WalletConnect is a protocol that lets a mobile software wallet (like MetaMask Mobile) talk to a web dApp without the dApp needing an injected provider. You can connect from your phone to a desktop dApp by scanning a QR code, or link a mobile dApp to your wallet via a deep link. I use WalletConnect regularly to keep my private keys on my phone while interacting with desktop DeFi apps. Short and practical: it keeps the signing on your device while the dApp runs elsewhere.
At a high level WalletConnect establishes an encrypted session between the dApp and your wallet. The dApp asks for a connection (via QR or deep link), you approve it on MetaMask Mobile, and a persistent session is created so the dApp can request signatures or transactions. The wallet signs locally. That means your private keys never leave your phone, but a connected session can persist until you disconnect it.
A couple of quick technical points (because I like understanding why things behave a certain way): WalletConnect uses a relay/bridge to pass encrypted JSON-RPC messages between the dApp and the wallet. The dApp will request chain access and account addresses, and can later request transactions or signatures. MetaMask Mobile prompts you for every action. Read each prompt carefully.
Below are two common flows. Use the QR flow when the dApp is on desktop. Use deep links when you’re connecting between two mobile apps.
(And yes — the exact menu labels can change between app versions. If you don’t see "WalletConnect" in the main menu, try the app’s connect or browser screens.)
Once connected, the dApp has an open session. That session allows the dApp to request operations until you disconnect it. Here’s what I do every time:
A real mistake I made years ago: I approved a large allowance to a shady contract during a rushed test. I removed it afterward, but it taught me to check the approval scope every time.
How this looks in practice for daily DeFi tasks:
A tip: If a dApp asks to change the chain, MetaMask Mobile will present a chain switch request. Confirm that the requested chain matches the dApp's UI and that you trust the site.
If you see unexpected signature requests, reject them and check the connection origin. Use transaction simulation tools if available (see tx simulation).
| Method | Best for | Requires | Notes |
|---|---|---|---|
| WalletConnect | Connecting mobile wallet to desktop dApps or mobile dApps via deep link | QR or deep link | Keeps signing on device; session persists until disconnected |
| In-app browser | Using dApps directly on phone without QR scanning | Built-in browser in the wallet | Fast for mobile-first flows; no WalletConnect pairing needed |
| Browser extension (desktop) | Desktop-first workflows with injected provider | Browser extension | Seamless on desktop web; not an option for keeping keys on phone |
(But remember: each method has trade-offs between convenience and attack surface.)
Who this method suits:
Who might look elsewhere:
Q: Is it safe to keep crypto in a hot wallet? A: Hot wallets are convenient but expose keys to the internet. I believe they’re fine for everyday DeFi activity if you follow good practices: seed phrase backup, small spendable balances, and regular permission reviews. For large holdings, consider hardware or cold storage.
Q: How do I revoke token approvals made via WalletConnect? A: Use the revoke page and service tools linked on Revoke approvals. Revoke the allowance from the specific spender address, then reconnect if needed.
Q: What happens if I lose my phone after connecting sessions? A: If your phone is lost, anyone with access to it and your unlocked wallet could sign transactions. Immediately use your seed phrase to restore on a new device and revoke approvals where possible (see lost phone and seed phrase backup and recovery).
WalletConnect MetaMask (and specifically walletconnect metamask mobile) gives you a flexible way to keep private keys on your phone while interacting with desktop and mobile dApps. Try the flow on a small test swap or read our how to swap guide before committing larger amounts. And if you’re testing a new dApp, connect with a fresh account or small balance first.
Further reading: manage connected sites (Manage connected sites), revoke approvals (Revoke approvals), and mobile setup details (MetaMask Mobile guide).
If you want a step checklist to follow on first connect, I can provide a printable one — would that help?