Why do some QR codes have logos in the middle?

Logos are possible because QR codes use Reed-Solomon error correction. At Level H (High), the code can recover from up to 30% data loss. A logo covering the centre is treated as a corrupted region and reconstructed from the surrounding redundant data.

Can a QR code be used more than once?

Static QR codes (which directly encode the destination) can be scanned unlimited times. Dynamic QR codes (which encode a redirect URL) can also be scanned unlimited times, and the destination can be changed without reprinting the code.

Are QR codes a security risk?

They can be. Because QR codes are opaque — you cannot read what they encode before scanning — they are used in phishing attacks ("quishing"). A privacy-first scanner like QR Scanner AI shows you the decoded URL before any browser action is taken, giving you a chance to check the domain.

How small can a QR code be and still scan reliably?

The practical minimum for reliable scanning with a standard smartphone camera in typical lighting is approximately 2cm × 2cm. Below this, the individual modules become difficult for the camera to resolve clearly, especially at distance.

Static QR codes never expire — they encode their destination permanently. Dynamic QR codes can be set to expire by whoever manages the redirect service. A code that no longer scans typically means the redirect has been disabled, not that the code itself has changed.

What formats should I use for print vs digital QR codes?

For digital use (web, email, apps), PNG at 300×300 pixels minimum is acceptable. For print use, always request SVG (vector format) — it scales to any size without quality loss. A PNG printed at business card size will be pixelated and potentially unscannable.

How do I know if my QR code will scan before printing?

Test it on at least three different devices using different apps before committing to a print run. Include your own scanner, a different brand phone, and a native camera app. Contrast, quiet zone, and minimum size are the three most common causes of print scan failures.

Why do some QR codes have logos in the middle?

Logos are possible because QR codes use Reed-Solomon error correction. At Level H (High), the code can recover from up to 30% data loss. A logo covering the centre is treated as a corrupted region and reconstructed from the surrounding redundant data.

Can a QR code be used more than once?

Static QR codes (which directly encode the destination) can be scanned unlimited times. Dynamic QR codes (which encode a redirect URL) can also be scanned unlimited times, and the destination can be changed without reprinting the code.

Are QR codes a security risk?

They can be. Because QR codes are opaque — you cannot read what they encode before scanning — they are used in phishing attacks ("quishing"). A privacy-first scanner like QR Scanner AI shows you the decoded URL before any browser action is taken, giving you a chance to check the domain.

How small can a QR code be and still scan reliably?

The practical minimum for reliable scanning with a standard smartphone camera in typical lighting is approximately 2cm × 2cm. Below this, the individual modules become difficult for the camera to resolve clearly, especially at distance.

Static QR codes never expire — they encode their destination permanently. Dynamic QR codes can be set to expire by whoever manages the redirect service. A code that no longer scans typically means the redirect has been disabled, not that the code itself has changed.

What formats should I use for print vs digital QR codes?

For digital use (web, email, apps), PNG at 300×300 pixels minimum is acceptable. For print use, always request SVG (vector format) — it scales to any size without quality loss. A PNG printed at business card size will be pixelated and potentially unscannable.

How do I know if my QR code will scan before printing?

Test it on at least three different devices using different apps before committing to a print run. Include your own scanner, a different brand phone, and a native camera app. Contrast, quiet zone, and minimum size are the three most common causes of print scan failures.

How QR Codes Actually Work: A Complete Technical Guide for 2025

Q: What is the maximum amount of data a QR code can store?

A Version 40 QR code (the largest standard size) can hold up to 7,089 numeric characters, 4,296 alphanumeric characters, or 2,953 bytes of binary data. Most QR codes used in practice encode far less — typically a URL of 50–100 characters.

The first time most people encounter a QR code, they scan it without a second thought. It works. They move on. But if you asked them how — how a phone camera can look at a square of black and white dots and within milliseconds know it encodes a URL, a Wi-Fi password, or a train ticket — most people would have no idea. That gap between using a technology and understanding it is, I think, where all the interesting security risks hide.

This guide explains the full picture: the engineering that makes QR codes work, the error correction system that makes them resilient, the security risks that make them dangerous when misused, and the practical choices that make the difference between a QR code that works reliably and one that fails at the worst possible moment.

What a QR Code Actually Is

A QR code (Quick Response code) is a two-dimensional matrix barcode — a grid of black and white squares that encodes data both horizontally and vertically. This two-dimensional structure is what gives QR codes their dramatic storage advantage over traditional one-dimensional barcodes, which only encode data along a single horizontal axis.

A one-dimensional barcode like the UPC-A you find on a supermarket product encodes around 12 digits. A QR code of equivalent physical size can hold up to 7,089 numeric characters, 4,296 alphanumeric characters, or 2,953 bytes of binary data. That is roughly 300 times the storage capacity in the same physical footprint.

