Hygiene of QR Codes Study

About the Research

Why Study QR Codes?

QR codes have become incredibly common in our daily lives, appearing on products, advertisements, restaurant menus, and more. However, this widespread adoption has also created new security vulnerabilities that many users are unaware of.

My research aims to understand how students interact with QR codes, their awareness of security risks, and whether certain design elements influence scanning behavior.

This study is part of Andrew Clarkson's COSC480 project.

Research Questions

How frequently do students scan the QR codes that I generate and distribute?
Are students aware of the potential security risks associated with scanning QR codes?
Do certain QR code designs (colours, logos, borders) influence scanning behavior?

QR Code Security Education

What Are QR Codes?

QR (Quick Response) codes are two-dimensional barcodes that can store various types of data, such as website URLs, contact information, or plain text. When scanned with a smartphone camera, they quickly connect users to digital content.

Originally developed for tracking automotive parts in Japan, QR codes have evolved to become a common tool for marketing, payments, and information sharing.

Find Out More Here

Basic QR Code

Common Security Risks

Phishing Attempts: QR codes can lead to fake websites designed to steal personal information or login credentials.
Malware Distribution: Scanning a malicious QR code can trigger automatic downloads of malware or redirect to malicious app stores.
Payment Fraud: Scammers can replace legitimate payment QR codes with their own to redirect funds.
Automatic Actions: QR codes can trigger automatic actions like sending pre-composed emails or text messages.

Safety Tips for Scanning QR Codes

Verify the Source

Only scan QR codes from trusted sources. Be particularly cautious of codes in public places that could have been tampered with.

Preview URLs

Use a QR scanner app that shows the URL before opening it. Check that the URL matches what you expect before proceeding.

Keep Software Updated

Ensure your phone's operating system and apps are up to date to protect against known vulnerabilities.

Check for Tampering

Look for signs that a QR code might have been altered or had a sticker placed over it, especially in public places.

Be Wary of Shortened URLs

QR codes that lead to shortened URLs can hide their true destination. Use URL preview features to see where they lead.

Don't Share Personal Info

Be cautious about entering personal information on websites accessed via QR codes, especially financial details.

QR Code Study

Study Overview

My research examines how different QR code designs and locations influence scanning behavior among university students. I'm investigating whether factors like verified logos, different text, and surrounding context affect users' likelihood to scan a code.

Through this study, I aim to understand both the factors that drive QR code interaction and identify potential security awareness gaps among the student population.

The findings will contribute to improved security education and inform the development of a safer QR code scanning app.

The web server logs collected appear as follows 121.98.80.143 - - [2025-08-11T22:25:23.075Z] "GET /qr/test1 HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36"

This data includes IP address, time of scan, the QR code identifier, device type, and what browser was used. All of this data is anonymous and cannot be used to identify anyone.

All data will be stored on a secure server which is protected by private keys, the data will be stored for up to 5 years and will be analysed to determine the scanning rates of people around the University given the time, location and design of each poster.

At the conclusion of the study, the analysis will be included in Andrew Clarkson's COSC480 report, however no raw data will be included in the report.

Please be aware that in scanning the QR code, standard web server logs have been collected, due to the anonymous nature of this data, the information is unable to be withdrawn.

The study will begin on (date of approval) and will conclude on the 31st of October 2025. At time of conclusion this website will be removed.

There are no incentives offered for this study, however we greatly appreciate your participation.

This study has been approved by the School of Computing. If you have any concerns about the ethical conduct of the research, you may contact the University of Otago Human Ethics Committee through the Human Ethics Committee Administrator (ph +64-3-479-8256 or humanethics@otago.ac.nz). Any issues you raise will be treated in confidence and investigated and you will be informed of the outcome.

Ethics application number: 25/0808; Approved: 20/08/2025

Methodology

1 Campus-wide placement of various QR code designs in controlled locations
2 Anonymous tracking of scan rates and basic interaction patterns
3 Data analysis to identify correlations between design elements, code placement and scan rates

QR Code Variables Being Tested

Colour Variations

Testing if coloured QR code posters affect scan rates

Trusted Logos

Testing if university branding increases trust

Differences in Text

DO NOT SCAN

Get info, scan here!

Testing if warning text deters scanning

Contact the Researcher

Get in Touch

If you have questions about my research, would like to collaborate, or need more information about QR code security, please reach out to me.

Contact Information

Andrew Clarkson
claan757@student.otago.ac.nz

Steven Mills

Supervisor
steven.mills@otago.ac.nz

David Eyers

Supervisor
david.eyers@otago.ac.nz

Research Schedule

Data collection: August - September 2025
Findings published: October 2025