This week, it was discovered that a Google Play Pass app with more than 10 million installations had turned into malware and spread annoying pop ads. Google removed this app from the Play Store a long time ago, but because of its generic name – “Barcode Scanner” – it caught the original, legitimate Barcode Scanner app of the same name in the crossfire and received numerous unjustified 1-star ratings. accusing it of being malware.

Left: The removed malicious program. Right: The legitimate app.

Many people who were infected by the malware and identified the malicious Barcode Scanner app as the culprit probably went after the removal from the Play Store to the Play Store, but because the malicious scanner app has already been removed, they only found the legitimate Barcode Scanner list and accepted that it was the one that caused their misery. They probably did not notice that this app is open source and has not been updated since 2019 – both factors making it unlikely that it will suddenly launch malware. This legitimate barcode scanner was actually developed by Google and was built on top of Google’s QR code decoder library ZXing – hence the developer name ZXing Team. The app was even one of the first ever available in the Android Market (now Play Store).

After our coverage and the Malwarebytes report, the legitimate Barcode Scanner app actually got far fewer 1-star releases, as it probably became clearer that the ZXing Team application was not the culprit. Therefore, you see the influx of 5-star ratings defending the app and confirming that it is not spreading malware.

When we tested the barcode scanner of XZing Team for ourselves, we could not find any strange or suspicious behavior, although we did notice how outdated the app is these days. It still relies on Android’s old permission system and comes with a warning that it was built for an older version of the operating system and may not work properly. We can only hope that Google will restore the ratings for the app, but since it is still sitting at a comfortable 4-star average and is no longer actively maintained, the question is open whether Google is even interested in repairing it incorrectly.

If you’re still looking for a replacement for the malicious barcode scanner, we can only continue to recommend Google Lens, which is built into the Google app and in any case already installed on all Android phones (the ” app “that you from the Play Store is only a shortcut for your launcher).