Yes - another bit that I worked on (albeit tangentially).
The QR code stuff was an interesting one. There was a worry that people would generate fraudulent codes - hence the weird (in my opinion) signing requirements.
Similarly, with a URl there was a risk that people would open the page and think that was all they needed to do. Hence a code designed to be read by a specific app.
I think (and you'll have to forgive my slightly hazy memory of a difficult time) that it was based on the same code New Zealand were using for their check-in service.
The QR code stuff was an interesting one. There was a worry that people would generate fraudulent codes - hence the weird (in my opinion) signing requirements.
Similarly, with a URl there was a risk that people would open the page and think that was all they needed to do. Hence a code designed to be read by a specific app.
I think (and you'll have to forgive my slightly hazy memory of a difficult time) that it was based on the same code New Zealand were using for their check-in service.