TrustQR, by Master of Information and Cybersecurity grads Roy Blume, Mina Fahim, Sameer Hakim, JD Keeling, Jeremy Sloan, and Shanshan Song, aims to empower everyday people to trust QR scanning by providing them with the tools to scan for cyber risks.
The project was awarded the Lily L. Chang Capstone Award for Spring 2025.
We interviewed the team to learn more —
What inspired your project?
Mina: Our team came together around the common concern of digital threats hiding in plain sight. We noticed how many people (even those who are tech-savvy) don’t always realize the risks involved when scanning a QR code in day-to-day situations. QR codes have become a convenient part of everyday life, used for everything from menus to payments, but they’ve also become a growing target for cyberattacks like Quishing. That’s why my team and I developed TrustQR: to give users control by instantly analyzing QR codes and clearly showing where a link leads, before it’s too late. Our goal was to make QR scanning not just easy, but safe for everyone.
Sameer: Our project was inspired by a dual drive: enhancing consumer security in an increasingly digital world, coupled with our ambition to win the Lily L. Chang MICS Capstone Award. During team brainstorming, the QR code security problem statement emerged as a compelling and feasible solution to develop within the concise 12-week capstone semester. Although it was not officially named “TrustQR” until February, the project was conceived from the outset with a clear commitment to protect users from an often-overlooked vulnerability using the power of AI and making it available to every user at no cost.
What was the timeline or process like from concept to final project?
Roy: We had the span of a semester to go from concept to completion, so the machine learning model underwent multiple iterations to make the product reliable. Since model accuracy depends heavily on the quality and relevance of its training data, a significant portion of our timeline was dedicated to sourcing, refining, and engineering a diverse dataset that reflects real-world QR code threats. Through repeated tuning and testing, we achieved 93.3% standalone model accuracy, which rose to 98.54% when combined with real-time cyber threat intelligence.
With this approach in mind, we dedicated the initial weeks to designing the supporting architecture, ensuring we could seamlessly integrate our machine-learning models to detect deepfake images. The subsequent weeks focused on incorporating and refining these models, ensuring accuracy and reliability. During the final stretch, we shifted our attention to testing and improving the user experience, assuring the final product met our goals of usability, speed, and transparency. The timeline was intensive but rewarding, as each stage brought us closer to delivering a fully functional and impactful solution.
Sameer: Our journey from concept to the final TrustQR was a dynamic and focused process. Our full six-member team was solidified in December and pivoted to the QR code security challenge after drawing valuable insights from the prior cohort’s capstone showcase and after exploring multiple ideas, pivoted to the QR code security challenge.
As our project timeline illustrates, the completion of our initial kickoff propelled us into an intense development cycle. In February, we hit key milestones, culminating in our minimum viable product (MVP) demo. We refined our scope, deferring some features to ensure timely delivery given our resources.
March was dedicated to enhancing AI model accuracy, rigorous testing, and overall refinement. Following security hardening, we conducted a soft launch in mid-March. Comprehensive field testing ran from March 28 through April 12, enabling us to validate and polish the product.
Finally, after navigating Google-mandated requirements, open and closed testing phases between March and May, TrustQR was successfully launched on the Google Play Store on May 17.
How did you work as a team? How did you work together as members of an online degree program?
Jeremy: Our product consists of a mobile application and a web API that utilizes a machine learning model. This allowed us to break the team into smaller groups and focus on those pieces.
We began with a virtual whiteboard to capture features that we wanted to include in the product. From there, we utilized Jira to move those features into user stories with estimates and developed a timeline. High-priority features were selected for inclusion in the demo at mid-semester. Tasks were assigned to team members, and progress was tracked to ensure we hit our targets. Weekly meetings included a standup where we could report on the progress of assigned tasks. The team identified the need early in the project to have the hosting infrastructure and build/deployment processes set up early to allow us to easily iterate over product releases.
JD: Working across time zones and personal schedules was definitely a challenge, but we turned that into a strength. We set clear expectations from the start, held each other accountable, and leaned into asynchronous tools. Everyone brought something different to the table: engineering, UX, policy, product, product management, and we respected that. Being in an online program already meant we had solid digital collaboration habits. Weekly check-ins, focused task ownership, and knowing when to ask for help were all key to our success.
