diff --git a/i18n/ar/android.md b/i18n/ar/android.md
deleted file mode 100644
index 32edc357..00000000
--- a/i18n/ar/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP Derivatives
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** is the best choice when it comes to privacy and security.
-
-GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Operating Systems
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/ar/android/distributions.md b/i18n/ar/android/distributions.md
new file mode 100644
index 00000000..b01bb172
--- /dev/null
+++ b/i18n/ar/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/ar/android/general-apps.md b/i18n/ar/android/general-apps.md
new file mode 100644
index 00000000..d13deac9
--- /dev/null
+++ b/i18n/ar/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/ar/android/index.md b/i18n/ar/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/ar/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/ar/android/obtaining-apps.md b/i18n/ar/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/ar/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/ar/device-integrity.md b/i18n/ar/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/ar/device-integrity.md
+++ b/i18n/ar/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/ar/mobile-phones.md b/i18n/ar/mobile-phones.md
new file mode 100644
index 00000000..c4e2ccc1
--- /dev/null
+++ b/i18n/ar/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/ar/os/android-overview.md b/i18n/ar/os/android-overview.md
index 07ff0492..8f6d59de 100644
--- a/i18n/ar/os/android-overview.md
+++ b/i18n/ar/os/android-overview.md
@@ -18,7 +18,7 @@ This problem could be solved by using a custom Android distribution that does no
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Our Android System Recommendations :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Avoid Rooting
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/ar/os/index.md b/i18n/ar/os/index.md
index 25f7d659..cb628588 100644
--- a/i18n/ar/os/index.md
+++ b/i18n/ar/os/index.md
@@ -4,7 +4,7 @@ title: Operating Systems
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/ar/os/ios-overview.md b/i18n/ar/os/ios-overview.md
index 4c8122ea..293a0554 100644
--- a/i18n/ar/os/ios-overview.md
+++ b/i18n/ar/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/ar/pastebins.md b/i18n/ar/pastebins.md
new file mode 100644
index 00000000..66d41268
--- /dev/null
+++ b/i18n/ar/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Must be open source.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/ar/productivity.md b/i18n/ar/productivity.md
index 4c275a95..c1f0e4c4 100644
--- a/i18n/ar/productivity.md
+++ b/i18n/ar/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
-- Must be open source.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/ar/tools.md b/i18n/ar/tools.md
index e68e52d9..1e9e2141 100644
--- a/i18n/ar/tools.md
+++ b/i18n/ar/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Productivity Tools
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Operating Systems
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md)
+[Learn more :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android Apps
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md#general-apps)
+[Learn more :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/bn-IN/android.md b/i18n/bn-IN/android.md
deleted file mode 100644
index 4215d763..00000000
--- a/i18n/bn-IN/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "অ্যান্ড্রয়েড"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: অ্যান্ড্রয়েড
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: অ্যান্ড্রয়েড
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: অ্যান্ড্রয়েড
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: অ্যান্ড্রয়েড
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: অ্যান্ড্রয়েড
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. রেকমেন্ডেশন
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP এর ডেরিভেটিভস্
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. যেকোনো সফটওয়্যার ইনস্টলড থাকুক না কেনো এইসমস্ত ডিভাইসগুলো কে কখনোই সম্পূর্ণ ভাবে নিরাপদ বিবেচনা করা যাবে না
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-প্রাইভেসি এবং সিকিউরিটি এর জন্য **GrapheneOS**  সবথেকে ভালো।
-
-GrapheneOS তে কিছু বাড়তি [সিকিউরিটি](https://en.wikipedia.org/wiki/Hardening_(computing)) এবং প্রাইভেসি রয়েছে। It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Operating Systems
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/bn-IN/android/distributions.md b/i18n/bn-IN/android/distributions.md
new file mode 100644
index 00000000..b01bb172
--- /dev/null
+++ b/i18n/bn-IN/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/bn-IN/android/general-apps.md b/i18n/bn-IN/android/general-apps.md
new file mode 100644
index 00000000..c335fde7
--- /dev/null
+++ b/i18n/bn-IN/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: অ্যান্ড্রয়েড
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: অ্যান্ড্রয়েড
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: অ্যান্ড্রয়েড
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/bn-IN/android/index.md b/i18n/bn-IN/android/index.md
new file mode 100644
index 00000000..f81bf644
--- /dev/null
+++ b/i18n/bn-IN/android/index.md
@@ -0,0 +1,34 @@
+---
+title: অ্যান্ড্রয়েড
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: অ্যান্ড্রয়েড
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/bn-IN/android/obtaining-apps.md b/i18n/bn-IN/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/bn-IN/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/bn-IN/device-integrity.md b/i18n/bn-IN/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/bn-IN/device-integrity.md
+++ b/i18n/bn-IN/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/bn-IN/mobile-phones.md b/i18n/bn-IN/mobile-phones.md
new file mode 100644
index 00000000..c4e2ccc1
--- /dev/null
+++ b/i18n/bn-IN/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/bn-IN/os/android-overview.md b/i18n/bn-IN/os/android-overview.md
index 07ff0492..8f6d59de 100644
--- a/i18n/bn-IN/os/android-overview.md
+++ b/i18n/bn-IN/os/android-overview.md
@@ -18,7 +18,7 @@ This problem could be solved by using a custom Android distribution that does no
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Our Android System Recommendations :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Avoid Rooting
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/bn-IN/os/index.md b/i18n/bn-IN/os/index.md
index 25f7d659..cb628588 100644
--- a/i18n/bn-IN/os/index.md
+++ b/i18n/bn-IN/os/index.md
@@ -4,7 +4,7 @@ title: Operating Systems
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/bn-IN/os/ios-overview.md b/i18n/bn-IN/os/ios-overview.md
index 4c8122ea..293a0554 100644
--- a/i18n/bn-IN/os/ios-overview.md
+++ b/i18n/bn-IN/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/bn-IN/pastebins.md b/i18n/bn-IN/pastebins.md
new file mode 100644
index 00000000..66d41268
--- /dev/null
+++ b/i18n/bn-IN/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Must be open source.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/bn-IN/productivity.md b/i18n/bn-IN/productivity.md
index 4c275a95..c1f0e4c4 100644
--- a/i18n/bn-IN/productivity.md
+++ b/i18n/bn-IN/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
-- Must be open source.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/bn-IN/tools.md b/i18n/bn-IN/tools.md
index fbad1ded..4818cfa8 100644
--- a/i18n/bn-IN/tools.md
+++ b/i18n/bn-IN/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Productivity Tools
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Operating Systems
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md)
+[Learn more :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android Apps
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md#general-apps)
+[Learn more :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/bn/android.md b/i18n/bn/android.md
deleted file mode 100644
index 32edc357..00000000
--- a/i18n/bn/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP Derivatives
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** is the best choice when it comes to privacy and security.
