QR Codes Are Back (And This Time It's Different)

In 2015, if you put a QR code in a marketing presentation, people laughed. "QR codes are dead," said every tech blog. "Nobody scans them," said every marketer who'd tried. "They're ugly," said every designer forced to include one.

They weren't wrong. QR codes in 2015 were a usability disaster. The technology worked, but the implementation was broken.

Then a pandemic happened. Suddenly, nobody wanted to touch shared menus, payment terminals, or paper anything. QR codes went from punchline to necessity overnight.

But here's the thing: QR codes would have stayed dead after the pandemic ended if nothing else had changed. Plenty of pandemic behaviors reverted to normal. QR codes didn't. They stuck.

Something is genuinely different this time.

What Went Wrong Before

QR codes in the early 2010s had a crippling friction problem.

To scan a QR code in 2012, you needed to:

1. Know what a QR code is (many people didn't)
2. Download a QR code scanner app
3. Open the app
4. Grant camera permissions
5. Point it at the code
6. Wait for it to process
7. Hope the link actually worked

Most people gave up at step 2. The value proposition wasn't worth the effort. Why download an app to visit a website you could just type in?

And the marketing use cases were absurd. QR codes appeared on:

Highway billboards. Can't scan at 70 mph. Who approved this?

Subway ads in underground stations. No cell signal to load what the code points to.

Websites. A QR code that links to a website... displayed on a website. Just click the link.

TV commercials. Gone in 3 seconds. Nobody scans that fast.

Email newsletters. You're already on your phone. Just make it a link.

The technology was sound. The implementations were embarrassing. No wonder people gave up on them.

What Changed

Two fundamental changes made QR codes viable.

Native camera integration. Starting around 2017, iOS and Android added QR code recognition to the default camera app. No third-party app required. Point your phone at a code, a notification appears, tap it, done.

This single change removed 80% of the friction. Instead of download-open-grant-scan-wait, it became point-tap. The action fits naturally into what people already do when they want to photograph something interesting.

Genuinely useful applications. The pandemic forced use cases that actually made sense:

• Restaurant menus that don't require touching anything
• Payment systems that avoid shared terminals
• Check-in systems that don't require sign-in sheets
• Vaccine verification that doesn't require paper cards

When QR codes solved real problems, people learned to use them. And once learned, the behavior stuck.

Where QR Codes Actually Work

Let's talk about applications that make sense in 2026.

Payments. In China, QR-based payments via Alipay and WeChat Pay process trillions of yuan annually. They're so dominant that some vendors no longer accept cash. In the US, Venmo and Cash App made QR payments familiar for peer-to-peer transfers. Square and other POS systems use them for small businesses.

The mental model is simple: scan to pay. No card to hand over, no terminal to touch, no signatures. The security model is also compelling — the merchant never sees your card number.

Authentication. WhatsApp Web pioneered scan-to-authenticate for consumer apps. Open WhatsApp Web in your browser, scan the QR code with your phone, done. Now you're logged in, authenticated by the device you already trust.

This pattern spread to Discord, Telegram, Signal, and countless other services. It's also common for two-factor authentication setup — scan the QR code to add the account to your authenticator app.

Physical-digital bridges. This is where QR codes shine brightest. They connect physical objects to digital experiences:

• Product packaging links to instructions, warranty registration, or reorder pages
• Museum exhibits link to audio guides and extended information
• Business cards link to contact profiles and portfolios
• Real estate signs link to property listings
• Billboards (now with reasonable context) link to landing pages
• Conference badges link to attendee profiles

The QR code becomes a portal. Physical thing in, digital experience out.

Dynamic content. Unlike printed URLs, QR codes can redirect anywhere. Print a QR code on packaging, and you can change where it points months later:

• Update with seasonal promotions
• Redirect based on location
• A/B test landing pages
• Fix broken links without reprinting
• Track scan analytics

This makes QR codes dramatically more valuable than static URLs for printed materials.

The Security Reality

QR codes are opaque to humans. You can't look at a QR code and know where it leads. This creates real security risks.

QR phishing is real. Malicious actors print fake QR codes and place them over legitimate ones. A sticker on a parking meter redirects to a fake payment page. A sticker on a restaurant table redirects to a phishing site. A sticker on a product redirects to malware.

This is called "quishing" (QR phishing), and it's a growing attack vector precisely because QR codes are having a renaissance.

Verification is hard. When you hover over a link, your browser shows where it goes. When you scan a QR code, most phones show a brief preview of the URL — but users rarely check it carefully. The cognitive load of evaluating "is this URL legitimate?" in the moment is high.

Best practices for scanning:

• Be suspicious of QR codes in public places, especially if they look like stickers
• Check the URL preview before tapping through
• Be especially careful with QR codes that lead to payment or login pages
• When in doubt, navigate to the site manually instead of scanning

Best practices for creating:

• Use domains you control
• Use HTTPS
• Consider branded QR codes (with your logo) that are harder to counterfeit
• For high-security applications, use signed or encrypted payloads

Static vs. Dynamic QR Codes

Understanding this distinction helps you build better implementations.