Denso Wave, a Toyota subsidiary, developed QR codes in 1994 to track vehicle parts on the assembly line. The "Quick Response" name referred to the scanning speed — the codes could be read far faster than existing barcode systems. For the first decade of their existence, QR codes were almost exclusively an industrial logistics tool. The smartphones that would eventually make them ubiquitous did not exist yet.

The Six Structural Elements of Every QR Code

Every QR code, regardless of size or content, has the same structural anatomy:

1. Finder Patterns

The three large squares in three corners of the code (not the fourth corner — that is deliberate). These allow any scanner to instantly identify the presence, orientation, and size of the code regardless of what angle it is viewed from. A QR scanner identifies these three squares first, then calculates the geometry of the rest of the code from their positions.

2. Alignment Patterns

Smaller squares that appear inside the data area of larger QR codes. They help the scanner correct for image distortion — particularly useful when a code is photographed at an angle, printed on a curved surface, or slightly creased. Smaller QR codes (versions 1–6) do not have alignment patterns; they are only needed when the grid is large enough that distortion becomes a meaningful problem.

3. Timing Patterns

Alternating black-and-white rows and columns that connect the finder patterns. They give the scanner a reference grid to work from, helping it correctly map the position of every data module even when the image is slightly skewed or at a resolution where individual squares are not sharply defined.

4. Format Information

Encoded in bands adjacent to the finder patterns, format information tells the scanner which error correction level is in use and which data mask pattern was applied. It is stored twice — once on each side of each finder pattern — so a partially obscured code can still be correctly decoded.

5. Data Modules

The actual encoded content, spread across the remaining grid in a specific zigzag pattern. The data is encoded in one of four modes — numeric (the most efficient for numbers), alphanumeric (letters, numbers, and a small set of symbols), binary (any byte data, including URLs), or kanji (Japanese character encoding). Most QR codes used in everyday life use binary mode, which is why they can encode any URL regardless of what characters it contains.

6. Quiet Zone

The blank white border surrounding the entire code. It is not decorative — it is structurally necessary. Without it, a scanner cannot determine where the code ends and surrounding content begins. The required minimum is four module-widths on all sides. Many poorly implemented QR codes — particularly those printed with insufficient margins — fail because this quiet zone is not respected.

Reed-Solomon Error Correction: Why Damaged QR Codes Still Work

This is the part of QR code engineering that I find genuinely impressive. QR codes use Reed-Solomon error correction — the same mathematical algorithm that NASA developed for deep-space communications, where a signal might travel billions of kilometres and arrive corrupted by cosmic interference.

There are four error correction levels:

Level L (Low) — recovers up to 7% of codewords. Produces the smallest QR code for a given data payload.
Level M (Medium) — recovers up to 15%. The sensible general-purpose default.
Level Q (Quartile) — recovers up to 25%. Better for codes that might be partially obscured in use.
Level H (High) — recovers up to 30%. The standard choice when you want to overlay a logo on the code.

The practical implication: you can physically destroy or cover up to 30% of a QR code — with a logo, a stain, a scratch, or deliberate damage — and it will still scan correctly. This is not a feature that was added later; it is baked into the original standard. It is also why branded QR codes work. When a company embeds their logo in the centre of a QR code, they are deliberately "damaging" the code and relying on Level H error correction to reconstruct the missing data. The scanner sees the logo as a corrupt region and fills it in using the redundant data stored in the surrounding modules.

How a Phone Camera Actually Reads a QR Code

The scanning process that feels instantaneous to you is actually a precise, multi-stage image processing pipeline that runs in fractions of a second:

Image capture — The camera continuously captures frames. The scanner software analyses each frame, looking for QR code structures.
Binarisation — The image is converted to pure black and white using adaptive thresholding. This eliminates variations in lighting, contrast, and shadow that would otherwise make the code unreadable.
Finder pattern detection — The algorithm searches for the characteristic 1:1:3:1:1 ratio of dark:light:dark:light:dark modules that defines a finder pattern. Finding three of these in the correct geometric relationship confirms a QR code is present.
Perspective correction — Using the positions of the finder patterns (and alignment patterns for larger codes), the software calculates a transformation matrix to flatten the distorted image into a square grid.
Module sampling — Each grid position is sampled to determine whether it is a dark or light module, building a binary matrix of the entire code.
Format decoding — The format information modules are read to determine error correction level and data mask.
Data mask removal — QR codes apply one of eight data masking patterns to prevent large uniform areas (which are harder to scan reliably). The mask is reversed before decoding.
Reed-Solomon error correction — Any corrupted codewords are identified and corrected.
Data decoding — The corrected binary data is converted to the final output: a URL, text string, contact card, or whatever the code contains.

