QRacking the code: what’s inside a SafeWA code?

The short answer: nothing unexpected – but it’s a fascinating look at how code and coders store data and why transparency matters.
Rockwell McGellin
Rockwell McGellin
STEM Content Creator
QRacking the code: what’s inside a SafeWA code?

QR codes have been around for decades. They were originally invented at Toyota to help label car parts on production lines, but they’ve worked their way into everyday life as well. From putting links on a bus stop ad to tracing contacts during a pandemic, storing a little bit of computer data on paper is a useful thing to be able to do.

But how do these strange little squares actually work? And what kind of data are they hiding? To find out, we talked to James Hentsridge, an open-source software developer. James wrote an amazing technical breakdown of what’s in WA’s very own SafeWA check-in codes.

Thinking inside the square

“So this is kind of like barcodes on your food, except it’s designed so that it can store a lot more data,” James says.

Data is still stored as a pattern of black and white spaces, but rather than lines read from left to right, it’s squares dotted from right to left, bottom to top, snaking back and forth across a grid.

“And rather than just a sequence of numbers, it can be arbitrary text data or even binary,” James says.

That means QR codes can store code, images, words, or – as we’ll see – web addresses. Because they’re storing more data, they’ve got a few extra tricks up their sleeve to make sure that data survives.

View Larger

The large squares in the corners help the scanning app figure out where the pattern starts and finishes.

View Larger

Other parts of the pattern help it figure out what size and angle the grid is.

“It’s also designed with some error correction, so that if there’s a smudge on your camera lens or someone’s put a logo in the centre of the QR code, it can still recover all the data.”

It’s a bit like the check digit on a regular barcode or a credit card number, but instead of just being able to verify the data, it can actually help fix it as well.

Lots of dots

What caught James’s eye about the SafeWA codes was their size. While they’re the same type of codes as, say, our Particle posters, the SafeWA codes have a lot more dots.

“There’s two things that can increase the size of the QR code. One of them is, yes, more data means bigger QR codes,” he says.

“The other one is you can change the redundancy. You could have very little redundancy, which means any errors in the scanning will mean you lose data, or lots of redundancy means it will increase the size of the code but you can fix more errors.”

SafeWA codes are either storing a lot of data or using a lot of error correction, but to figure out which it is, we need to go deeper.

A code within a code

Fortunately, the SafeWA app isn’t the only bit of software that can read these codes. Since it’s a standard QR code, we can open it in a different app – one that shows us exactly what’s being encoded.

And what do we see? It’s a web address, or URL, but that’s not exactly surprising, according to James.

“There’s a good reason to have this as a URL, because it identifies this as a SafeWA QR code rather than something else,” he says. “After that, you’ve got a big long string of letters and numbers,” he says.

View Larger

SafeWA codes are structured as web addresses, or URLs, so that phones without the app know what to do with them.

SafeWA codes are structured as web addresses, or URLs, so that phones without the app know what to do with them.

That means if you scan it with your camera app – say, if you’re new to WA and don’t have the app yet – you get sent to a website with more details rather than seeing just those letters and numbers. To a regular camera app, they don’t mean much, but to the SafeWA app, it’s the name and location of the venue you’ve visited.

“The SafeWA app sees that this URL is structured in a certain way, and then it extracts this venue ID and location, and it talks to the server and says you were here.”

The codes are big because that web address comes out pretty long – perhaps longer than it needs to be. It turns out they’ve got a little bit of redundancy and error correction in there as well, which James says could easily be left off to make the code a bit smaller.

The big picture

So despite the layers and layers of coding, SafeWA codes really do seem to be exactly what they claim to be. It’s your check-in location wrapped up in a way that’s easy for a phone to understand. But it’s important for humans to be able to understand it too.

“All these check-in systems depend on consent of people to actually participate. So if you break that trust, then they’re worthless,” James says.

Part of that trust is transparency. It’s easier to trust a system if you know how it works and that it does what it says. James says that’s something anyone can try.

“Trying to investigate these sorts of things … a lot of it is just looking for patterns,” he says.

"You pull on the string and see if it leads to something. Sometimes it does. Sometimes it doesn’t.”
Rockwell McGellin
About the author
Rockwell McGellin
Rockwell is a jack of all trades with a Masters in science communication. He likes space, beer, and sciencey t-shirts. Yes, Rocky is fine for short.
View articles
Rockwell is a jack of all trades with a Masters in science communication. He likes space, beer, and sciencey t-shirts. Yes, Rocky is fine for short.
View articles


We've got chemistry, let's take it to the next level!

Get the latest WA science news delivered to your inbox, every fortnight.


Creative Commons Logo

Republishing our content

We want our stories to be shared and seen by as many people as possible.

Therefore, unless it says otherwise, copyright on the stories on Particle belongs to Scitech and they are published under a Creative Commons Attribution-NoDerivatives 4.0 International License.

This allows you to republish our articles online or in print for free. You just need to credit us and link to us, and you can’t edit our material or sell it separately.

Using the ‘republish’ button on our website is the easiest way to meet our guidelines.


You cannot edit the article.

When republishing, you have to credit our authors, ideally in the byline. You have to credit Particle with a link back to the original publication on Particle.

If you’re republishing online, you must use our pageview counter, link to us and include links from our story. Our page view counter is a small pixel-ping (invisible to the eye) that allows us to know when our content is republished. It’s a condition of our guidelines that you include our counter. If you use the ‘republish’ then you’ll capture our page counter.

If you’re republishing in print, please email us to let us so we know about it (we get very proud to see our work republished) and you must include the Particle logo next to the credits. Download logo here.

If you wish to republish all our stories, please contact us directly to discuss this opportunity.


Most of the images used on Particle are copyright of the photographer who made them.

It is your responsibility to confirm that you’re licensed to republish images in our articles.


All Particle videos can be accessed through YouTube under the Standard YouTube Licence.

The Standard YouTube licence

  1. This licence is ‘All Rights Reserved’, granting provisions for YouTube to display the content, and YouTube’s visitors to stream the content. This means that the content may be streamed from YouTube but specifically forbids downloading, adaptation, and redistribution, except where otherwise licensed. When uploading your content to YouTube it will automatically use the Standard YouTube licence. You can check this by clicking on Advanced Settings and looking at the dropdown box ‘License and rights ownership’.
  2. When a user is uploading a video he has license options that he can choose from. The first option is “standard YouTube License” which means that you grant the broadcasting rights to YouTube. This essentially means that your video can only be accessed from YouTube for watching purpose and cannot be reproduced or distributed in any other form without your consent.


For more information about using our content, email us:

Copy this HTML into your CMS
Press Ctrl+C to copy