How it works
Monerujo is a non-custodial Android wallet for Monero (XMR). The app runs the Monero wallet code locally; private spend and view keys are generated on the device and never leave it. It connects to a remote Monero daemon — the user can pick the bundled defaults or a self-hosted node — so the device avoids syncing the full chain. Builds are distributed through Google Play and the project's own F-Droid repository at f-droid.monerujo.io. The codebase, m2049r/xmrwallet, is Apache-2.0 and has been continuously maintained on GitHub since 2017. The current release is v4.1.7 "Exolix" (June 2025), shipping Monero Core v0.18.3.4 and the in-app swap integration. Notable extras include Sidekick (a separate-phone signing setup added in v4.0.7), Ledger Nano S hardware-wallet support, CrAzYpass offset passphrases, and OpenAlias resolution.
KYC & privacy
The wallet itself asks for nothing. No email, no phone, no signup, no account. Keys, seeds, and transaction history live on the device; a backup is a local file the user copies off the phone. Node connections leak the standard remote-node metadata (the daemon sees that an IP queried for outputs), so privacy-minded users route Monerujo through Tor via Orbot or run their own node. The built-in Exolix swap is marketed as "KYC-free", but the exchange's own AML logic can flag specific swaps — that risk belongs to Exolix, not the wallet. One feature deserves a footnote: PocketChange, which splits an incoming output across ten enotes for spending convenience. Moonstone Research's postmortem of the September 2023 Monero CCS hack concluded the attacker was likely a Monerujo user with PocketChange enabled, because the eleven-output transaction signature is rare on the network. The feature is opt-in and can be left off.
Strengths and limits
The strongest argument for Monerujo is dullness in the engineering sense. Eight years of releases, a public changelog, an actively rebuilt Monero Core every cycle, and a maintainer (m2049r) who still ships patches under the same pseudonym. Apache-2.0 means anyone can fork it if the project ever stops. Sidekick is a quietly clever feature: a second, offline phone holds the keys while the online phone is just a relay. Limits are visible too. There is no iOS build, no desktop port, no browser extension. Hardware support is limited to Ledger Nano S — newer Ledgers and other signers aren't covered. The app has never been through a named third-party security audit. And the PocketChange episode shows that even good-faith UX shortcuts can leave a network-visible fingerprint.
Verdict
Monerujo is what an Android-only Monero wallet should look like in 2026: small surface, no servers asking your name, an obvious upgrade path through F-Droid, and a maintainer who keeps shipping. The privacy ceiling is whatever the Monero protocol allows, minus a few opt-in features the user chooses themselves. Use it on Android, leave PocketChange off if you're spending from a publicly known address, and route the daemon through Tor. Grade: A- (8.8/10). Trust: TRUSTED.
Eight years of pseudonymous, open-source maintenance with no signup and no custody — the small caveats (no iOS, no formal audit, the PocketChange fingerprint) read as honest, conservative engineering rather than neglect. If you keep XMR on an Android phone, Monerujo is still the default. Grade: A- (8.8/10). Trust: TRUSTED.
