Hacker News new | past | comments | ask | show | jobs | submit | riphdd2020's comments login

Somebody needs to start contacting the US politicians whose private numbers are in this leak. There must be a few?


I hope this is not too off-topic, but I can't be the only one here who thought 'I don't remember any distro called Linux Logo...' before clicking and seeing my mistake. Cute nostalgia either way.


Is there any proof for this, apart from those bad reviews? The blog mentions another (now removed app) with the package name com.qrcodescanner.barcodescanner, not the open source one at https://play.google.com/store/apps/details?id=com.google.zxi...

I believe these bad reviews might be a result of the malware app pushing bad reviews to the zxing app page on google play, using an in app 'rate this app?' -> low rating -> send to the zxing app in Google Play (instead of the malware app in google play).


As noted above, I believe this to be the case. I had the other app and started receiving full page ads for it. Totally different developer, but same app name. I am no longer able to find that app in the play store.


> the one that was recommended a long time ago by Google authenticator

That's where I remember it from, thanks! However I think there's some confusion here: the one the blog mentions is not https://play.google.com/store/apps/details?id=com.google.zxi... (github based, relatively trustworthy looking, recommended by Google Authenticator back in the day), it's the now removed qrcodescanner app: https://webcache.googleusercontent.com/search?q=cache:38t1gW...

I think those bad reviews on https://play.google.com/store/apps/details?id=com.google.zxi... are because the malware probably used the zxing qr library, and there might be traces left in it, or these users are just confused (or the malware app deliberately pointed low star reviewers to the github competitor app in the play store). As others have stated, this github app with the bad reviews hasn't been updated for a long time.

If the malware is also in https://github.com/zxing/zxing , I really hope they do a postmortem to explain how. The fact that https://play.google.com/store/apps/details?id=com.google.zxi... still exists though, while the app mentioned in the blog has been removed by google, makes me think the zxing app is clean.


Hang on a second, something is fishy here. I had an issue that the mirrors what was happening on the zxing reviews. I was getting a full page ad every 15 minutes or so after unlocking my phone.

The rub? It wasn't this app. It was another one that was also called barcode scanner. It was also beginning to garner negative reviews, which the developer (had a Ukranian email address) had begun responding to saying the app was perfectly legal because it was serving ads only inside the app itself.

I'm wondering if that deluge of bad reviews is directed at the wrong app? I'll look to see if I can still find the google play page for the one I had.

Also, I had that app for a LONG time before it started displaying this kind of behavior just last month, which also corresponds to the bad reviews starting on the zxing app.


The ads went away when I uninstalled it and reported it.


I went through all the apps I've installed in the past, and the only barcode scanner I've ever installed was this one:

https://play.google.com/store/apps/details?id=com.google.zxi...

So it might be another completely unrelated app that triggered the issue, or it might be this one, no idea!

I've reset my phone to factory and re-installed only as and when I needed an app and so far no more ads.


I had this app too, and I remember thinking it was weird because I think an official google developer blog (or something like that) mentioned the need to install it, as there was no built in QR code reader at the time. I can't remember which old phone I had it on though.

I also think those reviews might be left by people who can't find the original offending app because it's been removed. https://www.apkshub.com/app/com.qrcodescanner.barcodescanner seems to show it had BILLING permission though, which is always an alarm bell.


The one you're looking at on apkshub is definitely a different app. The version number, last update, and permissions do not match what is in Play.


The one on apkshub is the one mentioned in the blog. Google has removed it from google play. https://play.google.com/store/apps/details?id=com.google.zxi... is a completely different, open source app, with unexplained bad reviews, probably nothing to do with the malware, and hasn't been removed by google.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: