered for the original website and won't work on a fake
website with a different domain.


-- 
Arno Welzel
https://arnowelzel.de

[toc] | [prev] | [next] | [standalone]

#149559

On Wed, 2 Jul 2025 17:02:20 +0200, Jörg Lorenz wrote:
> On 02.07.25 15:24, VanguardLH wrote:
>> My concern is a QR code can contain a URL.
>
> That is their purpose.

And scammers/crackers/evil-doers see an opportunity.

[toc] | [prev] | [next] | [standalone]

#149565

On 03.07.25 14:19, Allodoxaphobia wrote:
> On Wed, 2 Jul 2025 17:02:20 +0200, Jörg Lorenz wrote:
>> On 02.07.25 15:24, VanguardLH wrote:
>>> My concern is a QR code can contain a URL.
>>
>> That is their purpose.
> 
> And scammers/crackers/evil-doers see an opportunity.

QR-Codes in public places are very insecure. And in addition QR-codes 
should never be used for financial transactions or other security 
sensitive activities.

-- 
"Roma locuta, causa finita." (Augustinus)

[toc] | [prev] | [next] | [standalone]

#149567

Jörg Lorenz, 2025-07-03 17:22:

> On 03.07.25 14:19, Allodoxaphobia wrote:
>> On Wed, 2 Jul 2025 17:02:20 +0200, Jörg Lorenz wrote:
>>> On 02.07.25 15:24, VanguardLH wrote:
>>>> My concern is a QR code can contain a URL.
>>>
>>> That is their purpose.
>>
>> And scammers/crackers/evil-doers see an opportunity.
> 
> QR-Codes in public places are very insecure. And in addition QR-codes 
> should never be used for financial transactions or other security 
> sensitive activities.

Not the QR-Codes themself are insecure - its the websites they link to.
Therefore you should always carefully check the URL of the QR-Code
before opening it.

Otherwise you should also say, that links on websites are very insecure
as well and should also not just be opened without checking the URL first.


-- 
Arno Welzel
https://arnowelzel.de

[toc] | [prev] | [next] | [standalone]

#149575

On 03.07.25 17:26, Arno Welzel wrote:
> Jörg Lorenz, 2025-07-03 17:22:
> 
>> On 03.07.25 14:19, Allodoxaphobia wrote:
>>> On Wed, 2 Jul 2025 17:02:20 +0200, Jörg Lorenz wrote:
>>>> On 02.07.25 15:24, VanguardLH wrote:
>>>>> My concern is a QR code can contain a URL.
>>>>
>>>> That is their purpose.
>>>
>>> And scammers/crackers/evil-doers see an opportunity.
>>
>> QR-Codes in public places are very insecure. And in addition QR-codes
>> should never be used for financial transactions or other security
>> sensitive activities.
> 
> Not the QR-Codes themself are insecure - its the websites they link to.

The code is very often faked to divert to such a (insecure) site.
Popular where payment processes are involved like EV-chargers for instance.


-- 
"Roma locuta, causa finita." (Augustinus)

[toc] | [prev] | [next] | [standalone]

#149641

Jörg Lorenz, 2025-07-03 18:17:

> On 03.07.25 17:26, Arno Welzel wrote:
>> Jörg Lorenz, 2025-07-03 17:22:
>>
>>> On 03.07.25 14:19, Allodoxaphobia wrote:
>>>> On Wed, 2 Jul 2025 17:02:20 +0200, Jörg Lorenz wrote:
>>>>> On 02.07.25 15:24, VanguardLH wrote:
>>>>>> My concern is a QR code can contain a URL.
>>>>>
>>>>> That is their purpose.
>>>>
>>>> And scammers/crackers/evil-doers see an opportunity.
>>>
>>> QR-Codes in public places are very insecure. And in addition QR-codes
>>> should never be used for financial transactions or other security
>>> sensitive activities.
>>
>> Not the QR-Codes themself are insecure - its the websites they link to.
> 
> The code is very often faked to divert to such a (insecure) site.
> Popular where payment processes are involved like EV-chargers for instance.

Yes, but then the danger is still that people trust websites they open
by using the QR code and not the QR code itself.

By calling QR codes "dangerous" you give the wrong impression, that just
scanning a QR code and checking, what website it links to, is dangerous.
And this is of course not the case. Just don't trust any websites which
get opened using a QR code scan - only view them and do never enter any
personal data there.


-- 
Arno Welzel
https://arnowelzel.de

[toc] | [prev] | [next] | [standalone]

#149581

Jörg Lorenz <hugybear@gmx.net> wrote:
> On 03.07.25 14:19, Allodoxaphobia wrote:
> > On Wed, 2 Jul 2025 17:02:20 +0200, Jörg Lorenz wrote:
> >> On 02.07.25 15:24, VanguardLH wrote:
> >>> My concern is a QR code can contain a URL.
> >>
> >> That is their purpose.
> > 
> > And scammers/crackers/evil-doers see an opportunity.
> 
> QR-Codes in public places are very insecure. And in addition QR-codes 
> should never be used for financial transactions or other security 
> sensitive activities.

  <BARF!>

  (As I wrote,) Our banks, government, medical institutions, etc., etc.
exactly *do* use QR codes "for financial transactions or other security
sensitive activities", like login, transaction approval, etc., etc..

  That QR codes can be use in dangerous ways, does not mean they can
only be used that way.

[toc] | [prev] | [next] | [standalone]

Page 2 of 3 — ← Prev page 1 [2] 3  Next page →

Back to top | Article view | comp.mobile.android

csiph-web