QR Codes become more and more important. In some areas they have even replaced the traditional barcode. A QR Code is able to store up to seven thousand characters and therefore is qualified for more complex content, e.g. vCards. Hence nowadays QR Codes can nowadays be found on nearly every advertisement poster and animate the user to scan it with his smartphone. Thus, it is no longer necessary take a hand written note, it is enough to scan the QR Code. Correspondingly, there are already many QR Code scanner apps available in the Google Play Store. It belongs to the Privacy Friendly Apps group developed by the research group SECUSO at Technische Universität Darmstadt. More information can be found an secuso.org/pfa
Our Privacy Friendly QR Scanner App differs with respect to two aspects:
1. The Privacy Friendly QR Scanner App only requires the minimum amount of permissions, namely:
• In category "Camera/Microphone": Camera
The camera is used to scan QR Code.
• In category "Other": Vibrate and Flashlight
The vibration is used to provide feedback if the scan was successful. The flashlight is used to support the camera in reading the QR Code successfully in bad lighting conditions.
Most of the QR Code scanner apps available in the Google Play Store need several permissions on top of the ones needed: e.g. reading contacts or your call log and retrieving data from the Internet. Most of these requirements are not necessary for the functionality they actually are supposed to provide.
2. The Privacy Friendly QR Scanner App supports its users in detecting malicious links: QR Codes provide new possibilities for an attacker, as QR Codes can contain malicious links, i.e. links to phishing webpages or webpages from which malware would automatically be downloaded. Therefore it is important to carefully check the link before accessing the corresponding webpage. Since it is difficult for the user to spot malicious links, the Privacy friendly QR Scanner App supports the user by highlighting the domain (e.g. in that case for https://www.secuso.org, secuso.org would be highlighted). To avoid not checking the link and in particular the highlighted domain carefully, the app provides information about possible fraud and its users need to confirm that they checked the link and it is trustworthy. Note, the information shown after scanning an URL based QR Code is not customized for every URL. Hence, it should be considered as an advice for the user how to behave in general.
Similar to other available QR Code scanning apps, the Privacy Friendly QR Scanner App supports the following formats:
• text
• product codes
• phone number
• sms
• email address
• email
• contact information (e.g. vCards)
• URL
• WiFi (limited: cannot connect to network automatically)
Bar codes are also supported.
QR码变得越来越重要。在某些地区,他们甚至取代了传统的条形码。 QR码最多可以存储七千个字符,因此可以处理更复杂的内容,例如电子名片。因此,如今,如今几乎可以在几乎所有广告海报上找到QR码,并为用户赋予动画效果,以使其智能手机对其进行扫描。因此,不再需要手写笔记,扫描QR码就足够了。相应地,Google Play商店中已有许多QR码扫描仪应用程序可用。它属于由TechnischeUniversitätDarmstadt的研究组SECUSO开发的Privacy Friendly Apps组。有关更多信息,请访问secuso.org/pfa。
我们的隐私友好QR扫描仪应用在以下两个方面有所不同:
1.隐私友好的QR扫描仪应用仅需要最少的权限,即:
• 在“相机/麦克风”类别中:相机
相机用于扫描QR码。
• 在“其他”类别中:振动和手电筒
如果扫描成功,则使用振动来提供反馈。手电筒用于支持相机在光线不足的情况下成功读取QR码。
Google Play商店中可用的大多数QR Code扫描仪应用程序除了需要的权限外,还需要多个权限:例如阅读联系人或您的通话记录并从Internet检索数据。这些要求中的大多数对于它们实际上应该提供的功能不是必需的。
2.隐私友好的QR扫描仪应用程序支持其用户检测恶意链接:QR码为攻击者提供了新的可能性,因为QR码可能包含恶意链接,即指向网络钓鱼网页或可从中自动下载恶意软件的网页的链接。因此,重要的是在访问相应的网页之前,请仔细检查链接。由于用户很难发现恶意链接,因此隐私友好的QR扫描仪应用程序通过突出显示域来支持用户(例如,对于https://www.secuso.org,将突出显示secuso.org)。为了避免不仔细检查链接,尤其是突出显示的域,该应用程序提供了有关可能欺诈的信息,其用户需要确认他们检查了链接并且该链接是可信任的。注意,扫描基于URL的QR码后显示的信息并非针对每个URL定制。因此,应将其视为一般用户行为的建议。
与其他可用的QR Code扫描应用程序类似,“隐私友好” QR Scanner应用程序支持以下格式:
• 文本
• 产品代码
• 电话号码
•  sms
• 电子邮件地址
• 通过电子邮件发送
• 联系信息(例如vCard)
•  URL
•  WiFi(受限:无法自动连接到网络)
还支持条形码。