No it is not impossible. The scanning and encryption of the private key is done offline, to protect it from the above mentioned dangers. Nobody can visually record or snoop your session, if this is done offline.
The App will have to contain some software to convert the QR Code to text and also a method to encrypt&decrypt the text, before it is validated on the Blockchain, when you go online again.
The App will reduce the risk in doing this ONLINE. You cannot have a situation where you stored coins securely for years in a paper wallet and the moment you go online to sweep it, then it is gone.
Every time I have to sweep paper wallets, I get that tightness in my ass, because you never know who is looking over your shoulder.
My long-term strategy for cold storage require me to have multiple paper wallets with small quantities. I do not want to store all my eggs in one paper wallet and every time I want to sell, I have to sweep all my coins and expose my whole hoard/private key. It just make sense to have multiple paper wallets, if you want to store bitcoins for a long time, but sometimes you have a need to use some and then you only have to sweep 1 or 2.
Of course your keys can be stolen even if you are offline- malware that exploits bugs like Meltdown and Spectre will just steal them from your memory as soon as they touch your system and then will send your keys and other valuable data to remote server as soon as you will go online. The only way to mitigate the possibility of this attack is to get a real cold storage - a separate machine that has never touched the Internet and will never touch.
Also, there's another point of failure with paper wallets - if you have generated them on some web page, their randomness might be weak, because Javascript can't generate cryptographically secure random numbers.