A Evaluating Security and Privacy Features of Quick Response Code Scanners: A Comparative Study

Abstract

Quick Response (QR) codes have become popular in recent years and are extensively utilized in a variety of sectors due to their large capacity, readability speed, and ease of generation and distribution. Besides a broad range of QR code advantages, it attracts the attention of cyberattackers. QR codes may be exploited to distribute harmful information by inserting malicious URLs into QR codes. The security hardening of QR code scanners is the most effective method for detecting and preventing QR code-based attacks. However, the security features of QR code scanners have received little attention in the literature and market. This paper provides a comprehensive evaluation of QR code scanner applications from a security and privacy perspective. We presented the possible attack scenarios on the QR code scanners and reviewed the security mechanisms provided by the scanners. We evaluate secure QR code scanner applications by phishing and malware QR codes. Also, we focus on the potential threats to the privacy of Android QR code scanner applications and assess the permission that is requested during installation. Finally, we have provided recommendations for designing a secure, usable, and privacy-friendly QR code scanner.