-
-GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Operating Systems
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/bn/android/distributions.md b/i18n/bn/android/distributions.md
new file mode 100644
index 00000000..b01bb172
--- /dev/null
+++ b/i18n/bn/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/bn/android/general-apps.md b/i18n/bn/android/general-apps.md
new file mode 100644
index 00000000..d13deac9
--- /dev/null
+++ b/i18n/bn/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/bn/android/index.md b/i18n/bn/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/bn/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/bn/android/obtaining-apps.md b/i18n/bn/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/bn/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/bn/device-integrity.md b/i18n/bn/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/bn/device-integrity.md
+++ b/i18n/bn/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/bn/mobile-phones.md b/i18n/bn/mobile-phones.md
new file mode 100644
index 00000000..c4e2ccc1
--- /dev/null
+++ b/i18n/bn/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/bn/os/android-overview.md b/i18n/bn/os/android-overview.md
index 07ff0492..8f6d59de 100644
--- a/i18n/bn/os/android-overview.md
+++ b/i18n/bn/os/android-overview.md
@@ -18,7 +18,7 @@ This problem could be solved by using a custom Android distribution that does no
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Our Android System Recommendations :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Avoid Rooting
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/bn/os/index.md b/i18n/bn/os/index.md
index 25f7d659..cb628588 100644
--- a/i18n/bn/os/index.md
+++ b/i18n/bn/os/index.md
@@ -4,7 +4,7 @@ title: Operating Systems
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/bn/os/ios-overview.md b/i18n/bn/os/ios-overview.md
index 4c8122ea..293a0554 100644
--- a/i18n/bn/os/ios-overview.md
+++ b/i18n/bn/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/bn/pastebins.md b/i18n/bn/pastebins.md
new file mode 100644
index 00000000..66d41268
--- /dev/null
+++ b/i18n/bn/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Must be open source.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/bn/productivity.md b/i18n/bn/productivity.md
index 4c275a95..c1f0e4c4 100644
--- a/i18n/bn/productivity.md
+++ b/i18n/bn/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
-- Must be open source.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/bn/tools.md b/i18n/bn/tools.md
index fbad1ded..4818cfa8 100644
--- a/i18n/bn/tools.md
+++ b/i18n/bn/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Productivity Tools
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Operating Systems
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md)
+[Learn more :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android Apps
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md#general-apps)
+[Learn more :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/cs/android.md b/i18n/cs/android.md
deleted file mode 100644
index 32edc357..00000000
--- a/i18n/cs/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP Derivatives
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** is the best choice when it comes to privacy and security.
-
-GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Operating Systems
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/cs/android/distributions.md b/i18n/cs/android/distributions.md
new file mode 100644
index 00000000..b01bb172
--- /dev/null
+++ b/i18n/cs/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/cs/android/general-apps.md b/i18n/cs/android/general-apps.md
new file mode 100644
index 00000000..d13deac9
--- /dev/null
+++ b/i18n/cs/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/cs/android/index.md b/i18n/cs/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/cs/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/cs/android/obtaining-apps.md b/i18n/cs/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/cs/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/cs/device-integrity.md b/i18n/cs/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/cs/device-integrity.md
+++ b/i18n/cs/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/cs/mobile-phones.md b/i18n/cs/mobile-phones.md
new file mode 100644
index 00000000..c4e2ccc1
--- /dev/null
+++ b/i18n/cs/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/cs/os/android-overview.md b/i18n/cs/os/android-overview.md
index 07ff0492..8f6d59de 100644
--- a/i18n/cs/os/android-overview.md
+++ b/i18n/cs/os/android-overview.md
@@ -18,7 +18,7 @@ This problem could be solved by using a custom Android distribution that does no
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Our Android System Recommendations :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Avoid Rooting
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/cs/os/index.md b/i18n/cs/os/index.md
index 25f7d659..cb628588 100644
--- a/i18n/cs/os/index.md
+++ b/i18n/cs/os/index.md
@@ -4,7 +4,7 @@ title: Operating Systems
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/cs/os/ios-overview.md b/i18n/cs/os/ios-overview.md
index 4c8122ea..293a0554 100644
--- a/i18n/cs/os/ios-overview.md
+++ b/i18n/cs/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/cs/pastebins.md b/i18n/cs/pastebins.md
new file mode 100644
index 00000000..66d41268
--- /dev/null
+++ b/i18n/cs/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Must be open source.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/cs/productivity.md b/i18n/cs/productivity.md
index 4c275a95..c1f0e4c4 100644
--- a/i18n/cs/productivity.md
+++ b/i18n/cs/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
-- Must be open source.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/cs/tools.md b/i18n/cs/tools.md
index fbad1ded..4818cfa8 100644
--- a/i18n/cs/tools.md
+++ b/i18n/cs/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Productivity Tools
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Operating Systems
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md)
+[Learn more :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android Apps
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md#general-apps)
+[Learn more :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/de/android.md b/i18n/de/android.md
deleted file mode 100644
index bcc9018c..00000000
--- a/i18n/de/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP Derivatives
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** is the best choice when it comes to privacy and security.
