Evaluating Security, Privacy and Usability Features of QR Code Readers

Abstract

The widespread of smartphones with advanced capabilities has motivated developers to design new mobile applications that are used as barcode scanners. Although several barcode readers are available, they still have security and privacy limitations. In this paper, we first present a comprehensive and systematic review of barcode reader applications by analyzing their security, privacy and usability features. We categorize these apps into four groups depending on their properties: URLs security, Crypto-based security, Popular applications, and Save-privacy. We also highlight their weaknesses and present design recommendations for usable, secure and privacy-guaranteed scanner applications. Based on our recommendations, we have developed BarSec Driod a proof-of-concept secure barcode reader Android app that exploits some features of other applications and at the same time overcomes their limitations. We have performed a user usability and security survey, on BarSec Driod and two other popular QR code readers, KasperSky and QR Droid Private. The results show that BarSec Driod is easy to use, satisfies the expectations of the users and is secure. Moreover, we have observed that following the design tips, user's security awareness and usability increase.