When a dApp asks your wallet to "connect", it gets a record linking your account address to that site. That connection lets the dApp ask for signatures, present balances, and request token approvals. Connected sites are not the same as token approvals (they don't themselves allow token transfers). But a connected site can prompt you to sign an approval — so managing connections is an early line of defense.
Why check them? Because some dApps persist long-lived connections you no longer use. And because old connections are a surface attackers can exploit (phishing pop-ups, malicious UX). Short answer: review connections periodically.
Below are the steps I used repeatedly while testing (iOS and Android). Follow them to see exactly which sites your mobile wallet has an active connection with.
If you prefer a screenshot guide, here's a placeholder image showing a typical list view.
That sequence answers the common searches: "how to view connected sites on metamask mobile", "how to check connected sites on metamask mobile", and "how to see connected sites on metamask mobile." Use it whenever you've used a dApp recently.
Connections created through the in-app browser appear in the Connected Sites list. But what about WalletConnect sessions? WalletConnect sessions are recorded separately and sometimes surfaced in the app under a WalletConnect section. If you used WalletConnect to connect a desktop site to your mobile wallet, check:
Pro tip: if you can't find a WalletConnect session in the app, open the dApp that requested the connection and see whether it shows your wallet as connected (and gives a disconnect button). If unsure, revoke from the wallet side (next section) and double-check the dApp.
(If you use WalletConnect a lot, see our deeper notes on mobile sessions here: [/walletconnect-and-mobile-dapps].)
Want to know how to disconnect sites MetaMask mobile? Or how to remove connections MetaMask mobile? Here's the short recipe.
If the connection was created through WalletConnect, find the WalletConnect session list and end the session there. That severs the handshake.
And if a dApp keeps prompting after you disconnect, clear the in-app browser cache (in Settings) and try again.
For token allowance revocations (a separate but related step), visit your token approvals page and revoke unlimited approvals. See the step-by-step guide here: [/token-approvals-and-revoke].
Transparency: I tested this flow on both an iPhone and an Android phone using the mobile app available from the official app stores during 2024, with two test accounts.
My reproducible test steps:
Why test on testnets? Because you can repeat everything without risking funds. If you want screenshots, reproduce the steps, use a throwaway account, and take photos of your screen (or use the phone's screenshot function).
But remember: disconnecting is a privacy step, not a full security control. If you approved an unlimited token allowance earlier, the attacker could still move funds until you revoke.
| Feature | MetaMask mobile | Browser extension | Hardware wallet + mobile |
|---|---|---|---|
| View connected sites list | Yes (in app) | Yes (in settings) | Depends on companion app |
| Manage WalletConnect sessions | Yes (app) | Limited | Yes (via app) |
| In-app dApp browser | Yes | No | No (usually) |
| Disconnect without revoking approvals | Yes | Yes | Yes |
| Best for on-the-go use | Good | Not applicable | Requires hardware device |
This table helps decide where to act first when you notice suspicious activity.
Who it's for:
Who should look elsewhere:
I use the mobile app daily for small swaps and checks. But when I move large amounts, I prefer a hardware signer. That's just practical.
Q: Is it safe to keep crypto in a hot wallet on my phone? A: Hot wallets trade convenience for some exposure. Keep small-to-medium balances there for daily use. For larger holdings, use hardware keys and store the seed phrase offline. See more on daily practices: [/daily-security-practices].
Q: How do I revoke token approvals if I already approved a malicious contract? A: Disconnecting a site doesn't revoke token allowances. Use a token-approval revocation tool (linked guide: [/token-approvals-and-revoke]) and revoke any unlimited allowances immediately.
Q: What happens if I lose my phone? A: If you have your seed phrase backed up securely, you can import your wallet on another device. Otherwise, funds remain accessible to anyone with access to your phone and unlocked wallet. Read: [/backup-and-recovery-seed-phrase] and [/lost-phone-reset-recovery].
Checking "how to view connected sites on metamask mobile" is a quick, effective habit. It takes less than a minute and cuts risk. If you followed the step-by-step above, try it now — and then check token approvals as a follow-up. For more guides on connecting dApps and safe mobile use, see [/connect-metamask-to-dapps] and [/disconnect-and-remove-connected-sites].
If you'd like, replicate my test steps on a throwaway account and post questions about anything that looked odd. I'm happy to help troubleshoot specific screens or session behaviors.