-
-GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warnung</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warnung</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Operating Systems
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/de/android/distributions.md b/i18n/de/android/distributions.md
new file mode 100644
index 00000000..972d679e
--- /dev/null
+++ b/i18n/de/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warnung</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/de/android/general-apps.md b/i18n/de/android/general-apps.md
new file mode 100644
index 00000000..36256ee8
--- /dev/null
+++ b/i18n/de/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warnung</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/de/android/index.md b/i18n/de/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/de/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/de/android/obtaining-apps.md b/i18n/de/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/de/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/de/device-integrity.md b/i18n/de/device-integrity.md
index dc18c660..3e7c0b85 100644
--- a/i18n/de/device-integrity.md
+++ b/i18n/de/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/de/mobile-phones.md b/i18n/de/mobile-phones.md
new file mode 100644
index 00000000..599e571f
--- /dev/null
+++ b/i18n/de/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warnung</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/de/os/android-overview.md b/i18n/de/os/android-overview.md
index 9d022c1d..a2406bb4 100644
--- a/i18n/de/os/android-overview.md
+++ b/i18n/de/os/android-overview.md
@@ -18,7 +18,7 @@ This problem could be solved by using a custom Android distribution that does no
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Our Android System Recommendations :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Avoid Rooting
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/de/os/index.md b/i18n/de/os/index.md
index 25f7d659..cb628588 100644
--- a/i18n/de/os/index.md
+++ b/i18n/de/os/index.md
@@ -4,7 +4,7 @@ title: Operating Systems
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/de/os/ios-overview.md b/i18n/de/os/ios-overview.md
index a2ba87c8..f46865b9 100644
--- a/i18n/de/os/ios-overview.md
+++ b/i18n/de/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
@@ -63,7 +63,7 @@ Your location data is not E2EE when your device is online and you use Find My iP
 
 At the top of the **Settings** app, you'll see your name and profile picture if you are signed in to an Apple ID. Select that, then select **Find My**. Here you can choose whether to enable or disable Find My location features.
 
-### Einstellungen
+### Settings
 
 Many other privacy-related settings can be found in the **Settings** app.
 
diff --git a/i18n/de/pastebins.md b/i18n/de/pastebins.md
new file mode 100644
index 00000000..66d41268
--- /dev/null
+++ b/i18n/de/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Must be open source.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/de/productivity.md b/i18n/de/productivity.md
index 4c275a95..c1f0e4c4 100644
--- a/i18n/de/productivity.md
+++ b/i18n/de/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
-- Must be open source.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/de/tools.md b/i18n/de/tools.md
index fded9b92..b000bf91 100644
--- a/i18n/de/tools.md
+++ b/i18n/de/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Productivity Tools
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Operating Systems
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md)
+[Learn more :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android Apps
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md#general-apps)
+[Learn more :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/el/android.md b/i18n/el/android.md
deleted file mode 100644
index dc6842dd..00000000
--- a/i18n/el/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Συστάσεις Android: GrapheneOS και DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: Μπορείς να αντικαταστήσεις το λειτουργικό σύστημα του Android κινητού σου με τις εξής ασφαλείς εναλλακτικές που σέβονται την ιδιωτικότητά σου.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Ιδιωτικά Λειτουργικά Συστήματα Android
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## Παράγωγα AOSP
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Σημείωση</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** is the best choice when it comes to privacy and security.
-
-GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Σημείωση</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Operating Systems
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/el/android/distributions.md b/i18n/el/android/distributions.md
new file mode 100644
index 00000000..b01bb172
--- /dev/null
+++ b/i18n/el/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/el/android/general-apps.md b/i18n/el/android/general-apps.md
new file mode 100644
index 00000000..a00e5afd
--- /dev/null
+++ b/i18n/el/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Σημείωση</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/el/android/index.md b/i18n/el/android/index.md
new file mode 100644
index 00000000..53c4a643
--- /dev/null
+++ b/i18n/el/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: απλό/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/el/android/obtaining-apps.md b/i18n/el/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/el/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/el/device-integrity.md b/i18n/el/device-integrity.md
index 5b57a5b2..b7161338 100644
--- a/i18n/el/device-integrity.md
+++ b/i18n/el/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/el/mobile-phones.md b/i18n/el/mobile-phones.md
new file mode 100644
index 00000000..c4e2ccc1
--- /dev/null
+++ b/i18n/el/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/el/os/android-overview.md b/i18n/el/os/android-overview.md
index 8c3cc262..aa3d55aa 100644
--- a/i18n/el/os/android-overview.md
+++ b/i18n/el/os/android-overview.md
@@ -18,7 +18,7 @@ description: Το Android είναι ένα λειτουργικό σύστημ
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Our Android System Recommendations :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Απέφυγε το "Ρουτάρισμα" (Rooting)
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/el/os/index.md b/i18n/el/os/index.md
index 25f7d659..cb628588 100644
--- a/i18n/el/os/index.md
+++ b/i18n/el/os/index.md
@@ -4,7 +4,7 @@ title: Operating Systems
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/el/os/ios-overview.md b/i18n/el/os/ios-overview.md
index 678e44ff..2d5be1ee 100644
--- a/i18n/el/os/ios-overview.md
+++ b/i18n/el/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/el/pastebins.md b/i18n/el/pastebins.md
new file mode 100644
index 00000000..80dd83c4
--- /dev/null
+++ b/i18n/el/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Πρέπει να είναι ανοικτού κώδικα.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/el/productivity.md b/i18n/el/productivity.md
index 56d4016e..bbcbf8b8 100644
--- a/i18n/el/productivity.md
+++ b/i18n/el/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
-- Πρέπει να είναι ανοικτού κώδικα.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/el/tools.md b/i18n/el/tools.md
index 82113d81..11b13b8a 100644
--- a/i18n/el/tools.md
+++ b/i18n/el/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Productivity Tools
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Operating Systems
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md)
+[Learn more :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android Apps
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md#general-apps)
+[Learn more :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/eo/android.md b/i18n/eo/android.md
deleted file mode 100644
index 32edc357..00000000
--- a/i18n/eo/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP Derivatives
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** is the best choice when it comes to privacy and security.