Static QR codes encode data directly. The code itself contains the URL, text, or other information. Once printed, you can't change what the code contains. If you need to change the destination, you need to print new codes.

Dynamic QR codes point to a redirect service you control. The code contains something like https://yourapp.com/qr/abc123, and your server decides where that redirects. You can change the destination anytime without reprinting.

Dynamic codes offer:

• Ability to change destinations after printing
• Scan analytics (when, where, how many times)
• A/B testing and personalization
• Graceful handling of removed content

The tradeoff: dynamic codes depend on your server. If your server is down, the QR codes break. Static codes work forever (or until the destination disappears).

For most business applications, dynamic codes are worth the dependency. For archival or offline applications, static codes are safer.

Technical Implementation

Generating QR codes is straightforward:

async function generateQRCode(content, options = {}) {
  const response = await fetch('https://api.apiverve.com/v1/qrcodegenerator', {
    method: 'POST',
    headers: {
      'x-api-key': API_KEY,
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      value: content,
      size: options.size || 300,
      format: options.format || 'png'
    })
  });

  const { data } = await response.json();
  return data.downloadURL; // URL to download the QR code image
}

For dynamic codes, generate codes that point to your redirect service, then track and redirect:

async function createDynamicQR(destination, metadata = {}) {
  // Create a redirect entry in your database
  const shortCode = generateShortCode();

  await db.qrRedirects.insert({
    shortCode,
    destination,
    metadata,
    createdAt: new Date(),
    scanCount: 0
  });

  // Generate QR pointing to your redirect endpoint
  const redirectUrl = `https://yourapp.com/qr/${shortCode}`;
  return generateQRCode(redirectUrl);  // Returns downloadURL
}

Reading QR Codes

Sometimes you need the other side — your app needs to process QR codes that users scan or upload.

Common use cases:

• Event check-in systems that validate tickets
• Inventory systems that process scanned labels
• Document processing that extracts QR data from uploaded images
• Authentication systems that verify scan requests

async function decodeQRImage(imageFile) {
  const formData = new FormData();
  formData.append('image', imageFile);

  const response = await fetch('https://api.apiverve.com/v1/qrcodereader', {
    method: 'POST',
    headers: { 'x-api-key': API_KEY },
    body: formData
  });

  const { data } = await response.json();
  return data.text;  // The decoded content from the QR code
}

Design Considerations

QR codes don't have to be ugly black-and-white squares.

Error correction is built into QR codes. They use Reed-Solomon error correction at four levels (L, M, Q, H), allowing 7% to 30% of the code to be damaged or obscured while still scanning correctly.

This means you can:

• Add a logo in the center (covering up to 30% of the code)
• Use brand colors instead of black and white
• Round the corners of modules
• Embed the code into design elements

But there are limits. Test extensively before printing thousands of branded codes. Some phones and cameras handle damaged codes better than others. What works on the latest iPhone might fail on a budget Android phone from 2019.

Size matters. QR codes need to be large enough for cameras to read from the expected distance. A QR code on a poster viewed from 10 feet needs to be larger than one on a business card viewed from 6 inches.

Rule of thumb: the code should be at least 1/10th the scanning distance. For a poster viewed from 5 feet (60 inches), the code should be at least 6 inches on a side.

Contrast matters. Dark modules on a light background work best. Avoid low-contrast color combinations that might work on your screen but fail in different lighting conditions.

When Not to Use QR Codes

QR codes aren't always the right solution.

Don't use them when a link would work better. If you're already in a digital context (email, website, app), just use a hyperlink. QR codes are bridges from physical to digital, not digital to digital.

Don't use them for time-critical actions. Scanning takes a few seconds. If users need to act quickly, buttons work better.

Don't use them where they can't be scanned. Moving contexts (video, driving past billboards), tiny spaces (watch faces), or inaccessible locations (high on walls).

Don't assume everyone can scan. Some users don't know how. Some have older phones without native scanning. Some have accessibility needs that make scanning difficult. Always provide alternatives.

The Future

QR codes aren't going anywhere. The installed base is too large, the behavior is too ingrained, and the use cases are too valuable.

If anything, expect expansion:

• More payment systems built on QR
• More authentication flows using QR
• More physical-digital bridges in retail and museums
• More AR experiences triggered by QR (scan to see the product in your space)
• Better security measures to combat quishing

The technology that was a punchline in 2015 has become infrastructure in 2026. Not because the technology changed much, but because the ecosystem finally caught up.

---

Generate QR codes with the QR Code Generator API. Read and validate them with the QR Code Reader API. Bridge physical and digital seamlessly.

---

Originally published at APIVerve Blog