I think those bad reviews on https://play.google.com/store/apps/details?id=com.google.zxi... are because the malware probably used the zxing qr library, and there might be traces left in it, or these users are just confused (or the malware app deliberately pointed low star reviewers to the github competitor app in the play store). As others have stated, this github app with the bad reviews hasn't been updated for a long time.
Hang on a second, something is fishy here. I had an issue that the mirrors what was happening on the zxing reviews. I was getting a full page ad every 15 minutes or so after unlocking my phone.
The rub? It wasn't this app. It was another one that was also called barcode scanner. It was also beginning to garner negative reviews, which the developer (had a Ukranian email address) had begun responding to saying the app was perfectly legal because it was serving ads only inside the app itself.
I'm wondering if that deluge of bad reviews is directed at the wrong app? I'll look to see if I can still find the google play page for the one I had.
Also, I had that app for a LONG time before it started displaying this kind of behavior just last month, which also corresponds to the bad reviews starting on the zxing app.
That's where I remember it from, thanks! However I think there's some confusion here: the one the blog mentions is not https://play.google.com/store/apps/details?id=com.google.zxi... (github based, relatively trustworthy looking, recommended by Google Authenticator back in the day), it's the now removed qrcodescanner app: https://webcache.googleusercontent.com/search?q=cache:38t1gW...
I think those bad reviews on https://play.google.com/store/apps/details?id=com.google.zxi... are because the malware probably used the zxing qr library, and there might be traces left in it, or these users are just confused (or the malware app deliberately pointed low star reviewers to the github competitor app in the play store). As others have stated, this github app with the bad reviews hasn't been updated for a long time.
If the malware is also in https://github.com/zxing/zxing , I really hope they do a postmortem to explain how. The fact that https://play.google.com/store/apps/details?id=com.google.zxi... still exists though, while the app mentioned in the blog has been removed by google, makes me think the zxing app is clean.