-
-GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Operating Systems
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/eo/android/distributions.md b/i18n/eo/android/distributions.md
new file mode 100644
index 00000000..b01bb172
--- /dev/null
+++ b/i18n/eo/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/eo/android/general-apps.md b/i18n/eo/android/general-apps.md
new file mode 100644
index 00000000..d13deac9
--- /dev/null
+++ b/i18n/eo/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/eo/android/index.md b/i18n/eo/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/eo/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/eo/android/obtaining-apps.md b/i18n/eo/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/eo/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/eo/device-integrity.md b/i18n/eo/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/eo/device-integrity.md
+++ b/i18n/eo/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/eo/mobile-phones.md b/i18n/eo/mobile-phones.md
new file mode 100644
index 00000000..c4e2ccc1
--- /dev/null
+++ b/i18n/eo/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/eo/os/android-overview.md b/i18n/eo/os/android-overview.md
index 07ff0492..8f6d59de 100644
--- a/i18n/eo/os/android-overview.md
+++ b/i18n/eo/os/android-overview.md
@@ -18,7 +18,7 @@ This problem could be solved by using a custom Android distribution that does no
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Our Android System Recommendations :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Avoid Rooting
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/eo/os/index.md b/i18n/eo/os/index.md
index 25f7d659..cb628588 100644
--- a/i18n/eo/os/index.md
+++ b/i18n/eo/os/index.md
@@ -4,7 +4,7 @@ title: Operating Systems
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/eo/os/ios-overview.md b/i18n/eo/os/ios-overview.md
index 4c8122ea..293a0554 100644
--- a/i18n/eo/os/ios-overview.md
+++ b/i18n/eo/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/eo/pastebins.md b/i18n/eo/pastebins.md
new file mode 100644
index 00000000..66d41268
--- /dev/null
+++ b/i18n/eo/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Must be open source.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/eo/productivity.md b/i18n/eo/productivity.md
index 4c275a95..c1f0e4c4 100644
--- a/i18n/eo/productivity.md
+++ b/i18n/eo/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
-- Must be open source.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/eo/tools.md b/i18n/eo/tools.md
index fbad1ded..4818cfa8 100644
--- a/i18n/eo/tools.md
+++ b/i18n/eo/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Productivity Tools
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Operating Systems
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md)
+[Learn more :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android Apps
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md#general-apps)
+[Learn more :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/es/android.md b/i18n/es/android.md
deleted file mode 100644
index ae19cf9d..00000000
--- a/i18n/es/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Recomendaciones Android: GrapheneOS y DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: Puedes sustituir el sistema operativo de tu teléfono Android por estas alternativas seguras y respetuosas con la privacidad.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Sistemas Operativos Android Privados
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Logotipo de Android](assets/img/android/android.svg){ align=right }
-
-El **proyecto de código abierto de Android** es un sistema operativo móvil de código abierto liderado por Google, que está detrás de la mayor parte de los dispositivos móviles del mundo. La mayor parte de los teléfono vendidos con Android son modificados para incluir integraciones y aplicaciones invasivas como los servicios de Google Play, así que puedes mejorar la privacidad de tu dispositivo móvil de manera significativa al reemplazar la instalación predeterminada de tu teléfono con una versión de Android sin esas características invasivas.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Página Principal }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentación}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Código Fuente" }
-
-Estos son los sistemas operativos Android, dispositivos y aplicaciones que recomendamos para maximizar la seguridad y privacidad de tu dispositivo móvil. Para obtener más información sobre Android:
-
-[Visión general de Android :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## Derivados de AOSP
-
-Recomendamos instalar uno de estos sistemas operativos Android personalizados en tu dispositivo, enumerados por orden de preferencia, en función de la compatibilidad de tu dispositivo con estos sistemas operativos.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Nota</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. Estos dispositivos no pueden considerarse completamente seguros independientemente del software instalado.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![Logo de GrapheneOS](assets/img/android/grapheneos.svg#only-light){ align=right }
-![Logo de GrapheneOS](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** es la mejor opción cuando se trata de privacidad y seguridad.
-
-GrapheneOS proporciona mejoras [adicionales de seguridad](https://en.wikipedia.org/wiki/Hardening_(computing)) y privacidad. Dispone de un [asignador de memoria reforzado](https://github.com/GrapheneOS/hardened_malloc), permisos de red y de sensores, y otras [características de seguridad](https://grapheneos.org/features). GrapheneOS también incluye actualizaciones completas de firmware y compilaciones firmadas, por lo que el arranque verificado es totalmente compatible.
