I wondered about that too. My guess is that the image was just a trigger loaded off either a remote server or a local server installed by the exploit so they could know when the user was logged in to their Google account rather than a personal account, which would be off-limits for the exercise.

I’m guessing the documentary just glossed over it for brevity.