Wednesday, May 16, 2012

QR Code Privacy Issues and AT&T

Ouch! After saying that I thought AT&T had done a better-than-average job with its QR code scanner app for the iPhone someone pointed out that AT&T's scanner is one of a number of such apps that have privacy issues. The point was made in a comment on the ESET Threat Blog by Roger Smolski who runs this excellent website focused on QR codes.

It seems that, like me, Roger is a fan of technology but keeps a wary eye on potential downsides, like a QR code scanner that does more than the user bargained for. This definitely seems to be the case with the AT&T scanner, which let's AT&T know what you scan. I liked the AT&T scanner for installing with a preview option by default, but now dislike it because of this under-disclosed sharing of data that I consider personal (i.e. what QR codes I choose to scan).

According to Roger, confirmed by his technical code scanner analysis, some QR scanner apps, like NeoReader, are gathering data on your use of the app. The AT&T scanner is an example of this. An example of a decent scanner that does not do this is Bar Code Scanner for Android. I am going to have to look further for an iPhone QR Code scanner app that is independently confirmed as "non-tracking." In the meantime, here are other QR/privacy articles by Roger Smolski:


Oh, and BTW, FYI, it seems QR Code is a registered trademark of Denso Wave Corp. So maybe I will adopt Roger's usage of 2D codes to avoid stepping on anyone's IP toes.