QR codes have quietly become one of the easiest ways to deliver malicious links. They show up in phishing kits, physical social‑engineering attempts, fake parking meters, restaurant menus, and even printed scam flyers. If you work in cybersecurity or DFIR, you’ve probably run into situations where you need to inspect a QR code without opening it. The problem? Most QR apps on iOS automatically open the link or make external requests. Many also include analytics or third‑party SDKs — not ideal when you’re handling suspicious payloads. A colleague of mine built QR Lume, a small iOS utility designed specifically for this problem. It lets you safely inspect the raw contents of a QR code inside Apple’s sandbox, with zero telemetry and no third‑party tracking.…