One of the first Android apps – ZXing Teams Barcode Scanner, an app that precedes the first official release of Android itself – is currently being bombed on the Google Play Store. Hundreds of users are leaving 1-star reviews, claiming that a recent update spews unwanted ads, while nearly 200 more have come to the app’s defense with their own 5-star reviews.
It is not entirely clear what is happening here, but the prevailing theory is that the 100 million downloaded strong app will be confused with another with the same exact name – one that may have been a clone of ZXing̵
MalwareBytes seems to be aware of the confusion; it updated its original post yesterday to be extra clear that the bad barcode reader app was this one, which came from a company called Lavabird, not ZXing Team. Google removed the app from the Play Store, so it would not be surprising if angry users searched for it and found errors.
The sudden attention surprised the original app’s co-creator, Sean Owen, who tells The Verge that he is not worried about his reputation – simply because of how ridiculous he thinks the allegations are.
“[T]his is such an old well known app that i think some informant would guess that it can not be this app: it is open source, for one. It has not been updated in many years. And there is just no motive, to create an app for 13 years just to stick malware in at the end is an improbably long game, “he says. The Google Play Store shows that the app was last updated in February 2019.
But he also does not rule out the possibility that his code will be manipulated in some way, perhaps by hijacking the system of intent that Android uses to let one app deliver tasks to another. “Many people claim that it ‘definitely’ is this app in a way I had not seen before – and I have read thousands of comments over the years – so, who knows?”
Owen says he and his co-author Daniel Switken now regret their decision to make the app open source on the day because of all the times it has been cloned by companies trying to make money quickly by adding ads or skins. “For a while, we followed some of the bigger ones for OSS license / trademark issues, but there were fewer than 10 of the 100s I even saw many years ago,” says Owen.
This is not the first time his app has been confused with a bad clone, he says. “At one point, a research paper claimed that this app called personal information to a third-party website, and it caused a new wave [of bad reviews], but of course the authors found that they had mixed together two similar apps. “
I downloaded the OG Barcode Scanner app again today for the first time in many years. When I launched it, the app warned me that it “was built for an older version of Android and may not work properly,” and I found that it only works in landscape orientation. But I saw no ads, it probably scanned barcodes quickly, and I have not seen any pop-ups or browser hijacking yet.
Right now, the ZXing Teams Barcode Scanner app has a solid 4.0 stars with almost 640,000 reviews. Google has not yet commented on how to deal with the negative reviews.