On traditional blockchains like Ethereum, connecting to a decentralized application usually only means sharing your address. Because those ledgers are public, it enables the DApp to access the full transaction history and data of the user to function properly. On a private oriented network like Aleo, the DApp must as well have access to decrypted user private chain data hidden in the wallet.
Decrypt Permissions
Permissions detail the access rights to your privat data you give to a DApp. In any case, the permissions you gave to the DApp are only relevant when you are navigating on this DApp. When you are offline from the website, it cannot access your chain data.
When connecting to a DApp for the first time, those permissions are detailed in the connection popup, here are the four possible required permissions sorted from the least to the most permissive:
- No Decrypt: The App cannot access any of your private assets.
- Decrypt upon request: User will be asked every time wether the app can access some asset.
- Auto Decrypt: The App can decrypt any requested asset data without asking the user.
- On Chain History: The App has access to full pass private assets data and transaction ids.
Security considerations
You should double check every transaction inputs, program id, called function that DApps ask you to confirm through the Leo Wallet. Same goes with messages it asks you to sign.
Not checking a transaction initiated from a DApp can lead to losing control of your assets: Aleo Credits, Tokens, NFTs.