If a user scans a QR code that represents an invalid URL, onboarding succeeds, but the app is stuck in a crash loop on startup[1].

Fix

• Validate scanned URL during onboarding to prevent invalid URLs from being stored

Test

• Scan a QR code with an invalid URL

Expectation

• An error message is shown and the user can scan again

Actual result

• Onboarding succeeds, app fails to startup until app data is cleared

[1]: IncludeSec's 2021 Q2 security audit report pp. 9-12 Low-Risk Findings L3