Connecting to dApps: WalletConnect, Injected Providers & Mobile Browser

Table of contents

• Overview: connection methods explained
• How to accept connection request in MetaMask (step-by-step)
  • Desktop — injected provider MetaMask
  • WalletConnect MetaMask (mobile handshake)
  • Mobile in-app browser MetaMask
• How to use MetaMask wallet with dApps — practical workflows
• How to confirm transaction in MetaMask wallet (step-by-step)
• How to unlock MetaMask wallet for CryptoKitties
• Security checklist for dApp connections
• Connection method comparison (quick table)
• Troubleshooting: common connection & tx issues
• Who this fits — who should look elsewhere
• FAQ
• Conclusion & next steps

---

Overview: connection methods explained

MetaMask offers three common ways to connect to a dApp: the injected provider (browser extension), WalletConnect sessions (QR/deep-link handshake), and the mobile in-app browser (provider injected inside the MetaMask mobile app). Each method has trade-offs in latency, UX, and security.

• Injected provider (extension): the web page detects window.ethereum and opens an immediate connect prompt. Fast on desktop. Low latency.
• WalletConnect MetaMask: pairs a mobile wallet and a dApp via a bridge server using a QR code or deep link. Good for desktop dApps and mobile wallets, but session setup takes a few seconds.
• Mobile in-app browser MetaMask: the dApp opens inside MetaMask mobile and the connection feels native (no QR). Best for mobile-first dApps.

In my experience the injected provider feels fastest for day-to-day DeFi. And yes, I've used WalletConnect dozens of times when switching between laptop and phone.

How to accept connection request in MetaMask (step-by-step)

This covers the three main flows. These step-by-step instructions map directly to the actions the dApp asks for.

Desktop — injected provider MetaMask

1. Open the dApp in your browser and click "Connect Wallet" (or equivalent).
2. If the site detects the injected provider, MetaMask opens a small popup with a list of accounts.
3. Select the account you want the dApp to see, click Next, then Connect.
4. The dApp now has permission to view that account address for the current domain.

Tip: before hitting Connect, check the domain in your browser address bar. A spoofed domain is a common phishing technique (see phishing-address-poisoning).

WalletConnect MetaMask (mobile handshake)

1. On desktop dApp, pick "WalletConnect" and the site shows a QR code.
2. Open MetaMask mobile (or another mobile wallet), go to WalletConnect and scan the QR. Or use the deep-link if presented.
3. Approve the session on your phone — the wallet shows requested permissions (account address, chain).
4. The desktop dApp is now paired via a session key. You can disconnect at any time from the WalletConnect session list.

But be careful when scanning QR codes from unknown pages.

Mobile in-app browser MetaMask

1. Open the MetaMask mobile app and use the browser tab to navigate to the dApp URL.
2. Tap the dApp's "Connect" button; MetaMask shows a connect prompt.
3. Choose the account and approve. No QR or external handshake needed.

This flow is usually most frictionless for mobile-first games and marketplaces.

How to use MetaMask wallet with dApps — practical workflows

What does a safe and efficient session look like? Follow these rules:

• Use a separate account for high-risk dApps (gaming, unknown bridges). Small balances reduce exposure.
• Confirm the requested chain before approving a signature or transaction. A chain mismatch often causes failed transactions.
• For frequent DeFi swaps, use a dedicated account and review token allowances after any approval (see token-allowances-and-revoke).

In my experience splitting accounts by purpose (trading, staking, NFTs) reduces accidental approvals. And that saved me once when I accidentally approved a test contract.

How to confirm transaction in MetaMask wallet (step-by-step)

When a dApp initiates a tx, MetaMask shows a confirmation screen. Here's how to verify it.

1. Read the "To" address and the token/value. Does the destination match the dApp action?
2. Expand the transaction details to check data (if available). Look for approval calls when giving allowances.
3. Review gas fees: MetaMask follows EIP-1559 on supported chains. You will typically see a max fee and a priority fee (the tip).
4. If satisfied, click Confirm. If not, Reject.

Speed up / cancel (if the tx is pending): open Activity, select the pending tx, and use Speed Up (resend with higher priority fee) or Cancel (replace with a zero-value tx to the same nonce). This resubmission uses the same nonce and requires a higher fee to be mined first.

