New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider disabling zcash: URI scheme #1096
Comments
Support for deplinks was impemented very long time ago, I think around mid 2022 because at that time it was a regular requirement but nobody defined actual and useful deeplinks. So the implementation is still in (nowadays) Zashi, doing:
As a debug example sending some amount to a specific address URL was used but it's no longer valid because the infrastructure of (nowadays) Zashi changed. We have 2 options:
Please NOTE, I agree that definition of the URI automatically allows some other apps to discover Zashi but we can't do anything about it, it's how iOS designed. Title of this issue says |
Yes it sucks. It would basically mean abandoning ZIP 321. But I want everyone to know that I am very serious about deprecating/removing features that can't in practice be made secure, even if we have expended a lot of work on them. |
Not actually. The Zashi app can choose not to tell the OS that it can handle the URI, but in fact handle it internally when scanning it from a QR or receiving a share item that contains a payment URI in the form of text. The UX wouldn't be "automagical" like Apple likes it but Zcash's mission is not to be super lean at any cost.
I agree with this. It's the right thing to do |
This is @defuse's suggested mitigation for #1093 and #1094.
The text was updated successfully, but these errors were encountered: