# Anonero Category: wallets · Mobile Grade: B KYC: anonymous_signup Highlights: XMR NATIVE, TOR, PRIVACY DEFAULTS Features: non_custodial, open_source, xmr_native, tor_mirror Fees: Free wallet · XMR network fees only (operator-default fee tier is conservative — you can override per transaction). Web: https://anonero.io Tor: http://anonero5wmhraxqsvzq2ncgptq6gq45qoto6fnkfwughfl4gbt44swad.onion Last verified: 2026-05-28 > Android Monero wallet with hardcoded privacy defaults — no subaddress reuse, no third-party leaks, coin control by default. Tor-first. ## Review **Android Monero wallet with hard-coded privacy defaults** — no subaddress reuse, no third-party leak channels (no analytics, no Sentry-class crash reporters, no Play Services dependencies), coin control on by default. Operator framing: *"ANON and NERO — security and privacy focused Monero wallets."* Listed at **Grade B** on first pass — Tor-first surface (clearnet `anonero.io` 302s straight to the onion at `anonero5wmh...swad.onion`), operator-published Codeberg backup at `codeberg.org/dMartian/ANONERO-WALLET`, CCS-funded development (Monero Community Crowdfunding proposal r4v3r23-anonero-v1.html). Upgrade-to-A is conditioned on a curator end-to-end test + reproducible-build documentation. **What it is.** Native Android wallet. Pure Monero only. Differentiator vs the Monerujo / Monfluo lineage is the **operator-imposed privacy defaults**: subaddresses don't get reused (each receive generates a fresh one, no operator override), coin control is on by default (not buried in advanced settings), and the wallet ships zero third-party SDKs (no analytics, no crash reporting that calls home, no Play Services). Codebase is on the project's onion (canonical) + Codeberg (backup mirror by dMartian). **Background.** Funded via **Monero Community Crowdfunding (CCS)** proposal `r4v3r23-anonero-v1.html`. Currently migrating from older Android codebase to **Kotlin + Jetpack Compose** (operator's stated roadmap). Active development; the canonical repo lives on the onion site to reduce the dependency on third-party hosting. **What you trust.** - **Operator-published Tor onion** as the canonical distribution channel. Clearnet `anonero.io` redirects (302) directly to the onion — operator is treating Tor as the primary surface, not a fallback. - **No Play Services / Google dependencies.** Wallet runs on any AOSP device; doesn't require GMS. - **No third-party telemetry SDKs.** No Sentry, no Firebase Analytics, no Mixpanel-class. Standard practice for this tier, but explicitly verified vs the source. - **CCS-funded.** Public funding proposal + delivery accountability via the Monero Community Crowdfunding system — distinct from anonymous-operator-with-no-public-trail. The CCS thread is the closest thing to operator identity disclosure available for a pseudonymous Monero-tier dev. - **Codeberg backup repo** maintained by dMartian — mirrors the canonical onion repo, so build-from-source is possible without Tor for users who prefer it. **Operational specs.** - **Install.** APK direct download from the onion site (canonical) or Codeberg releases (backup mirror). - **Platform.** Android only. - **Coin coverage.** Monero (XMR) only. - **Backend.** Talks to `monerod` over RPC. Public-node list shipped; supply your own for maximum sovereignty. - **Default settings.** Subaddress per receive (no reuse), coin control visible by default, conservative fee tier. - **Tor.** Operator-published onion; the wallet itself can be configured to route node-RPC over Tor. - **Updates.** Manual via APK download. - **License.** Open source (confirm against repo LICENSE). - **Maintainer.** Pseudonymous (r4v3r23 / dMartian). CCS thread provides delivery-history accountability. **Operator philosophy.** The differentiator vs Monerujo / Monfluo is **defaults**: rather than ship a wallet with permissive settings + a privacy-mode toggle the user has to find, Anonero hard-codes the privacy-respecting settings as the only setting. No subaddress-reuse toggle, no "turn on coin control" advanced mode, no opt-out telemetry (because there's no telemetry to opt out of). The trade-off is less user-customisable UX, the upside is users who don't know to flip the privacy switches get the safe behaviour by default. **Grade rationale.** **Grade B** because: (1) **no curator end-to-end test** on file yet (install + send + receive + Tor-routing verification pending); (2) **reproducible-build pipeline not documented**; (3) **clearnet → onion 302 redirect** is good Tor-first posture but means non-Tor users hit a broken-looking redirect (no clearnet site to show what the wallet IS before going to Tor); (4) **maintainer pseudonymous**. The CCS funding history + operator-published onion + privacy-default architecture are strong B+ signals. Upgrade to A: curator test pass + reproducible builds + a small clearnet landing-page card showing what the wallet is before the 302. **Useful when:** - You want a **Tor-first Android Monero wallet** that treats the onion as the canonical channel. - You explicitly **don't trust yourself** to flip the right privacy toggles and want a wallet where the defaults are already correct. - You're already comfortable using **CCS-funded projects** as an operator-identity proxy. - You're running a **de-Google'd Android** (GrapheneOS, CalyxOS, /e/OS) and want a wallet without GMS dependencies. - You want to **back the lineage** — Anonero represents a different design philosophy (hard-defaults vs Monerujo's permissive-defaults-with-toggles) and supporting it via use keeps the design-space populated. **Caveats:** - **No clearnet landing page.** `anonero.io` 302s to the onion immediately. Non-Tor users see a broken redirect — could discourage first-time installs. - **Onion download path requires Tor Browser.** Codeberg backup mirror is the clearnet fallback. - **Reproducible builds not documented.** Standard caveat at this tier; not blocking but caps the grade. - **Pseudonymous maintainer.** r4v3r23 / dMartian — CCS provides delivery history, but no real-world attribution. - **No iOS / desktop.** Android only. - **Hard-coded defaults mean less customisability.** Power users who want to disable subaddress-per-receive (e.g. for a long-lived donation address) need to do it outside the wallet UI. - **No curator end-to-end test on file yet.** First-pass listing per playbook. Source: https://xmr.club/wallets/anonero