On a modern smartphone with a decent camera and QR Scanner AI, this entire process typically takes under 200 milliseconds. In poor lighting or with a damaged code, the software runs additional passes — adjusting exposure parameters, trying different binarisation thresholds — which might add another second or two. A well-designed scanner like qrscanner.akstool.com handles these edge cases automatically.

The Security Problem Nobody Talks About Enough

Here is the uncomfortable truth about QR codes: they have become an excellent attack vector for phishing, and most people have no idea. The technique is called "quishing" (QR code phishing), and it works precisely because QR codes are opaque — you cannot read what they encode before scanning them.

A malicious QR code looks identical to a legitimate one. An attacker can print a sticker with their malicious code and place it over a legitimate QR code — on a parking meter, a restaurant table, a hospital check-in poster, or a concert venue entrance. The victim scans what they believe is the official code and is redirected to a phishing page, malware download, or fake payment portal.

The scale of this problem has increased significantly since 2020, when QR codes became the default contactless interaction mechanism in a huge range of venues. According to cybersecurity researchers, QR phishing attacks increased by over 400% between 2021 and 2023.

A privacy-first scanner like QR Scanner AI mitigates this by:

Displaying the decoded URL before any browser action is taken, giving you a chance to inspect the domain
Processing everything on-device — no scan contents are transmitted to external servers where they could be logged
Not storing scan history in any cloud backend that could be breached

The right question to ask of any QR scanner is not "does it scan quickly?" but "what happens to my scan data?" A scanner that logs every URL you scan and associates it with your identity is, in a real sense, a surveillance tool.

Business Use Cases: What QR Codes Are Actually Good At

Not all QR code use cases are created equal. Some are excellent. Some are misguided. After years of seeing both, here is my honest assessment:

Genuinely useful:

Wi-Fi sharing — A Wi-Fi QR code is genuinely better than a password in almost every situation. Guests do not need to type a complex password, you do not need to say it out loud in a public space, and you can regenerate the code if you change the password. See how to generate one with QR Scanner AI.
Contact cards (vCards) — Generating a QR code that encodes your contact information is far more reliable than expecting someone to transcribe a phone number correctly from a business card. One scan saves the contact directly to their phone.
Event check-in — QR codes work well as proof of identity or booking confirmation in high-throughput situations. A scanner reads the code; a backend validates it. Fast, scalable, and with decent error rates.
Product information — Linking a physical product to a detailed digital page, user manual, or video tutorial is a legitimate and user-friendly use case.

Often misguided:

QR codes on billboards — Requiring someone to safely pull out their phone, unlock it, open a camera, and scan a code at 60mph is not a well-designed user experience.
QR codes in email — If someone is reading your email on their phone, they cannot scan a QR code with the same device. And if they are at a desktop, the friction is higher than a link.
QR codes as a substitute for usability — Placing a QR code on something because you do not have space for information is not the same as good design.

What Makes a QR Code Actually Work in Print

Generating a QR code is trivial. Generating one that scans reliably on a business card, a product label, or a large-format poster — that requires a bit more thought.

Use SVG for digital, high-resolution PNG for print. A 300×300 pixel PNG will look acceptable on screen but will be pixelated and potentially unscannable when printed at 3cm × 3cm. Get an SVG (vector format) for print use; it scales without quality loss.
Minimum size is 2cm × 2cm. Below this, most phone cameras struggle to capture enough detail for reliable decoding, especially in standard lighting conditions.
Dark modules on a light background. This is the standard. Inverting to white on dark can work but reduces reliability — some scanner implementations do not support it, and contrast requirements are stricter.
Keep the quiet zone. Four module-widths of white space around all four sides. Not two. Not one. Four.
Test before you print. Scan your QR code with three different apps on two different phones before committing to a large print run. What works on your phone may not work on someone else's.
Use error correction Level H if adding a logo. If you want to put a logo in the centre (which will block some modules), Level H gives you the maximum 30% data reconstruction tolerance.

QR Codes in 2025: Where They Are Heading

QR codes have stabilised as infrastructure. They are no longer a novelty, and they are not going away. A few trends are worth noting:

Dynamic QR codes — codes that encode a redirect URL rather than the final destination, allowing the destination to be changed without reprinting the code — have become standard practice for marketing use cases. The code always points to the same short URL; that URL's destination can be updated in real time.

QR codes in payments — already dominant in China (WeChat Pay, Alipay) and India (UPI), QR-based payments are gradually gaining ground in the UK through schemes like Barclays' Pingit and various contactless POS integrations.

Security scrutiny — as quishing attacks increase, there is growing pressure on scanner apps to implement domain safety checks. Expect this to become a standard feature expectation rather than a differentiator.

For the most up-to-date advice on QR code security, see our guide on QR code security risks you should know about. For creating and scanning QR codes on Android, QR Scanner AI remains our recommended tool.

Explore the full QR Codes category for more guides, or browse the blog for the latest articles.