QRacking the code: what’s inside a SafeWA code?
QR codes have been around for decades. They were originally invented at Toyota to help label car parts on production lines, but they’ve worked their way into everyday life as well. From putting links on a bus stop ad to tracing contacts during a pandemic, storing a little bit of computer data on paper is a useful thing to be able to do.
But how do these strange little squares actually work? And what kind of data are they hiding? To find out, we talked to James Hentsridge, an open-source software developer. James wrote an amazing technical breakdown of what’s in WA’s very own SafeWA check-in codes.
Thinking inside the square
“So this is kind of like barcodes on your food, except it’s designed so that it can store a lot more data,” James says.
Data is still stored as a pattern of black and white spaces, but rather than lines read from left to right, it’s squares dotted from right to left, bottom to top, snaking back and forth across a grid.
“And rather than just a sequence of numbers, it can be arbitrary text data or even binary,” James says.
That means QR codes can store code, images, words, or – as we’ll see – web addresses. Because they’re storing more data, they’ve got a few extra tricks up their sleeve to make sure that data survives.
“It’s also designed with some error correction, so that if there’s a smudge on your camera lens or someone’s put a logo in the centre of the QR code, it can still recover all the data.”
It’s a bit like the check digit on a regular barcode or a credit card number, but instead of just being able to verify the data, it can actually help fix it as well.
Lots of dots
What caught James’s eye about the SafeWA codes was their size. While they’re the same type of codes as, say, our Particle posters, the SafeWA codes have a lot more dots.
“There’s two things that can increase the size of the QR code. One of them is, yes, more data means bigger QR codes,” he says.
“The other one is you can change the redundancy. You could have very little redundancy, which means any errors in the scanning will mean you lose data, or lots of redundancy means it will increase the size of the code but you can fix more errors.”
SafeWA codes are either storing a lot of data or using a lot of error correction, but to figure out which it is, we need to go deeper.
A code within a code
Fortunately, the SafeWA app isn’t the only bit of software that can read these codes. Since it’s a standard QR code, we can open it in a different app – one that shows us exactly what’s being encoded.
And what do we see? It’s a web address, or URL, but that’s not exactly surprising, according to James.
“There’s a good reason to have this as a URL, because it identifies this as a SafeWA QR code rather than something else,” he says. “After that, you’ve got a big long string of letters and numbers,” he says.
That means if you scan it with your camera app – say, if you’re new to WA and don’t have the app yet – you get sent to a website with more details rather than seeing just those letters and numbers. To a regular camera app, they don’t mean much, but to the SafeWA app, it’s the name and location of the venue you’ve visited.
“The SafeWA app sees that this URL is structured in a certain way, and then it extracts this venue ID and location, and it talks to the server and says you were here.”
The codes are big because that web address comes out pretty long – perhaps longer than it needs to be. It turns out they’ve got a little bit of redundancy and error correction in there as well, which James says could easily be left off to make the code a bit smaller.
The big picture
So despite the layers and layers of coding, SafeWA codes really do seem to be exactly what they claim to be. It’s your check-in location wrapped up in a way that’s easy for a phone to understand. But it’s important for humans to be able to understand it too.
“All these check-in systems depend on consent of people to actually participate. So if you break that trust, then they’re worthless,” James says.
Part of that trust is transparency. It’s easier to trust a system if you know how it works and that it does what it says. James says that’s something anyone can try.
“Trying to investigate these sorts of things … a lot of it is just looking for patterns,” he says.
"You pull on the string and see if it leads to something. Sometimes it does. Sometimes it doesn’t.”