the qr itself is just a link to a recaptcha web page with a unique identifier in the url.

the magic is all hidden in the required app that’s linked to your google account and device, and the interactions that take place between it and google’s servers once it sees that code or link.