-
-[:octicons-home-16: Página Principal](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Política de Privacidad" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentación}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Código Fuente" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuir }
-
-</div>
-
-GrapheneOS es compatible con [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), que ejecuta [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) totalmente sandboxed como cualquier otra aplicación normal. Esto significa que puedes aprovechar la mayoría de los servicios de Google Play, como [notificaciones push](https://firebase.google.com/docs/cloud-messaging), al tiempo que te da un control total sobre sus permisos y acceso, y mientras que los contiene a un [perfil de trabajo](os/android-overview.md#work-profile) o [perfil de usuario](os/android-overview.md#user-profiles) específico de tu elección.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Por qué recomendamos GrapheneOS sobre CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** es un soft-fork de [LineageOS](https://lineageos.org).
-DivestOS hereda muchos [dispositivos compatibles](https://divestos.org/index.php?page=devices&base=LineageOS) de LineageOS. Tiene compilaciones firmadas, lo que hace posible tener [arranque verificado](https://source.android.com/security/verifiedboot) en algunos dispositivos que no son Pixel.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Servicio de Onion" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Política de Privacidad" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Código fuente" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS ha automatizado la vulnerabilidad del kernel ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [parcheando](https://gitlab.com/divested-mobile/cve_checker), menos bloques propietarios, y un archivo personalizado [hosts](https://divested.dev/index.php?page=dnsbl). Su WebView reforzado, [Mulch](https://gitlab.com/divested-mobile/mulch), permite [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) para todas las arquitecturas y la [partición del estado de la red](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), y recibe actualizaciones fuera de banda. DivestOS también incluye parches de GrapheneOS para el kernel y habilita todas las características de seguridad del kernel disponibles a través de [endurecimiento defconfig](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). Todos los kernels más recientes que la versión 3.4 incluyen [saneamiento](https://lwn.net/Articles/334747) de página completa y todos los ~22 kernels compilados por Clang tienen [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) habilitado.
-
-DivestOS implementa algunos parches de endurecimiento del sistema desarrollados originalmente para GrapheneOS. DivestOS 16.0 y superior implementa los permisos de GrapheneOS [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) y SENSORS, [asignador de memoria endurecido](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constificación](https://en.wikipedia.org/wiki/Const_(computer_programming)), y parches de endurecimiento parcial [biónico](https://en.wikipedia.org/wiki/Bionic_(software)). A partir de la versión 17.1, GrapheneOS ofrece la opción de [aleatorización de MAC](https://en.wikipedia.org/wiki/MAC_address#Randomization) por red, control de [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) y [opciones timeout](https://grapheneos.org/features) de reinicio/Wi-Fi/Bluetooth automático.
-
-DivestOS utiliza F-Droid como su tienda de aplicaciones por defecto. Por lo general [recomendamos evitar F-Droid](#f-droid), pero hacerlo en DivestOS no es viable; los desarrolladores actualizan sus aplicaciones a través de sus propios repositorios de F-Droid ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) y [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). Recomendamos desactivar la aplicación oficial de F-Droid y usar [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **con los repositorios de DivestOS activados** para mantener los componentes actualizados. Para las demás aplicaciones, se siguen aplicando nuestros métodos recomendados para obtenerlas.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Advertencia</p>
-
-La actualización del firmware de DivestOS [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) y el control de calidad varían según los dispositivos que soporta. Seguimos recomendando GrapheneOS en función de la compatibilidad de tu dispositivo. Para otros dispositivos, DivestOS es una buena alternativa.
-
-No todos los dispositivos compatibles tienen arranque verificado y algunos lo realizan mejor que otros.
-
-</div>
-
-## Dispositivos Android
-
-Al comprar un dispositivo, recomendamos obtener uno lo más nuevo posible. El software y el firmware de los dispositivos móviles sólo son compatibles durante un tiempo limitado, por lo que comprar nuevos alarga esa vida útil todo lo posible.
-
-Evita comprar teléfonos a operadores de redes móviles. Estos suelen tener un **bootloader bloqueado** y no admiten [desbloqueo OEM](https://source.android.com/devices/bootloader/locking_unlocking). Estas variantes de teléfono te impedirán instalar cualquier tipo de distribución alternativa de Android.
-
-Ten mucho **cuidado** con la compra de teléfonos de segunda mano de los mercados en línea. Comprueba siempre la reputación del vendedor. Si el dispositivo es robado, existe la posibilidad de que se introduzca en la [base de datos de IMEI](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). También existe el riesgo de que se te asocie con la actividad del propietario anterior.
-
-Algunos consejos más sobre los dispositivos Android y la compatibilidad del sistema operativo:
-
-- No compres dispositivos que hayan alcanzado o estén cerca del final de su vida útil, las actualizaciones adicionales del firmware deben ser proporcionadas por el fabricante.
-- No compres teléfonos LineageOS, OS precargados o cualquier teléfono Android sin el soporte adecuado, [Arranque verificado](https://source.android.com/security/verifiedboot) y actualizaciones de firmware. Tampoco tienes forma de comprobar si estos dispositivos han sido manipulados.
-- En resumen, si un dispositivo o una distribución de Android no aparece aquí, probablemente haya una buena razón. ¡Consulta nuestro [foro](https://discuss.privacyguides.net) para obtener más información!
-
-### Google Pixel
-
-Los teléfonos Google Pixel son los **únicos **dispositivos que recomendamos comprar. Los teléfonos Pixel tienen una seguridad de hardware más fuerte que cualquier otro dispositivo Android actualmente en el mercado, debido al soporte AVB adecuado para sistemas operativos de terceros y los chips de seguridad [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) personalizados de Google que actúan como elemento seguro.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Se sabe que los dispositivos Google Pixel** tienen una buena seguridad y admiten correctamente [Verified Boot](https://source.android.com/security/verifiedboot), incluso al instalar sistemas operativos personalizados.
-
-A partir del **Pixel 8** y el **8 Pro**, los dispositivos Pixel reciben un mínimo de 7 años de actualizaciones de seguridad garantizadas, lo que asegura una vida útil mucho más larga en comparación con los 2-5 años que suelen ofrecer los OEM de la competencia.
