Updated with additional information

If your Android phone or tablet suddenly starts showing a lot of ads or your browser opens by itself, a rogue app called Barcode Scanner may be to blame

Malwarebytes detailed in a blog post last week how its forum users tipped off researchers about Barcode Scanner, which began doing dubious things after an update in early December 2020 The app had been installed by more than 10 million people over several years until it began doing dubious things after an update in early December 2020

Google subsequently removed the malicious Barcode Scanner app from the Google Play Store Several other apps with the same name - let's call them "good" barcode scanners - are still out there If a bad Barcode Scanner is on your phone or tablet, I suggest you uninstall it (You also want to make sure you have the best Android anti-virus app installed)

Malwarebytes calls what Malicious Barcode Scanner did "malicious" To us, the app sounds more like adware than malware

Malwarebytes explains that the app causes the user's default Android browser (which on most devices would be Google Chrome) to open a new page that points to online ads, and without the user's request, the ads on the device's display

This is a fairly straightforward process

This is quite annoying, but it is far from real Android malware that steals sensitive personal information or involves your device in an Android botnet The ad-laden update passed Google Play's screening process by hiding the dodgy parts of its code

According to MalwareBytes, the barcode scanner in question was developed by a company calling itself LavaBird Ltd and at least four other apps remain in Google Play, and its incomplete address, based in a rather expensive neighborhood in central London suggests that the company has been kicked out of the market Below is a picture of what the Google Play app entries looked like before the apps were kicked out

However, an archived version of the Google Play store URL provided by Malwarebytes shows another developer, India-based and named Barcode Scanner

The old and new versions of the Barcode Scanner app have consistent version numbers, and both list identical install counts and Android system requirements

It appears that the original Barcode Scanner developer may have sold the app to another party, who may have injected adware

UPDATE: Our friends at The Register remind us that the UK government is making it easier to find out details of companies registered in the UK

The London address claimed by LavaBird Ltd was found to be accurate, but is likely just a forwarding service, as there are dozens of other companies registered at the same address

LavaBird appears to have been registered in London in March 2020 by a 23-year-old Ukrainian man living in Kiev; The Register also found that "we sell Android mobile traffic," which is never a good sign for app developers We also found an associated website that proclaims, "We sell Android mobile traffic

The actual Android app ID is "comqrcodescannerbarcodescanner," but Google does not make it easy to view the ID of an installed app without being directed to the Google Play Store website It does not The Play Store page for this particular app has been removed

The easiest way to see if a malicious barcode scanner is installed would be to go to Settings > Apps look for an app called Barcode Scanner If it is not there, you are good to go

If there is a Barcode Scanner app, you will need to check which Barcode Scanner it is Tap the list of apps in Settings, then tap Details Tap [App Details]

At this point, you should be taken to the Barcode Scanner page of the Google Play app If the page remains loaded and nothing appears, it means that there is no listing in Google Play You can assume that you got a bad app, so go back a couple of steps to the apps list page in settings and uninstall the app

When the Google Play app page appears, double check the developer name of the app It should be right below the app name at the top of the page

If the developer name is LAVABIRD LTD go back to the apps list page in settings and uninstall the app If you see any other name, it is one of the other barcode scanner apps and you can leave it installed