Security firm MalwareBytes (via AndroidPolice) released a report about an app in the Google Play Store that delivers adware. The app, named Barcode Scanner, is one of many that when installed, allows your phone to scan barcodes and read them. With over 10 million installations, there seemed to be no issue with the app for years and it was part of the Google Play Pass program; this program allows Android users to pay $4.99 monthly or $29.99 annually to install an unlimited number of apps without paying any additional fee for them. The subscriber and up to five family members could use the service at the same time.
The report notes that starting with an update disseminated in December, the app began pushing out ads for a Cleaner for Android phones that allegedly removes junk files and improves battery life. While the listing for the offending app has been removed from the Google Play Store, if you had previously installed the app on your phone, it could still be on your handset. Before Google took the app down from the Play Store, the developer connected to it was LAVABIRD LTD. which still offers other apps for Android users in the Play Store.
The Play Store link to the app was https://play.google.com/store/apps/details?id=com.qrcodescanner.barcodescanner and a copy of the listing can be found on archive.com. MalwareBytes says that the app opens the user’s default web browser without any interaction from the user so that ads continue to show up repeatedly. If you need to have a barcode scanner on your Android device, there are many legitimate ones you can find. You might also want to consider using Google Lens which will read barcodes and QR codes on Android and iOS.
You might just want to delete all barcode and QR code scanners from your Android phone and stick to using Google Lens. On the other hand, if you’d rather use an app but want to make sure that you didn’t install this malware, you can install the AppChecker app searching for “barcode scanner.” If you see a package with the name “com.qrcodescanner.barcodescanner,” delete it immediately.
While we never got a chance to see the comments from users of the malware, you might recall that we always tell you that you can usually find some red flags when looking at this section of an app’s listing. So do your due diligence before installing an app from a developer that you’ve never heard of. Google Play Protect is supposed to run a safety check on apps from the Play Store before you install them. However, this system has not been perfected considering the number of infected apps that make it onto Android handsets.