People have reviewed and bombed the wrong Barcode Scanner app

This week, it was discovered that a Google Play Pass app with more than 10 million installations turned into malware and distributed annoying popup ads. Google removed this app from the Play Store a long time ago, but due to its generic name – “Barcode Scanner” – the original and legitimate Barcode Scanner app with the same name was caught in the crossfire and received several unjustified 1-star ratings accusing you of being malware.

Left: The malicious application removed. Right: The legitimate app.

Many people who were infected with the malware and identified the malicious Barcode Scanner app as the culprit probably went to the Play Store for a review shortly after uninstallation, but since the malicious scanner app has already been removed, they found only the legitimate Barcode list Scanner and assumed that this was the cause of his problems. They probably didn’t realize that this app is open source and hasn’t been updated since 2019 – both factors make it unlikely that it will suddenly send malware. In fact, this legitimate Barcode Scanner was developed by Googlers and is built on top of Google’s QR Code decoder library, ZXing – hence the name of the developer ZXing Team. The app was even one of the first to be available on the Android Market (now Play Store).

Following our coverage and the Malwarebytes report, the legitimate Barcode Scanner app received far fewer 1-star launches, as it probably became clearer that the ZXing Team app was not to blame. That’s why you see an influx of 5-star ratings defending the app and confirming that it doesn’t distribute malware.

When we tested the XZing Team barcode scanner for ourselves, we found no strange or suspicious behavior, although we noticed how outdated the application is today. It still depends on the old Android permission system and comes with a warning that it was created for an older version of the operating system and may not work correctly. We can only hope that Google restores the ratings for the app, but given that it is still at a comfortable average of 4 stars and is no longer actively maintained, the question is open whether Google is interested in correcting the error.

If you are still looking for a replacement for the malicious barcode scanner, we can only continue to recommend Google Lens, which is integrated with the Google app and pre-installed on all Android phones (the “app” can be downloaded from Play Store is just a shortcut to your launcher).