I Built a QR Code Scanner That Doesn't Phone Home — No Ads, No Account, No Internet Permission

#mobile #opensource #privacy #showdev

QR codes are everywhere — restaurant menus, Wi-Fi labels, package tracking, payment kiosks, business cards. So is the temptation to install whatever QR scanner appears at the top of the store. The problem: most of those apps are bloated with ads, ask for permissions a scanner has no business needing, and treat your scan history as a marketing asset.

We built a QR scanner that does exactly one thing well — read codes — and gets out of your way.

📱 Get on Google Play · Get on App Store

💻 GitHub repo (20 languages)

The principle: a scanner should be a scanner

Open the app → camera live in under a second → point at QR code → see the decoded result → decide what to do. That's it.

No splash screen. No "rate us 5 stars" popup. No "watch ad to unlock dark mode". No account. No internet permission required to actually decode a QR code.

This is what the app does:

Scan with the camera — auto-focused, decodes the moment a QR is in frame
Scan from a photo in your gallery — pick any image with a QR and decode it without a printout
Local history of every scan — searchable, deletable, never synced anywhere
Open / copy / share the result — preview the URL before tapping it

This is what the app does not do:

No ads of any kind
No analytics or telemetry
No third-party SDKs
No internet connection required for scanning
No "premium tier" with hidden features
No registration

Why scanning happens entirely on the device

QR decoding is mathematically lightweight. A modern phone CPU can decode 60+ frames per second. There is no engineering reason to round-trip the image through a server, and no privacy reason you'd want to.

In Flutter, we use mobile_scanner, which wraps Apple's Vision framework on iOS and Google's ML Kit on Android. Both are on-device libraries — no network calls.

MobileScanner(
  controller: MobileScannerController(
    detectionSpeed: DetectionSpeed.normal,
    facing: CameraFacing.back,
    formats: [BarcodeFormat.qrCode],
  ),
  onDetect: (capture) {
    final barcode = capture.barcodes.first;
    final value = barcode.rawValue;
    // Save to local Hive box, show result sheet
  },
)

Two implementation details that matter for the "no internet" claim:

No internet permission in the manifest. On Android, we don't add <uses-permission android:name="android.permission.INTERNET"/> at all. The OS won't even let the app open a socket. On iOS, no NSLocalNetworkUsageDescription and no networking entitlements. This is the technical guarantee behind the "offline" promise — it's not a policy, it's the operating system enforcing it.
History is stored in a local Hive box. Scan timestamps, decoded values, and any tags you add stay in ~/Library/Application Support/.../qr_history.hive on iOS and the equivalent on Android. Uninstalling the app removes the file. There is nothing to "sync" because nothing leaves the device.

Edge cases worth knowing about

We spent more time on these than on the happy path:

Damaged or partially obscured QR codes. Real-world QR codes are rarely perfect — they're crumpled, glared, partially behind glass on a restaurant menu. The Reed-Solomon error correction built into the QR spec handles up to 30% of the code being damaged (level H), but only if the scanner gives the decoder enough good frames. We tuned the camera frame rate and exposure compensation to keep trying for ~2 seconds before declaring "no QR found", which catches most marginal cases.

QR codes inside screenshots. Travel apps often deliver tickets as a screenshot. We handle this by exposing an image-picker that runs the same decoder over a static image instead of a camera stream. No printer required.

Dark venues. Concerts, restaurants with mood lighting, pub Wi-Fi labels in dim corners — all common scan environments where auto-exposure underexposes the code. We expose a torch toggle in the scanner UI; the moment you tap it, the camera flash fires as a continuous light.

Phishing-style URLs. Most QR scanner exploits in the wild rely on users opening a malicious URL the moment the code is decoded. We refuse to auto-open. The decoded URL is always shown first as text, with a separate "Open" button. You see what you're tapping into.

What we deliberately did not build

We get asked about these, so to be explicit:

Real-time barcode/QR generation. There are excellent free apps for this (and qr_flutter is two lines of code). We don't try to be both reader and writer.
Bulk scanning. Some scanners try to read 30 codes per second to feed an inventory system. That's a different category of app and we don't compete in it.
Code reading from PDFs. It would be useful but adds dependencies that hurt startup time. Out of scope for v1.
Cloud sync of scan history. This is the entire reason the app has no internet permission. We will not add this.
A "premium" tier. There isn't one and there won't be one. The app is what's in the app.

How it is built

If you build mobile utilities, the stack might be useful:

Flutter 3.16+ — single codebase for Android and iOS, native performance
mobile_scanner — on-device QR decoding via Vision (iOS) and ML Kit (Android)
hive — local key-value storage for scan history
share_plus — native share sheet integration
url_launcher — for opening decoded URLs in the system browser
No analytics packages, no crash reporting that phones home

Build size is small (around 12 MB on Android, 18 MB on iOS), startup is under 600 ms on a 2020-era phone, and the app survives in memory between scans.

The app is currently translated into 20 languages with native terminology rather than machine translation — see the GitHub repo which has a README in each.