Like many camera apps, the Google camera also has an integrated QR code scanner that becomes active when it detects such a code and decodes it accordingly. This isn’t rocket science, but it has now been found that it causes problems when scanning encoded URLs on Android 12. According to a report, Google’s artificial intelligence is to blame.
Scanning QR codes is a matter of course for many people today and can be done in many ways. Such a scanner is preserved in the Google apps, there are thousands of such apps in the Google Play Store, and with Android 13, Google will even integrate such a function natively into the operating system. But of all things, the supposedly most trustworthy scanner – namely that of Google – has serious shortcomings due to the AI.
Wrongly corrected TLDs
As heise found out, artificial intelligence is used when recognizing URLs, which wants to correct supposed errors. However, these filters literally run amok and improve everything that comes before their virtual eyes. For example, points are set where none belong – because they were supposedly forgotten from the point of view of the scanner. It is about the recognition of TLD components.
fooco.at automatically becomes foo.co.at – because “co.at” is a fairly common URL from Austria. You don’t have to be an IT person to know that this leads to a completely different goal. Heise has published a whole series of examples of such a situation, covering more than a dozen common TLDs around the world. But that’s by no means the only problem because two more stumbling blocks have been discovered in which the automatic improvement is also used.
Shortened TLDs
But Google’s filters have probably never heard of the many “new” TLDs that are not very common, but still exist. And so it happens that these could simply be truncated: fooco.cat then suddenly becomes fooco.ca. Die-hard experts and all other users know immediately that these two URLs also lead to completely different destinations. Similarly with .apple going to .app, .amex going to .am and similar cases.
Crazy Digits
It is rare, but it does happen that there is a digit in a www subdomain. For example, www6.rbc.com for a bank’s website. But Google’s algorithms have never heard of this either and simply move the number to a different place. www6.rbc.com suddenly becomes www.6.rbc.com. In this case, it leads to the same domain and cannot be directly classified as a security problem, but the user will probably not achieve the desired goal.
Google hasn’t commented on this yet, but it’s amazing that something like this happens at all and nobody noticed it in internal tests. It is speculated that this has something to do with the URL shortening in the Chrome browser, whose algorithms are probably also used in the Google Lens recognition of the Google camera. Curious: This is not the case in the Google Lens app. If you are affected, then switch off the Google Lens integration in the camera settings and you should be quiet. Only Android 12 is affected.