zxing is 10: a few reflections

[Sean Owen]

If this project has a birthday, it's around today, and it would be 10 years old. It's had a good run to date, and I wanted to write down a few reflections. Thank you especially to the contributors who have put in hard work on the project over many years! This hasn't been related to my day job for, well, almost the same 10 years, but, I have tried to maintain the project as a tribute to those contributors, and users.

Origin Story: Google Print Ads

I wrote up the origin of the project briefly several years ago:

• https://www.quora.com/Why-havent-Google-or-Apple-embedded-a-QR-reader-in-their-Camera-apps

• https://www.quora.com/Why-arent-newspapers-seizing-on-QR-codes-as-a-golden-opportunity-to-add-value-to-their-content

It didn't quite make the cut for Android itself; it began in a short-lived print ads project; it sort of went on to become Google Shopper internally while the original code was punted outside the wall.

First Commit: Oct 23 2007

The project was originally hosted on Google Code. Look, an Ant build file.

https://github.com/zxing/zxing/tree/6eee8860348067228b7935539e0cbef38366f576

This was actually the result of a about 4 months of 20% time.

First Android version supported: 0.9

Although it's changed a lot since, the app structure is roughly the same as the first version Daniel wrote for pre-release Android version (call them "0.9") and the Blackberry-like prototype Android model called Sooner. If rewritten today for Android 8, I'm sure it would start and end differently and more cleanly, but the code base has held up well. The very first apps were for J2ME and Blackberry even, not Android.

Contributors: 140+

Github only has commit history from 2014 onwards, but you can see the large list of contributors in AUTHORS. Particular respect to Daniel's work, and to people like Steven Parkes who long maintained ports.

My experience of this project mirrors that in other open source projects: most users neither contribute nor take from the project, and that's fine. A very few contribute in some way (good bug reports, patches, external articles, etc.) and a very very few contribute a lot. This is also fine. What is surprising is how many take away a little bit from the project. This includes people who didn't follow the license terms (below) or asked for work from contributors rather than invest their own time. It's still small by numbers, but larger than the contributors. It's just how open source is and contributors have to be ready for it, and ready to both enable the contributors while pushing back on takers.

But overall the good work that was contributed, and the many people that benefitted, have been much bigger and more important than any abuses.

Stars & Forks: 15,100+ & 6,700+

I'm not sure how to interpret the absolute number, but, that makes it about the 100th most 'popular' project on Github out of about 2 million. It must be said that this project has the advantage of being around for a relatively long time.

zxing.org: about 1 QPS

The online encoder/decoder at https://zxing.org/ gets, roughly, 1 query per second. It's trivially handled by part of a modern CPU core. Viewed another way that's probably 100M barcodes created or scanned online in recent years.

Like everything, this gets the occasional misuse; it gets flooded with requests for one reason or another about once a month, probably people writing a script to scan a bunch of images at once. Almost all of the ongoing work of maintenance is making sure it's not used to attack another site.

(Peak) Barcode Scanner Users: 16 million

Android stats reporting has changed dramatically over time, but as of now it says the active install count peaked at 16 million about a year ago, and is dropping, at about 12 million now. It's an aging app slowly being replaced by things like the built-in Android barcode API.

Note this is pretty different from the user counts the store used to report, which reported more like 35 million a couple years ago.

I think the app caught on mostly because:

• At launch it was as good or better than other options, and was good-enough thereafter

• Minor killer app for the first device, the Dream / G1, which had a great camera

• Open source

• Demand from other apps as an Intent-driven scanning API

Daniel has said that open sourcing the app was a real double-edged sword. I think it was one of the most widely-used apps to be open-source and more open software is a good thing. But it was endlessly cloned and loaded with ads by others. I've counted maybe a hundred over the years.

Reviews: 4.1 over 621,000+

Not bad. People like it because it's free and works pretty well, but it has an aging interface and doesn't scan perfectly.

It did surprise me how negative and abusive a minority of reviews are. I think many reasonable people are fooled by the apparently anonymity of posting online reviews, and, are genuinely shocked if someone talks back.

Monetization: $143,000

The core project and app were never monetized in any way. It was, really Google's IP to give away and they (we) did so. That's always seemed good.

For the curious, the monetization via the 'plus' app did raise a reasonable amount of revenue over the years from 57,500 users, to offset development costs. It's been charity-ware for over a year, and raised about $20,000 of that for environmental causes. Which leads to ...

Barcode Scanner Plus: free and open source now

The 'plus' app is still somewhat different even though much of its value-add was back-ported already. It and the 'simple' companion app will be free and open source now at https://github.com/srowen/zxing-bsplus

OSS License Problems: Thousands

I was surprised how many people used the project code without complying with the pretty permissive Apache License 2.0. Most that I contacted seemed genuinely unaware of the terms, which I can sort of understand -- after all, using open source code in a server-side application often entails no license obligations because it doesn't involve redistributing software. But using this code almost always means distributing it in an app and it's the distribution of the software, not its use, that triggers the terms of the license.

Still surprised that some people would just copy and paste a whole app and not suspect any issue with stripping all references to the author.

We got tens of apps taken down for trademark problems, out of hundreds, but only had one incident of knowing and repeated misuse of the project code, where Google's legal team got involved and obtained compliance, from ShopSavvy / Big In Japan. I observe that it's actually quite hard to get OSS authors to come after you for non-compliance; you have to really try. Alex Muse managed to, and it does seem that Google really does respond when forced.

Android as a Platform: The Good and Bad

Some things about Android really helped the use case and app:

• Java. Easy for enterprise / web developers to get into it

• Intents. Helped scanning become viable as a service early

Some things were obstacles:

• Coarse permissions model through Android 4.x required asking for loads of permissions upfront and caused endless accusations of privacy invasion

• Off-brand devices had shocking bugs in camera implementation

Future

As has been true for a while, no plans to do any more development, except for accepting the occasional bug fix or improvement.

If the project were to start today? I'd probably:

• Write in Scala

• Still write for Android, and the Camera 2 APIs

• Build machine learning models to detect barcodes instead of heuristics

• Use machine learning to actually read direct formats like UPC

• Not open source the entire Android app

[gjs]

Congrats & well done !

Been following the project since day one, best of luck with next 10 years.

Regards