If a signature request appears without a clear action (e.g., sign message), pause and verify why the dApp needs it before confirming.

How to unlock MetaMask wallet for CryptoKitties

CryptoKitties and similar older dApps expect a standard wallet connection on Ethereum Mainnet. Here's a short checklist:

1. Open MetaMask (extension or mobile) and unlock with your password or biometric.
2. Ensure the network is set to Ethereum Mainnet (switch if necessary — see custom-rpc-network-settings for adding networks).
3. Visit the CryptoKitties site in the browser (extension on desktop or in-app on mobile).
4. Click Connect, select your account, and confirm the connect prompt.
5. When performing NFT actions (mint, transfer), carefully read approval/signature prompts — NFT transfers often require a single-use approval or a contract approval.

If the site fails to detect your wallet, try the in-app browser or WalletConnect pairing as fallback. For more on mobile setup, see metamask-mobile-ios-android.

Security checklist for dApp connections

• Limit token allowance magnitude and revoke when done (token-allowances-and-revoke).
• Disconnect or revoke sessions after use (disconnect-connected-sites).
• Backup seed phrase offline and verify (seed-phrase-backup-recovery).
• Use hardware wallets for large balances (hardware-wallets-with-metamask).
• Check domain and SSL certificate before connecting (phishing domains are common).

I believe routine maintenance—revoking old approvals weekly—reduces attack surface considerably.

Connection method comparison (quick table)

Method	Typical latency	Keys exposed to dApp	Best for	Notes
Injected provider (extension)	< 2s on desktop	No — keys stay local	Fast DeFi interactions, hardware integrations	Direct, supports hardware via extension
WalletConnect MetaMask	2–10s handshake	No — session keys only	Desktop dApps with mobile signing	Relies on bridge server for handshake
Mobile in-app browser MetaMask	<2s inside app	No — provider injected	Mobile-first dApps, games	Seamless in-app UX
Hardware wallet via MetaMask	Depends on device	No — signs on device	Large-value tx confirmation	Adds security cost to UX

Troubleshooting: common connection & tx issues

• Connect prompt not appearing: reload page, ensure extension enabled or app unlocked, check pop-up blocker.
• WalletConnect QR won't scan: restart camera/phone, use deep-link option.
• Transaction stuck: try Speed Up/Cancel or increase priority fee (see pending-transaction-troubleshooting).
• Wrong network error: switch to the correct network or add it via custom-rpc-network-settings.

If problems persist, a reset or reinstall sometimes helps (see reset-delete-and-reinstall).

Who this fits — who should look elsewhere

Best fit:

• Users who need frequent dApp and DeFi interactions across EVM-compatible chains and L2s.
• Mobile users who prefer an in-app experience.

Who should look elsewhere:

• Users requiring cold storage for long-term holdings without daily interaction; consider a hardware-first workflow.

FAQ

Q: Is it safe to keep crypto in a hot wallet? A: Hot wallets are designed for daily use. They trade off convenience for increased exposure vs offline storage. Keep only operational balances in a hot wallet and move long-term holdings to hardware or cold storage. See security-checklist.

Q: How do I revoke token approvals? A: Use the token allowance UI in MetaMask or a third-party revocation tool. See token-allowances-and-revoke for a step-by-step.

Q: What happens if I lose my phone? A: Your wallet is protected by your seed phrase. Restore on a new device using the seed phrase (see seed-phrase-backup-recovery). If you used cloud backup, understand the additional risks.

Q: How do I accept connection request in MetaMask? A: See the earlier step-by-step section for injected provider, WalletConnect, and mobile browser flows.

Conclusion & next steps

Connecting MetaMask to dApps is straightforward once you understand the three main flows: injected provider, WalletConnect, and the mobile in-app browser. Use small test transactions, check domains, and limit token allowances. But don't forget to back up your seed phrase and consider hardware for large balances.

Ready to try it? If you need setup help, start with install-metamask-chrome-extension or metamask-mobile-ios-android. For WalletConnect specifics, see connect-to-dapps-walletconnect and walletconnect-guide.