Continuing the discussion from Camera development progress:
Can you elaborate on the kind of attacks that are possible? That exist in the wild?
I don’t disagree that a QR code that encodes a URL and where the client device then visits that URL invites the client device to be subject to a drive by attack i.e. get the client device to visit a web site that it would not ordinarily choose to visit and the web site exploits a vulnerability in the web browser.
However all of this class of vulnerability would apply to me anyway (in this case). If I didn’t scan a QR code, I would have to visit the same web site manually.
I don’t disagree that a QR code invites the possibility of privacy violation (since it will never be self-evident to the user what information the QR code encodes).