One of the first Android apps – the Barcode Scanner from ZXing Team, an app that predates the first official launch of Android itself – is currently receiving criticized bombardments on the Google Play Store. Hundreds of users are leaving 1-star comments, claiming that a recent update launches unwanted ads, while nearly 200 others have come to the app’s defense with their own 5-star reviews.
It’s not very clear what’s going on here, but the prevailing theory is that the strong 100 million download app is being confused with another with the same name – one that may have been a clone of the ZXing app and one that did add malware in a recent update, according to the digital security company MalwareBytes.
MalwareBytes seems to be aware of the confusion; he updated his post yesterday to make it clear that the bad barcode reader app was this one, which came from a company called Lavabird. Google removed this app from the Play Store, so it wouldn’t be surprising if angry users looked for it and found the wrong one.
:format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/22293183/barcode_scanner_reviews.jpg)
The sudden attention surprised the co-creator of the app, Sean Owen, who said The Verge that he is not concerned about his reputation – simply because of how ridiculous he thinks the allegations are.
“[T]This is such an old and well-known app that I think anyone informed could guess that this app can’t be: it’s open source to begin with. It hasn’t been updated in years. And there is simply no reason, making an application for 13 years just to insert malware at the end is an implausibly long game, ”he says. The Google Play Store shows that the app was last updated in February 2019.
But he also doesn’t rule out the possibility that his code is being manipulated in some way, perhaps hijacking the intent system that Android uses to allow one application to pass tasks on to another. “Many people claim that this app is ‘definitely’ in a way I haven’t seen it before – and I’ve read thousands of comments over the years – so who knows?”
Owen says he and co-author Daniel Switken now regret their decision to make the app open source at that time because of all the times it has been cloned by companies trying to make money fast by adding ads or skins. “For a while, we looked for some of the biggest OSS license / trademark issues, but that was less than 10 out of the 100 that I saw many years ago,” says Owen.
This is not the first time that his app has been mistaken for a bad clone, he says. “At some point, a research article claimed that this app was linking personal information to a third party website, and that caused another wave [of bad reviews], but, of course, the authors found that they had mixed two similar apps. “
I downloaded the OG Barcode Scanner app again today for the first time in many years. When I launched it, the app warned me that “it was built for an older version of Android and may not work properly”, and I found that it only works in landscape orientation. But I didn’t see any ads, I certainly read barcodes quickly and I still haven’t seen any pop-up or browser hijacking.
:format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/22293137/barcode_scanner.jpg)
At the moment, the ZXing Team Barcode Scanner app has a solid 4.0 star rating, with almost 640,000 reviews. Google did not respond to requests for comment on how it would handle negative ratings.