-
-[:material-shopping: Tienda](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Los elementos seguros como el Titan M2 son más limitados que el entorno de ejecución confiable del procesador utilizado por la mayoría de los otros teléfonos, ya que solo se utilizan para el almacenamiento secreto, la certificación de hardware y la limitación de velocidad, no para ejecutar programas "confiables". Los teléfonos sin un Elemento Seguro tienen que utilizar el TEE para *todas* esas funciones, lo que resulta en una mayor superficie de ataque.
-
-Los teléfonos Google Pixel utilizan un SO TEE llamado Trusty que es de [código abierto](https://source.android.com/security/trusty#whyTrusty), a diferencia de muchos otros teléfonos.
-
-La instalación de GrapheneOS en un teléfono Pixel es fácil con su [instalador web](https://grapheneos.org/install/web). Si no te sientes cómodo haciéndolo tú mismo y estás dispuesto a gastar un poco más de dinero, échale un vistazo a [NitroPhone](https://shop.nitrokey.com/shop), ya que vienen con GrapheneOS, de la reputada empresa [Nitrokey](https://nitrokey.com/about).
-
-Algunos consejos más para comprar un Google Pixel:
-
-- Si buscas una ganga en un dispositivo Pixel, te sugerimos comprar un modelo "**a**", justo después del lanzamiento del modelo más nuevo. Los descuentos suelen estar disponibles porque Google intentará liquidar sus existencias.
-- Considera la posibilidad de batir los precios y las ofertas especiales de las tiendas físicas.
-- Busca en los sitios de ofertas de la comunidad en línea de tu país. Estos pueden alertarle de buenas ventas.
-- Google proporciona una lista que muestra el [ciclo de soporte](https://support.google.com/nexus/answer/4457705) para cada uno de sus dispositivos. El precio por día de un aparato puede calcularse como: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Coste</mtext> <mrow> <mtext>Fecha de Fin de Vida Útil</mtext> <mo>−</mo> <mtext>Fecha Actual</mtext> </mrow> </mfrac> </math> lo que significa que cuanto más tiempo se utilice el dispositivo, menor será el coste diario.
-- Si el Pixel no está disponible en tu región, el [NitroPhone](https://shop.nitrokey.com/shop) puede enviarse a nivel mundial.
-
-## Aplicaciones generales
-
-En este sitio recomendamos una amplia variedad de aplicaciones para Android. Las aplicaciones enumeradas aquí son exclusivas de Android y mejoran o sustituyen específicamente funciones clave del sistema.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Logotipo de Shelter](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** es una aplicación que te ayuda a aprovechar la funcionalidad perfil de trabajo de Android para aislar o duplicar aplicaciones en tu dispositivo.
-
-Shelter permite bloquear la búsqueda de contactos entre perfiles y compartir archivos entre perfiles a través del gestor de archivos predeterminado ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repositorio](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Código Fuente" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribuir }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Advertencia</p>
-
-Se recomienda Shelter en lugar de [Insular](https://secure-system.gitlab.io/Insular) e [Island](https://github.com/oasisfeng/island), ya que admite [bloqueo de búsqueda de contactos](https://secure-system.gitlab.io/Insular/faq.html).
-
-Al usar Shelter, está depositando toda su confianza en su desarrollador, ya que Shelter actúa como [Administrador de dispositivos](https://developer.android.com/guide/topics/admin/device-admin) para crear el perfil de trabajo, y tiene un amplio acceso a los datos almacenados en él.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Logo de Secure Camera](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Logo de Secure camera](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** es una aplicación de cámara centrada en la privacidad y la seguridad que puede capturar imágenes, vídeos y códigos QR. Las extensiones de proveedor de CameraX (Retrato, HDR, Visión nocturna, Retoque facial y Auto) también son compatibles con los dispositivos disponibles.
-
-[:octicons-repo-16: Repositorio](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentación}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Código Fuente" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuir }
-
-<details class="downloads" markdown>
-<summary>Downloads "Descargas"</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Las principales características de privacidad incluyen:
-
-- Eliminación automática de los metadatos [Exif](https://en.wikipedia.org/wiki/Exif) (activada por defecto)
-- Uso de la nueva API [Media](https://developer.android.com/training/data-storage/shared/media), por lo que no se requieren [permisos de almacenamiento ](https://developer.android.com/training/data-storage)
-- No se requiere permiso de micrófono a menos que desees grabar sonido
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Nota</p>
-
-Actualmente no se eliminan los metadatos de los archivos de vídeo, pero está previsto hacerlo.
-
-Los metadatos de orientación de la imagen no se borran. Si habilitas la ubicación (en la cámara segura), * * tampoco se eliminará * *. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** es un visor de PDF basado en [pdf.js](https://en.wikipedia.org/wiki/PDF.js) que no requiere permisos. El PDF se introduce en un [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(desarrollo_software)) [webview](https://developer.android.com/guide/webapps/webview). Esto significa que no necesita permiso para acceder directamente a contenidos o archivos.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) se utiliza para garantizar que las propiedades de JavaScript y de estilo dentro de WebView sean enteramente de contenido estático.
