"If you hesitate to paste your…

"If you hesitate to paste your nsec into the app, we totally get it - just use your (or someone else's) npub to log in and look around. However, if you do add your real keys - those are handled by a separate library, stored in an encrypted form and protected by the Android keystore, inaccessible to any JS code, immune to XSS or app-level bugs."

A little nugget from Spring, the nostr browser