When importing outside assets, Flickplay uses WalletConnect to establish a connection with the user's wallet, and a wallet signature to verify ownership.

 

WalletConnect is an open protocol that enables secure, two-way communication between dApps (Decentralized Applications), such as Flickplay, and crypto wallets. It establishes a connection between the dApp and the wallet, and allows the dApp to request certain actions such as signing or confirming transactions from the wallet. This allows the user to authorize certain actions within the dApp, without having to trust the dApp with their private keys.

 

Flickplay uses the user's wallet signature to verify that they are in control of the private keys matching the specified wallet, before importing the assets. This is considered safe because the user's private keys are never shared with the application or any other third party. The signature is used to confirm that the wallet owner has authorized this connection, but the private keys themselves are never exposed or shared.

 

Unlike many other dApps, Flickplay only establishes a connection to the wallet for the duration of the import process. This means that once the signature has been verified and assets imported, Flickplay closes the connection to the wallet. No further requests will come from Flickplay to the wallet, unless the user starts the import process again. This provides one extra layer of security for the user, as if the Flickplay app were to be compromised, it would not have an active connection with the wallet to trigger unauthorized requests.

 

As always, users should be careful when authorizing or signing requests from their wallet, and make sure that the request comes from the expected domain and matches an action the user triggered within a dApp.