-
-[:octicons-repo-16: Repositorio](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Código Fuente" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuir }
-
-<details class="downloads" markdown>
-<summary>Downloads "Descargas"</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obteniendo Aplicaciones
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** es un gestor de aplicaciones que te permite instalar y actualizar aplicaciones directamente desde la página de lanzamientos propia del creador (por ejemplo, GitHub, GitLab, la página del desarrollador, etc.), en vez de una tienda de aplicaciones o repositorio centralizados. Este permite las actualizaciones en segundo plano en Android 12 y versiones más recientes.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads "Descargas"</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtenium te permite descargar archivos instaladores APK desde una gran variedad de fuentes, y depende de ti asegurarte que esas fuentes y aplicaciones son legítimas. Por ejemplo, utilizar Obtainium para instalar Signal desde [la página oficial de Signal](https://signal.org/android/apk) puede estar bien, pero realizar la instalación desde repositorios de terceros como Aptoide o APKPure puede generar riesgos adicionales. El riesgo de instalar una *actualización* maliciosa es bajo, porque Android verifica por sí mismo que todas las actualizaciones de aplicaciones estén firmadas por el mismo desarrollador de las aplicaciones existentes antes de ser instaladas.
-
-### Tienda de aplicaciones GrapheneOS
-
-La tienda de aplicaciones de GrapheneOS está disponible en [GitHub](https://github.com/GrapheneOS/Apps/releases). Soporta Android 12 o superior y es capaz de actualizarse a sí mismo. La tienda de aplicaciones cuenta con aplicaciones independientes creadas por el proyecto GrapheneOS, como [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera) y [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). Si estás buscando estas aplicaciones, te recomendamos que las obtengas desde la tienda de aplicaciones de GrapheneOS en lugar de la Play Store, ya que las aplicaciones en su tienda están firmadas por la propia firma del proyecto de GrapheneOS a la que Google no tiene acceso.
-
-### Aurora Store
-
-La tienda de Google Play requiere una cuenta de Google para iniciar sesión, lo que no es ideal para la privacidad. Eso se puede evitar utilizando un cliente alternativo, como Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Logo Aurora Store](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** es un cliente de Google Play Store que no requiere de una cuenta de Google, Servicios Google Play, o microG para descargar aplicaciones.
-
-[:octicons-home-16: Página Principal](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Política de Privacidad" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Código Fuente" }
-
-<details class="downloads" markdown>
-<summary>Downloads "Descargas"</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store no te permite descargar aplicaciones de pago con su función de cuenta anónima. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manualmente con notificaciones RSS
-
-Para las aplicaciones que se publican en plataformas como GitHub y GitLab, puedes añadir un canal RSS a tu [agregador de noticias](news-aggregators.md) que te ayudará a estar al tanto de las nuevas versiones.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![Cambios en APKs](./assets/img/android/rss-changes-light.png#only-light) ![Cambios en el APK](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-En GitHub, utilizando [Secure Camera](#secure-camera) como ejemplo navegarías a su [página de lanzamientos](https://github.com/GrapheneOS/Camera/releases) y añadirías `.atom` a la URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-En GitLab, utilizando [Aurora Store](#aurora-store) como ejemplo, irías a su [repositorio de proyecto](https://gitlab.com/AuroraOSS/AuroraStore) y añadirías `/-/tags?format=atom` a la URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Comprobando Firmas de las APK
-
-Si descargas archivos APK para instalar manualmente, puedes verificar su firma con la herramienta [`apksigner`](https://developer.android.com/studio/command-line/apksigner), que es parte de Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Instala [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Descarga las [herramientas de línea de comandos de Android Studio](https://developer.android.com/studio#command-tools).
-
-3. Extrae el archivo descargado:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Ejecuta el comando de verificación de firmas:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. Los hashes resultantes pueden compararse con otra fuente. Algunos desarrolladores como Signal [muestran las huellas digitales](https://signal.org/android/apk) en su sitio web.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![Logotipo de F-Droid](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==Sólo recomendamos F-Droid como manera de obtener aplicaciones que no se pueden obtener por los métodos anteriores.== F-Droid regularmente es recomendado como una alternativa a Google Play, particularmente en la comunidad de la privacidad. La opción de añadir repositorios de terceros y no limitarse al jardín amurallado de Google ha dado lugar a su popularidad. Además, F-Droid tiene [compilaciones reproducibles](https://f-droid.org/en/docs/Reproducible_Builds) para algunas aplicaciones y está dedicado a software libre y de código abierto. Sin embargo, hay algunas desventajas relacionadas con la seguridad en cómo F-Droid compila, firma y entrega paquetes:
-
-Debido a su proceso de compilación de aplicaciones, las aplicaciones en el repositorio oficial de F-Droid suelen quedarse atrás en las actualizaciones. Los mantenedores de F-Droid también reutilizan IDs de paquetes mientras firman aplicaciones con sus propias claves, lo que no es ideal ya que le da al equipo F-Droid la máxima confianza. Adicionalmente, los requisitos para que una aplicación se incluya en el repositorio oficial de F-Droid son menos estrictos a comparación con otras tiendas de aplicaciones como Google Play, significando que F-Droid ofrece muchas aplicaciones desactualizadas, sin mantenimiento o que incumplen con los [estándares de seguridad modernos](https://developer.android.com/google/play/requirements/target-sdk).
-
-Otros repositorios de terceros para F-Droid como [IzzyOnDroid](https://apt.izzysoft.de/fdroid) remedian algunas de estas preocupaciones. El repositorio de IzzyOnDroid se construye directamente desde GitHub y es lo mejor para los repositorios propios de los desarrolladores. Sin embargo, esto no podemos recomendarlo en su totalidad, porque las aplicaciones suelen ser [removidas](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) del repositorio, si luego estas son agregadas al repositorio oficial de F-Droid. Si bien esto tiene sentido (ya que el objetivo de ese repositorio en particular es alojar aplicaciones antes de que sean aceptadas en el repositorio principal de F-Droid), puede dejarte con aplicaciones instaladas que ya no reciben actualizaciones.
