What if someone has an iPhone?

Per https://support.google.com/recaptcha/answer/16609652

Supported Environments for reCAPTCHA Mobile Verification:

• Android Devices:

  • Google Play Services version 25.41.30 or greater.
  • To verify Google Play Services version on an Android device, open Settings > Apps > All Apps > Google Play Services

• iOS/iPadOS devices for QR Code Scan:

  • Version 15.0 or greater.

• iOS/iPadOS devices for “Click to Verify” Button:

  • Version 16.4 or greater.
  • Version 15.0-16.4 with the reCAPTCHA app installed.

What if I am browsing on my phone?

I’m not seeing anything related to that specifically, but I imagine a (supported) mobile browser will be able to interface with Play Services directly and not need a QR code challenge.

If you use an unsupported browser, I think we can both guess what’s gonna happen. As for what browsers are supported:

https://support.google.com/recaptcha/answer/6223828?hl=en&ref_topic=6188330&sjid=5375685544242031989-EU

Browser requirements for reCAPTCHA

We support the two most recent major versions of the following:

• desktop (Windows, Linux, Mac) - Chrome - Firefox - Safari - Chromium Edge
• mobile
  • Chrome
  • Safari
  • Android native browser

Guess if you’re using Firefox mobile, you’re fucked - plz switch to Chrome, thank you and welcome to our digital prison saferoom!

What if I don’t have my phone near me?

You mean you don’t carry our surveillance device with you 23/7 (we’ll give you an hour for sleep)?

I’m somehow reminded of that mobile Diablo announcement and the surprised response “Don’t you guys have phones?”

This sounds like some optional, extreme case feature. Like when they are pretty much sure you’re a bot but the website optionally gives you last one chance to prove you’re not instead of just rejecting your request.

The stated goal is to fight fraudulent agentic AI: “As we identify potentially fraudulent behavior from agents, we enable application providers to deter and mitigate malicious requests by requesting humans to be in the loop using the new QR code-based challenge.”

https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-fraud-defense-the-next-evolution-of-recaptcha/

So they’d do this when they suspect the thing interacting with the page is not a human, but expects a human to be involved with the process. How exactly that “potentially fraudulent behavior” would be detected is a different question and I have absolutely zero faith that it will fulfill its mission dutifully and without collateral damage. But then, if you’re compliant with their requirements, that collateral damage is negligible. They made sure that the prison saferoom is really comfy.