Anything special about them? Most workflows don't guide the user with respect to the what and why afaik
Discussion
It's just an address check against a given Xpub. The signer and the wallet app are just cross referencing the same address list. Basically ensuring the keys on the signer are connected to the produced address.
COLDCARD Q
-Txn comes in, Copy it as QR
-Scan the QR code with your COLDCARD Q. The device will show you the address and ask you to press 1 to verify ownership.
-If the address is verified successfully, the COLDCARD will show "Verified Address" with details about the address. If the address cannot be found, the Q will show "Unknown Address".
Very similar workflow for keystone as well.
Software wallets are typically not the attack vector! See what i said above re verifying address against sender's view and clipboard malware
I guess I don't understand what scenario we are talking about. In most cases of payment, you either own the domain that is displaying the address QR for your counterparty or you are in person to display the QR. In your proposed scenario you are sending a payment invoice over an unencrypted messenger? That on its face is an attack vector so, maybe I am misinterpreting what you mean.
Yeah! Anywhere along the transmission from wallet to sender, can be clipboard malware (most common) where you copy an address and the malware pastes in a similar but different address, or browser malware which substitutes addresses within web requests (after you hit withdraw on an exchange), or malicious QR code scanner, or intercepted during unencrypted message transmission like you say.
Software wallet is indeed a domain you control, can verify signatures etc. The other stages are less in your control.