Is This QR Safe? logoIs This QRSAFE?

Why this App?

QR code adoption skyrocketed during the pandemic. It became a convenient vehicle for no-touch interactions, whether it be the menu at a restaurant, payment link at a store, or info links on mailers, etc. With this adoption arose the abuse of QR codes too. There are many stories in the news about bad QR codes being placed in public places. Oftentimes, these bad QR codes take unsuspecting users to nefarious websites for payment fraud or credential theft.

Combating this threat is the main goal of the App. It allows users to scan (or upload) QR codes to check whether the link behind it is legitimate. In addition to helping users check if a QR code is bad, the App also helps by documenting instances of bad QR codes in the wild. By building a database of bad QR codes, it is my goal to spread awareness of where those are placed so that others can avoid them. To that end, please spread the word about this App and use it as frequently as you can!

How the App Works

Disclaimer First...

Please note that this App is a personal project and may contain errors or unexpected behavior. Your understanding and patience are appreciated. Additionally, there is a possibility of occasionally running out of API calls to the third-party scanning services (VirusTotal or Urlscan). In such cases, the results displayed may be incomplete or incorrect. It is recommended to double-check results from other sources.

Scanning or Uploading of QR Code

When you scan a QR code using your camera or upload an image of a QR code, your browser processes the image to extract the data encoded within the QR code. The extraction of QR Code occurs exclusively at the client side. As a result, the images scanned are not uploaded or stored in the system.

Analyzing the Extracted URL

The URL extracted from the QR code is submitted to third-party scanning engines for analysis. These services check the URL against known databases of malicious sites and provide a report on its safety.

Data Collection

In addition to the URL, the user's IP address, user-agent string, and location are collected. This information helps to understand where the service is being used and assists in improving it. Location is collected to correlate and understand if bad QR codes are being used in specific geographical areas.

Storing the Results

The analysis results, along with the extracted URL and collected data, are stored in the database. This information is used solely for improving the services and is not shared with third parties other than the scanning engines.

Contact

If you encounter any errors or have concerns, please reach out on Twitter/X: @IsThisQRsafe