Security8 min read

Is CamScanner Safe? The 2019 Malware Incident and 2021 Executive Order Explained

A factual look at CamScanner's security history: the Kaspersky-discovered malware, the Trump administration ban, and what it means for your documents today.

By ScanDash Team

CamScanner has 520 million downloads and is used by over 300 million people worldwide. But two major incidents have raised questions about its safety: a 2019 malware discovery and a 2021 executive order banning the app.

Here's what actually happened, based on documented sources.

The 2019 Malware Incident

What Kaspersky Found

In August 2019, security researchers at Kaspersky discovered malicious code in CamScanner for Android. The malware was identified as Trojan Dropper—software that extracts and runs other malicious code.

According to Kaspersky's analysis, the malware could:

  • Download additional malicious modules
  • Display intrusive advertisements
  • Sign users up for paid subscriptions without their consent

Which Versions Were Affected

The malicious code was present in CamScanner versions released between June 16, 2019 and July 25, 2019. According to XDA Developers, versions uploaded after August 2019 were clean.

Google's Response

Google removed CamScanner from the Play Store immediately after Kaspersky reported its findings. The app was reinstated on September 17, 2019, after CamScanner removed the malicious code.

CamScanner's Explanation

CamScanner blamed a third-party advertising SDK from a company called AdHub. According to CamScanner, the SDK was "reported for containing the Trojan Dropper module" and the company said it would "take immediate legal actions against AdHub."

Notably, the paid version of CamScanner was not affected because it didn't include the advertising library.

The 2021 Executive Order

What Happened

On January 5, 2021, President Trump signed Executive Order 13971, which prohibited transactions with CamScanner and seven other Chinese-developed apps:

  • Alipay
  • CamScanner
  • QQ Wallet
  • SHAREit
  • Tencent QQ
  • VMate
  • WeChat Pay
  • WPS Office

The Stated Reason

The executive order cited concerns that these "connected software applications... may access and steal personally identifiable information from users."

What Happened Next

The ban was scheduled to take effect on February 19, 2021. However, on June 9, 2021, the Biden administration issued Executive Order 14034, which revoked the Trump-era bans on these specific apps.

The Biden order still acknowledged that "foreign adversary-controlled" apps pose potential national security risks, but took a different regulatory approach.

CamScanner's Current Privacy Practices

Based on CamScanner's current privacy policy, here's what the app collects:

Data Collected

  • Documents: The app "will collect" documents and images you upload
  • Device information: Hardware model, operating system version
  • Usage data: IP address, login/logout times, ad clicks
  • Cookies and web beacons

Data Sharing

According to the policy, user data is shared with:

  • CamScanner's affiliates
  • Third parties "under certain circumstances"

Security

The privacy policy states that security of user data is "inspected on a periodical basis" and that data is encrypted "if possible."

CamScanner holds ISO 27001 and ISO 27701 certifications and claims compliance with GDPR, CCPA, and LGPD.

Is CamScanner Safe to Use Today?

The Facts

  • The 2019 malware has been removed
  • The 2021 executive order was revoked
  • The app holds security certifications
  • Documents are processed on CamScanner's cloud servers
  • Data is shared with affiliates and third parties

The Considerations

Whether CamScanner is "safe" depends on your threat model:

  • If you scan non-sensitive documents: CamScanner is likely fine for casual use
  • If you scan financial, medical, or legal documents: Consider the privacy implications of cloud processing
  • If your employer has data security policies: Check if cloud-based scanners are approved

Alternatives That Don't Upload Documents

If you prefer a scanner that doesn't upload documents to cloud servers:

  • ScanDash: 100% on-device processing, no account required
  • Apple Notes: Built-in iOS scanner with on-device processing

The Bottom Line

CamScanner has addressed the 2019 malware incident and the 2021 executive order was revoked. However, the app still uploads documents to cloud servers and shares data with third parties.

For sensitive documents, consider alternatives that process everything on your device.

camscannermalwaresecurityprivacy

Try ScanDash Free

The document scanner that never sees your data. 100% on-device processing.

Download for iPhone
Back to all posts