Prevent other scanner apps from scanning information in printed QRcode?

Question

I am printing out a qrcode with vcard information (using qrlib.php for this) and i am creating a simple barcode scanning app in swift (iOS).

My prototype seems to work, but now i stumbling upon the following issue; I like only authorized partners to be able to scan the qrcodes. I am not sure if i have to add some extra variable / key on the php/qrcode side or to alter my scanning swift code. This is the main php part which echos the qrcode, Is it possible to add a custom variable so the qrcode becomes non readable for other barcode scanners?

2/ or maybe have some sort of simple encryption

$tmp_vcard = 'BEGIN:VCARD VERSION:3.0 N:' . $visitorData[0]->userLname . ';' . $visitorData[0]->userFname . ' FN:' . $visitorData[0]->userPosition . ' ORG:' . $visitorData[0]->userCompany . ' TITLE: ' . $visitorData[0]->userPosition . ' TEL;WORK;VOICE:' . $visitorData[0]->userPhone . ' ADR;TYPE=WORK:;;' . $visitorData[0]->userAddress . ';' . $visitorData[0]->userPostal . ';' . $visitorData[0]->userCity . ' EMAIL:' . $visitorData[0]->userEmail . ' URL: END:VCARD';

In summary maybe call it a private qrcode/vcard?

Answer 1

A QR code is just a way to represent data (like a string) as a 2D image. And since it’s an open standard, you can’t really prevent anyone from decoding it.

You could encrypt the Vcard in some way on the PHP side and add decryption code to your scanner app. I don’t know which crypto functions are easily available on the Swift side so I can’t make any recommendations on that. Blowfish or PGP come to mind.

But I wouldn’t consider that to be highly secure. Even if you do all the crypto stuff right, it’s just as secure as the scanner app is, since all the information needed for decrypting has to be inside it. So if it’s in the app store…

It should be enough to prevent your average smartphone user from simply pointing their QR code scanner towards it and getting the Vcard.