How did your I School curriculum help prepare you for this project?
JD: The MICS program gave us the perfect blend of technical depth and design thinking. Courses on secure coding, human-computer interaction, and security policy all played a part. But most importantly, we learned how to think like builders and defenders, not just researchers. That balance helped us stay user-focused while still grounding TrustQR in solid cybersecurity principles. The emphasis on usability and human factors really shaped how we approached verification and trust in our design.
Jeremy: Properly securing the application and infrastructure, as well as protecting the user’s data, was of critical importance with the project. We were able to draw from instruction in several courses in the I School curriculum to help guide us. It was a lot of fun to put what we learned into an actual product and go from theory to concrete implementation.
Shanshan: The I School curriculum equipped us with a strong foundation in software security, applied machine learning, and cyber risk management, which are all critical to the development of TrustQR. Courses in secure system design, data privacy, and threat modeling enabled us to build a solution that is technically sound, privacy-aware, and security-first.
The capstone course provided much more than a project framework. It guided us through problem definition, topic selection, scope refinement, project planning, solution design, and the development of a comprehensive threat model. The course pushed us to think beyond the classroom and deliver a product with real-world impact.
“We’re proud of what we built, but more importantly, we’re proud of how we built it. It was built with clarity, purpose, and a focus on real users.”
Do you have any future plans for the project?
Roy: The Android mobile app is now live. We’re actively monitoring user feedback and plan to continue iterating on our product with the goal of refining accuracy, expanding threat integrations, and improving the user experience.
Shanshan: Yes. We are actively developing the iOS version for release on the App Store. TrustQR’s core AI/ML model for real-time URL security analysis can be integrated into other platforms, such as enterprise security tools, web gateways, or public kiosks, expanding its use beyond consumer applications. Currently, TrustQR addresses high-risk use cases like malicious QR codes found in car parking scams in San Francisco. The solution is designed to be scalable and adaptable, with the potential to expand into other cities and verticals, including public transportation, event ticketing, restaurant menus, and more.
Sameer: Our immediate focus is on strategic user acquisition for TrustQR while actively pursuing incubation opportunities, with programs like Berkeley Skydeck and Y Combinator at the top of our list.
Looking further ahead, a key strategic goal is to integrate TrustQR directly into smartphone ecosystems, partnering with platforms like Google and Apple to provide a seamless native layer of security for millions. While the financial investment required for such an integration presents a challenge, it is one we are enthusiastic and prepared to tackle as we evolve.
How could this project make an impact, or, who will it serve?
Mina: By providing real-time security analysis of QR codes, TrustQR helps prevent phishing attacks before they happen. Instead of relying on users to spot red flags, the app does the work for them by automatically checking links and alerting them to suspicious activity. TrustQR will serve anyone who scans QR codes. This will cover a wide range of users from busy commuters and restaurant-goers to small-business owners and event attendees. While the app will benefit users regardless of their level of technical expertise, it will be mostly valuable for users who aren’t tech-savvy, as it is less likely for them to be able to spot a malicious link.
Anything else you’d like to share?
JD: This project was a great example of what happens when people from different backgrounds come together with a shared purpose. We’re proud of what we built, but more importantly, we’re proud of how we built it. It was built with clarity, purpose, and a focus on real users. We’re grateful for the support from the faculty and our peers.
Sameer: TrustQR could not have been possible without the invaluable guidance and unwavering support of our capstone advisors Prof. Ryan Liu and Prof. Sekhar Sarukkai. We are profoundly grateful for their timely and direct feedback, which was instrumental in helping us refine the TrustQR product into a viable solution. Their mentorship kept us aligned with our goals, focused on timely delivery, and attentive to quality at every stage.
Our capstone journey was enriched by the entire cohort. The high bar set by each of the seven projects fostered healthy competition and provided invaluable peer feedback that kept us continuously on our toes to iterate. This experience extends beyond a single semester, embodying the spirit of the MICS program. I am proud to be part of such a vibrant and dedicated MICS community, committed to innovation and excellence.
MICS for Life! Go Bears!