Anonero

Android Monero wallet with hard-coded privacy defaults — no subaddress reuse, no third-party leak channels (no analytics, no Sentry-class crash reporters, no Play Services dependencies), coin control on by default. Operator framing: *"ANON and NERO — security and privacy focused Monero wallets."* Listed at Grade B on first pass — Tor-first surface (clearnet `anonero.io` 302s straight to the onion at `anonero5wmh...swad.onion`), operator-published Codeberg backup at `codeberg.org/dMartian/ANONERO-WALLET`, CCS-funded development (Monero Community Crowdfunding proposal r4v3r23-anonero-v1.html). Upgrade-to-A is conditioned on a curator end-to-end test + reproducible-build documentation.

What it is. Native Android wallet. Pure Monero only. Differentiator vs the Monerujo / Monfluo lineage is the operator-imposed privacy defaults: subaddresses don't get reused (each receive generates a fresh one, no operator override), coin control is on by default (not buried in advanced settings), and the wallet ships zero third-party SDKs (no analytics, no crash reporting that calls home, no Play Services). Codebase is on the project's onion (canonical) + Codeberg (backup mirror by dMartian).

Background. Funded via Monero Community Crowdfunding (CCS) proposal `r4v3r23-anonero-v1.html`. Currently migrating from older Android codebase to Kotlin + Jetpack Compose (operator's stated roadmap). Active development; the canonical repo lives on the onion site to reduce the dependency on third-party hosting.

What you trust.

• Operator-published Tor onion as the canonical distribution channel. Clearnet `anonero.io` redirects (302) directly to the onion — operator is treating Tor as the primary surface, not a fallback.
• No Play Services / Google dependencies. Wallet runs on any AOSP device; doesn't require GMS.
• No third-party telemetry SDKs. No Sentry, no Firebase Analytics, no Mixpanel-class. Standard practice for this tier, but explicitly verified vs the source.
• CCS-funded. Public funding proposal + delivery accountability via the Monero Community Crowdfunding system — distinct from anonymous-operator-with-no-public-trail. The CCS thread is the closest thing to operator identity disclosure available for a pseudonymous Monero-tier dev.
• Codeberg backup repo maintained by dMartian — mirrors the canonical onion repo, so build-from-source is possible without Tor for users who prefer it.

Operational specs.

• Install. APK direct download from the onion site (canonical) or Codeberg releases (backup mirror).
• Platform. Android only.
• Coin coverage. Monero (XMR) only.
• Backend. Talks to `monerod` over RPC. Public-node list shipped; supply your own for maximum sovereignty.
• Default settings. Subaddress per receive (no reuse), coin control visible by default, conservative fee tier.
• Tor. Operator-published onion; the wallet itself can be configured to route node-RPC over Tor.
• Updates. Manual via APK download.
• License. Open source (confirm against repo LICENSE).
• Maintainer. Pseudonymous (r4v3r23 / dMartian). CCS thread provides delivery-history accountability.

Operator philosophy. The differentiator vs Monerujo / Monfluo is defaults: rather than ship a wallet with permissive settings + a privacy-mode toggle the user has to find, Anonero hard-codes the privacy-respecting settings as the only setting. No subaddress-reuse toggle, no "turn on coin control" advanced mode, no opt-out telemetry (because there's no telemetry to opt out of). The trade-off is less user-customisable UX, the upside is users who don't know to flip the privacy switches get the safe behaviour by default.

Grade rationale. Grade B because: (1) no curator end-to-end test on file yet (install + send + receive + Tor-routing verification pending); (2) reproducible-build pipeline not documented; (3) clearnet → onion 302 redirect is good Tor-first posture but means non-Tor users hit a broken-looking redirect (no clearnet site to show what the wallet IS before going to Tor); (4) maintainer pseudonymous. The CCS funding history + operator-published onion + privacy-default architecture are strong B+ signals. Upgrade to A: curator test pass + reproducible builds + a small clearnet landing-page card showing what the wallet is before the 302.

Useful when:

• You want a Tor-first Android Monero wallet that treats the onion as the canonical channel.
• You explicitly don't trust yourself to flip the right privacy toggles and want a wallet where the defaults are already correct.
• You're already comfortable using CCS-funded projects as an operator-identity proxy.
• You're running a de-Google'd Android (GrapheneOS, CalyxOS, /e/OS) and want a wallet without GMS dependencies.
• You want to back the lineage — Anonero represents a different design philosophy (hard-defaults vs Monerujo's permissive-defaults-with-toggles) and supporting it via use keeps the design-space populated.

Caveats:

• No clearnet landing page. `anonero.io` 302s to the onion immediately. Non-Tor users see a broken redirect — could discourage first-time installs.
• Onion download path requires Tor Browser. Codeberg backup mirror is the clearnet fallback.
• Reproducible builds not documented. Standard caveat at this tier; not blocking but caps the grade.
• Pseudonymous maintainer. r4v3r23 / dMartian — CCS provides delivery history, but no real-world attribution.
• No iOS / desktop. Android only.
• Hard-coded defaults mean less customisability. Power users who want to disable subaddress-per-receive (e.g. for a long-lived donation address) need to do it outside the wallet UI.
• No curator end-to-end test on file yet. First-pass listing per playbook.