Abstract
The widespread use of smartphones is boosting the market take-up of dedicated applications and among them, barcode scanning applications. Several barcodes scanners are available but show security and privacy weaknesses. In this paper, we provide a comprehensive security and privacy analysis of 100 barcode scanner applications. According to our analysis, there are some apps that provide security services including checking URLs and adopting cryptographic solutions, and other apps that guarantee user privacy by supporting least privilege permission lists. However, there are also apps that deceive the users by providing security and privacy protections that are weaker than what is claimed. We analyzed 100 barcode scanner applications and we categorized them based on the real security features they provide, or on their popularity. From the analysis, we extracted a set of recommendations that developers should follow in order to build usable, secure and privacy-friendly barcode scanning applications. Based on them, we also implemented BarSec Droid, a proof of concept Android application for barcode scanning. We then conducted a user experience test on our app and we compared it with DroidLa, the most popular/secure QR code reader app. The results show that our app has nice features, such as ease of use, provides security trust, is effective and efficient.
Highlights
Barcodes are a universal technology that provides visual data representation using series of lines, squares or dots, organized in a standard way
Our contributions can be summarized as follows: (i) we present the most comprehensive analysis of 100 barcode scanner applications from security and privacy perspectives; (ii) we categorize barcode scanner applications into five groups based on the security features they provide or on their popularity; (iii) we propose usability, security and privacy recommendations for the development of barcode scanners; (iv) we present BarSec Droid, a proof of concept Quick Response (QR) code Android application that we have developed; (v) we present the results of a user experience test on BarSec Droid and on DroidLa the most popular/secure QR code reader, and we discuss the comparison results
The results show the inefficiency of protection methods against malicious QR codes and the lack of privacy protection
Summary
Barcodes are a universal technology that provides visual data representation using series of lines, squares or dots, organized in a standard way. The barcode scanners can be specific devices or smartphone reader applications, and they require a Line-of-Sight to capture the barcode image and retrieve the stored data [1]. Two dimensional (2D) barcodes are machine readable images that enhance many features of the traditional one dimensional (1D) barcodes, such as more data capacity and robustness, and so are suitable for industrial and economic purposes. They can be used in a simple and effective way to achieve communication between physical objects (such as paper-based surfaces), and the digital ones (e.g., smartphones) [2]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
