Updated with additional information.

If your Android phone or tablet suddenly starts showing a lot of ads or your browser opens by itself, a rogue app called Barcode Scanner may be to blame.

Malwarebytes detailed in a blog post last week how its forum users tipped off researchers about Barcode Scanner, which began doing dubious things after an update in early December 2020 The app had been installed by more than 10 million people over several years until it began doing dubious things after an update in early December 2020.

Google subsequently removed the malicious Barcode Scanner app from the Google Play Store. Several other apps with the same name - let's call them "good" barcode scanners - are still out there. If a bad Barcode Scanner is on your phone or tablet, I suggest you uninstall it. (You also want to make sure you have the best Android anti-virus app installed.)

Malwarebytes calls what Malicious Barcode Scanner did "malicious." To us, the app sounds more like adware than malware.

Malwarebytes explains that the app causes the user's default Android browser (which on most devices would be Google Chrome) to open a new page that points to online ads, and without the user's request, the ads on the device's display

This is a fairly straightforward process.

This is quite annoying, but it is far from real Android malware that steals sensitive personal information or involves your device in an Android botnet. The ad-laden update passed Google Play's screening process by hiding the dodgy parts of its code.

According to MalwareBytes, the barcode scanner in question was developed by a company calling itself LavaBird Ltd. and at least four other apps remain in Google Play, and its incomplete address, based in a rather expensive neighborhood in central London suggests that the company has been kicked out of the market. Below is a picture of what the Google Play app entries looked like before the apps were kicked out.

However, an archived version of the Google Play store URL provided by Malwarebytes shows another developer, India-based and named Barcode Scanner.

The old and new versions of the Barcode Scanner app have consistent version numbers, and both list identical install counts and Android system requirements.

It appears that the original Barcode Scanner developer may have sold the app to another party, who may have injected adware.

UPDATE: Our friends at The Register remind us that the UK government is making it easier to find out details of companies registered in the UK.

The London address claimed by LavaBird Ltd. was found to be accurate, but is likely just a forwarding service, as there are dozens of other companies registered at the same address.

LavaBird appears to have been registered in London in March 2020 by a 23-year-old Ukrainian man living in Kiev; The Register also found that "we sell Android mobile traffic," which is never a good sign for app developers We also found an associated website that proclaims, "We sell Android mobile traffic.

The actual Android app ID is "com.qrcodescanner.barcodescanner," but Google does not make it easy to view the ID of an installed app without being directed to the Google Play Store website It does not. The Play Store page for this particular app has been removed.

The easiest way to see if a malicious barcode scanner is installed would be to go to Settings > Apps. look for an app called Barcode Scanner. If it is not there, you are good to go.

If there is a Barcode Scanner app, you will need to check which Barcode Scanner it is. Tap the list of apps in Settings, then tap Details. Tap [App Details].

At this point, you should be taken to the Barcode Scanner page of the Google Play app. If the page remains loaded and nothing appears, it means that there is no listing in Google Play. You can assume that you got a bad app, so go back a couple of steps to the apps list page in settings and uninstall the app.

When the Google Play app page appears, double check the developer name of the app. It should be right below the app name at the top of the page.

If the developer name is LAVABIRD LTD. go back to the apps list page in settings and uninstall the app. If you see any other name, it is one of the other barcode scanner apps and you can leave it installed.