Sean did you ever find out if this was the case?
I agree with you that's exactly what I thought, eg how would the SQRC image "know" the reader....it couldn't be updated if a reader was compromised (eg like bluray's were)
It HAS to be getting the "proprietary information" from a webserver somewhere that CAN be updated and say this reader good, this reader bad in real time.
Otherwise how can it be continued to be relied upon as secure.
The reader itself is only a dumb QR reader (like any other reader).
All 'security' issues are handled in the application layer that uses the output of the reader.
The idea is to encode an identifier to the actual data in a QR code. Just like we use a url to point to some 'real' data. Make is somehow not-publicly available and you have your SQRC support.
If a normal QR reader would read the QR code, it just gets the identifier, not the actual data.
This makes it possible to provide some security layers to a QR code (As the QR code doesn't have any of such features).
It's just a lot of marketing blurb in order to give QR codes a better image.
For practically everything in Japan conventional 1D barcodes are used.
But you could implement such a 'secure' barcode just as well in 1D barcodes.
Beside for encoding urls for websites, QR codes have practically disappeared here.
There have been many people "talking through their hat" so to speak, saying things like "the reader itself is only a dumb QR reader".
Why not have a look at the errors encoded into the following QR code, and see if you can figure out how it's done? http://www.vitreoqr.com/2014/Q_Reader_App_files/SQRC_Demo_VQR_Web_Site.jpg
Try re-encoding the public data from that code at various error levels, and see if you can make your regenerated QR code look the same (or even similar, in terms of grid size). There's a bunch of extra bits there which are being discarded by non-SQRC readers. That's the point - it contains both public and private data encoded in a single QR code. The question is, how do we decode those extra bits?
I suppose someone might try reverse engineering the Arara QR reader android app to find out how... https://play.google.com/store/apps/details?id=com.arara.q
Regards,
Tyson.