Feature Request: Support for zcash: Payment URI Handling in Zashi

[Tomas-M]

Summary
Zashi should register itself as a handler for the zcash: URI scheme so that when a user clicks a Zcash payment link in their browser, the app automatically opens and pre-fills the payment details.

Problem Description
Currently, if a website includes a Zcash Payment Request URI (as described in ZIP 321), such as:

<a href="zcash:ztestsapling10......?amount=1&memo=VGhpcyBpcyBhIHNpbXBsZSBtZW1vLg"> Pay Now </a>

clicking this link does not open the Zashi app, even if it is installed on the user's phone. Instead, nothing happens, or the browser may show an error.

Proposed Solution
Implement support for the zcash: URI scheme in Zashi by registering it in the app's manifest (Android) and appropriate settings for iOS.
When a user clicks a zcash: payment link, Zashi should:

• Open automatically.
• Prompt for PIN/biometric authentication (if required).
• Show a payment confirmation screen with prefilled details from the URI.

Since Zashi already supports parsing ZIP 321 payment URIs from QR codes, this functionality is mostly in place—the missing part is simply registering Zashi as a handler for zcash: links.

User Benefit

• Enables seamless payments from web browsers directly into the Zashi app.
• Improves user experience by eliminating the need to copy and paste payment addresses manually.
• Makes Zashi a more convenient option for merchants and customers using Zcash for online transactions.

Platform Scope
This feature request applies to both Android and iOS versions of Zashi, as both platforms need to register the app as a handler for zcash: links.

Additional Notes
I believe implementing this should be relatively straightforward, as similar functionality exists for handling QR codes. Thank you for considering this feature request!

[LukasKorba]

@Tomas-M what browser do you use please? We purposely don't allow to fill in the form from the links but tap on the link should at least take you to Zashi. It forwards me there from notes app as well as Safari.

[true-jared]

Thanks for adding this @Tomas-M, we appreciate the work you put in here!

This is a wonderful feature which unfortunately can have security impact and it was flagged to us during a security audit. We have come up with an internal solution which actually opens Zashi but forces the user to rescan the QR code in Zashi again to mitigate any security threat for malicious data manipulation. See Electric-Coin-Company/zashi#60 for more details on the possible security threats.

[LukasKorba]

@Tomas-M I tested href links on Safari, DuckDuckGo and Chrome, all browsers work as expected. Tap on link forwards me to Zashi app.

[Tomas-M]

@LukasKorba yeah sorry for confusion, I copy&pasted the same ticket from Zashi-Android github issues. On Android, nothing happens. OK maybe iPhone opens Zashi app, but anyway that is of no use, if the payment form (Send) is not filled in - that is what I was trying to say.

[Tomas-M]

I explained in #60 that rejecting URL scheme registration outright sacrifices crucial user experience without delivering a proportional security benefit

[Tomas-M]

Domain links, also known as universal links (iOS) or app links (Android), allow a specific website URL to directly open an associated app. I posted a detailed description at Electric-Coin-Company/zashi#60

[Tomas-M]

@Tomas-M I tested href links on Safari, DuckDuckGo and Chrome, all browsers work as expected. Tap on link forwards me to Zashi app.

I tested it now, and while testing, I noticed a potential problem. If you scan this QR code in your iPhone, is it fine? Because for me zashi app prints INVALID ADDRESS (and insufficient balance), the invalid address is an error because if I click the text field the error message disappears.