Amber

Amber is a nostr signer for Android built by Greenart7c3. It is the app that holds your nsec so other apps do not have to. Other nostr clients on the device, and nostr web apps in any browser, ask Amber to sign events for them over NIP-46 remote signing or NIP-55, the on-device equivalent for Android. The secret never leaves Amber, and the user gets a per-app prompt the first time a new client wants to sign on its behalf.

Private keys should be exposed to as few systems as possible as each system adds to the attack surface.

—NIP-46

Amber supports multiple accounts, remembered per-permission decisions for common kinds, signing in the background through Android content providers, and Tor for the NIP-46 transport. The app ships on Zapstore, F-Droid, Obtainium, and GitHub releases, with GPG-signed artifacts and a published verification guide.

Why fund it?

The default key model on nostr puts one nsec into every client a user touches. Each app then becomes a place the key can leak: a malicious update, a stolen phone, an exfiltrated backup. Putting all signing through one dedicated app shrinks the attack surface to a single binary that the user explicitly trusts and updates, and makes it possible to revoke an individual client's access without rotating the key.

OpenSats first funded Amber in August 2023 and later announced long-term support for Greenart7c3 in October 2024, which funds his ongoing work on Amber and its sibling project Citrine.

What's next?

Recent releases have focused on broader compatibility with web clients, Coracle and Snort integrations through remote signing so that desktop browsers can sign events through a phone, NIP-55 library work for third-party Android apps, and improvements to the user experience when used together with Amethyst. Cross-platform support beyond Android is on the roadmap.