diff --git a/detection-rules/qr_code_suspicious_indicators.yml b/detection-rules/qr_code_suspicious_indicators.yml
index 0700db03c02..838bf8e4756 100644
--- a/detection-rules/qr_code_suspicious_indicators.yml
+++ b/detection-rules/qr_code_suspicious_indicators.yml
@@ -17,6 +17,10 @@ source: |
                               .key == "Model"
                               or .key == "Software" and strings.starts_with(.value, "Android")
                   )
+                  // exclude images taken with mobile cameras and screenshots from Apple
+                  and not any(.scan.exiftool.fields,
+                              .key == "DeviceManufacturer" and .value == "Apple Computer Inc."
+                  )
           )
       )
       or (