Yeah, I agree. The process is not so easy and this can cause barriers to entry.
And that's why 5 years ago I've published my first libraries on JCenter. Back then I was still at the university, never worked yet in the field and JCenter seemed to me the least painful path.
QR Reader are load of everything. I went mad to find one a decent one for my parents’ android phone and apparently it doesn’t exists. So in a weekend I’ve created one without any kind of tracking, ads, permission, whatever. Here it is if you guys need one ->
But this is the classic cycle don't you see? They almost always start as "here is an app I threw together, no ads, don't be evil".
But then a lot of people like your app, and ask for a small extra feature. You support it, and then get a bit annoyed by all the features people are asking for. Then you have to update it for the latest release... then suddenly fix it when some obscure version of Android breaks on it.
Then someone offers you £60k for a small ad no-one will even see and you think.. don't you deserve a bit of credit?
Maybe you'll be the good one who doesn't take it, but the free model is generally unsustainable.
That’s why you should try to use apps from reputable developers, who’ve already had countless such offers and refused them all.
The usual "400$/month per 1k users" stuff, just integrate an ad network is common, but sometimes as dev you even get offers like "we hire you, with a contract, you can’t be fired, legally you’re a consultant to us for 2 years, at a few hours per week officially, for a silicon valley wage, unofficially you just don’t do anything and collect but we get full control over your apps".
Personally I’ve had quite a few such offers, and I’ve rejected them in the past and will also reject them in the future
It doesn't exist? What were your feature requirements?
You wrote a wrapper around ZXing, which already has an official app as well as simple variations of that app from the ZXing team. That app is open source and ad-free.
There are already many similar wrappers around ZXing on the Play Store.
So what does your app do (or not) that makes it special?
But fallout from the bad app, or possibly deliberate actions by the malware maker have caused hundreds of bad reviews. It might be that removing the malware app from the store means people search for Barcode Scanner, find ZXing instead of the bad one, then post their bad review there. Or maybe the bad app is deliberately telling people "Click here to review the app", and pointing to the wrong app.
I'd like to see a proper investigation by someone at Google Play. The original Barcode scanner is not needed for QR codes any more - almost any camera app will recognise those, as will Google's lens application, but it is still useful for scanning other barcode formats and for generating barcodes by sharing data with it from other apps, without needing to upload to a server or anything.
QR Reader are load of everything. I went mad to find one a decent one for my parents’ android phone and apparently it doesn’t exists. So in a weekend I’ve created one without any kind of tracking, ads, permission, whatever. Here it is if you guys need one -> https://play.google.com/store/apps/details?id=com.prof18.sec...
Same here. Generally when looking for good quality Android apps, F-Droid should come first. I think about 95% of the apps I use on my phone are covered with F-Droid. Only banking apps and public transit apps are from the Play Store.
This is the best heuristic to apply not just for QR code scanning, but for pretty much everything. To avoid malware, avoid the Play Store.
When using f-droid, also check out the project web site and git repo (at least in a cursory way, even if you can't fully audit the code, you can get a sense of who the developer is and the project's overall health from the commit log and issue tracker).
It's not truly safer. It's just smaller, and only has open-source apps. So it's harder to hide malware, but still certainly possible (nobody checks most apps).
The issue is the "finely curated" statement. It's not a full code review, just "Wherever possible, applications in the repository are built from source, and that source code is checked for potential security or privacy issues. This checking is far from exhaustive though, and there are no guarantees."[1] After an app is added to F-Droid it gets built from source by the F-Droid build servers, but it does not generally get re-reviewed. It's perfectly possible to add the malware after the initial release. It's also possible (even easy) for malware to be missed by the limited code review. F-Droid is a little safer, but that doesn't mean it's particularly safe. It's no harder to get malware on F-droid than it is to get it into Arch or Debian or any other distro repository.
I believe these bad reviews might be a result of the malware app pushing bad reviews to the zxing app page on google play, using an in app 'rate this app?' -> low rating -> send to the zxing app in Google Play (instead of the malware app in google play).
As noted above, I believe this to be the case. I had the other app and started receiving full page ads for it. Totally different developer, but same app name. I am no longer able to find that app in the play store.
I've installed from Google Play, and never seen any ads. It has contacts permission, but that's because sharing contacts with a QR code is something I use it for frequently (it can generate codes as well as scan them).
I feel like this is a good example of how difficult it is to find a good barcode scanner. It mentions permissions for contacts and full network access. I would have thought that those two permissions should not be necessary for a barcode scanner and point toward something dodgy going on.
It's actually not that difficult. F-Droid has a few offline scanners. It depends of course on how much of your experience you want automated. Though it would be nice if Android let you control the more granular permissions like network access.
Error correction is inherent in processing the QR code itself. That is, QR codes are generated with varying levels of redundancy, and any reader must be able to interpret the Reed-Solomon code.
What's interesting, is that despite the app not being updated since 2018, open source, and containing no ads or tracking the reviews are saying it recently became adware.
Searching for barcode scanner in the app store brings you to a horrible sea of ad supported crap ware, and it seems like that crap ware wants to ensure you don't download something that might be decent.
I scraped the latest 1000 reviews (coincidentally almost exactly 12 months worth).
The "adware" reviews are all very recent with large amounts of votes.
They seem to start on December 18, with 162 1-star reviews in the following 25 days -- more than all the 1-star reviews in the 6 months prior.
I wouldn't be surprised if these reviews are not only automated spam, but are constantly being deleted and reposted to keep them "fresh", and at the top of the "relevant reviews".
The malware app was also called "barcode scanner", published by "the space team", so it wouldn't surprise me if a lot of people just found the more popular zxing app on the store and left reviews in the wrong place. I had the malware version installed and went through the same process Cedric did to find out that an update they pushed around that time turned on the bad behavior.
Either it's a campaign to try and lower the ratings or a bunch of people have managed to get separately installed malware and thought this was the cause.
The last update I see available is what I have installed - 4.7.8 from September 2018. Definitely no strange behavior from it.
But I also use this app for QR-codes, since I was never able to find an alternative. The vast permissions required make me nervous every time I install it... Good to know it is on F-Droid as well, built from a source tarball, so should be OK [1]?
Another option would be to use Google's MLKit. I think they've added support for scanning QR codes in there. It requires Google Play Services though, which is not ideal.
> No issues initially but now it will give full screen ads often that either force open your browser to a shady site...
> ...thought I should update it. That's when I started getting full page ads and browser redirects. I don't know who hijacked this app...
> Avoid!! Used to be great. Now opens adware, and pops it over the lockscreen. Goes to great lengths to cover its tracks, calling the process "partners" and removing itself from recent applications. I had to use "popup ad detector" to find it. Appalling behaviour. Very underhanded.
The zxing library is open source and different from the app. So looks like something fishy happened to the app recently. From the description of problems, this might even be the app referred to in the article.
Google makes one themselves, Google lens. It's quite a bit more than just a qr code reader, though, kind of a generic computer vision app https://lens.google.com/
I went mad trying to find a decent voice recorder for my mom. Eventually settled on some ad-littered app, but at least it didn't request any extraneous permissions. Every other app asked for every single permission under the sun... to record voice.
The one thing I've noticed about the iOS store is that apps are more up-front. Many have a price tag attached to them, which I prefer. Android apps are all about giving you something for free and then in the back doing god knows what to make pennies off of you.
The whole ads-in-apps situation is from some sci-fi novel. Let's make screens bigger, so we can fill more of it with ads.
I use the built-in QR-code scanner available in Opera Mini beta. Also, its the only browser I know that has a built-in RSS Feed reader. I use an old APK, as the newer version of Opera Mini removed the RSS functionality.