-
-Dicho esto, los repositorios de [F-Droid](https://f-droid.org/en/packages) e [IzzyOnDroid](https://apt.izzysoft.de/fdroid) son el hogar de muchas aplicaciones, lo que los convierte en una herramienta útil para buscar y descubrir aplicaciones de código abierto que se pueden descargar a través de otros medios como la Play Store, Aurora Store u obteniendo el archivo APK directamente del desarrollador. Deberías utilizar tu mejor criterio al buscar nuevas aplicaciones a través de este método y vigilar la frecuencia de actualización de la aplicación. Las aplicaciones desactualizadas pueden depender en librerías no compatibles, entre otras cosas, suponiendo un potencial riesgo de seguridad.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-En algunos raros casos, el desarrollador de una aplicación splo la distribuirá a través de F-Droid ([Gadgetbridge](https://gadgetbridge.org/) es un ejemplo de ello). Si realmente necesitas una aplicación como esa, recomendamos utilizar el nuevo cliente [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic/) en vez de la aplicación original para obtenerla. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criterios
-
-**Por favor, ten en cuenta que no estamos afiliados con ninguno de los proyectos que recomendamos.** Además de [nuestros criterios estándar](about/criteria.md), hemos desarrollado un conjunto claro de requisitos que nos permiten ofrecer recomendaciones objetivas. Sugerimos que te familiarices con esta lista, antes de decidir utilizar un proyecto y realizar tu propia investigación para asegurarte de que es la elección ideal para ti.
-
-### Sistema Operativo
-
-- Debe ser software de código abierto.
-- Debe soportar el bloqueo del cargador de arranque con soporte de clave AVB personalizada.
-- Debe recibir las principales actualizaciones de Android dentro de 0-1 meses desde su lanzamiento.
-- Debe recibir actualizaciones de las funciones de Android (versión menor) en un plazo de 0 a 14 días desde su lanzamiento.
-- Debe recibir parches de seguridad periódicos en un plazo de 0 a 5 días desde su publicación.
-- **No **debe estar "rooteado" de serie.
-- **No** debe tener habilitados los servicios de Google Play por defecto.
-- **No** debe requerir modificación del sistema para soportar Google Play Services.
-
-### Dispositivos
-
-- Debe ser compatible con al menos uno de nuestros sistemas operativos personalizados recomendados.
-- Debe venderse actualmente nuevo en las tiendas.
-- Debe recibir un mínimo de 5 años de actualizaciones de seguridad.
-- Debe tener un hardware de elementos seguros dedicado.
-
-### Aplicaciones
-
-- Las aplicaciones en esta página no deben ser aplicables a ninguna otra categoría de software en el sitio.
-- Las aplicaciones generales deben ampliar o sustituir las funciones básicas del sistema.
-- Las aplicaciones deben recibir actualizaciones y mantenimiento periódicos.
diff --git a/i18n/es/android/distributions.md b/i18n/es/android/distributions.md
new file mode 100644
index 00000000..ab31bee6
--- /dev/null
+++ b/i18n/es/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Advertencia</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criterios
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Sugerimos que te familiarices con esta lista, antes de decidir utilizar un proyecto y realizar tu propia investigación para asegurarte de que es la elección ideal para ti.
+
+- Debe ser software de código abierto.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/es/android/general-apps.md b/i18n/es/android/general-apps.md
new file mode 100644
index 00000000..b0d4b188
--- /dev/null
+++ b/i18n/es/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Advertencia</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads "Descargas"</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Nota</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads "Descargas"</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criterios
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Sugerimos que te familiarices con esta lista, antes de decidir utilizar un proyecto y realizar tu propia investigación para asegurarte de que es la elección ideal para ti.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/es/android/index.md b/i18n/es/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/es/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/es/android/obtaining-apps.md b/i18n/es/android/obtaining-apps.md
new file mode 100644
index 00000000..fbd63cdf
--- /dev/null
+++ b/i18n/es/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads "Descargas"</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads "Descargas"</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/es/basics/why-privacy-matters.md b/i18n/es/basics/why-privacy-matters.md
index b355118a..6154367f 100644
--- a/i18n/es/basics/why-privacy-matters.md
+++ b/i18n/es/basics/why-privacy-matters.md
@@ -43,7 +43,7 @@ Todos estos conceptos se solapan, pero es posible tener cualquier combinación d
 
 Un argumento común contra los movimientos a favor de la privacidad es la noción de que uno no necesita privacidad si no tiene **"nada que ocultar".** Se trata de una idea errónea y peligrosa, porque crea la sensación de que las personas que exigen privacidad deben ser pervertidas, criminales o estar equivocadas.
 
-==No deberías confundir privacidad con secretismo.== Sabemos lo que sucede en el baño, pero aun así cierras la puerta. Esto se debe a que quieres privacidad, no secretismo. Siempre hay ciertos datos sobre nosotros -por ejemplo, información personal sobre nuestra salud o nuestro comportamiento sexual- que no querríamos que todo el mundo conociera, y eso está bien. La necesidad de privacidad es legítima, y eso es lo que nos hace humanos. La privacidad consiste en potenciar tus derechos sobre tu propia información, no en ocultar secretos.
+==No deberías confundir privacidad con secretismo.== Sabemos lo que sucede en el baño, pero aun así cierras la puerta. That's because you want privacy, not secrecy. Siempre hay ciertos datos sobre nosotros -por ejemplo, información personal sobre nuestra salud o nuestro comportamiento sexual- que no querríamos que todo el mundo conociera, y eso está bien. La necesidad de privacidad es legítima, y eso es lo que nos hace humanos. La privacidad consiste en potenciar tus derechos sobre tu propia información, no en ocultar secretos.
 
 ## ¿Es la Privacidad una Cuestión de Control?
 
diff --git a/i18n/es/device-integrity.md b/i18n/es/device-integrity.md
index f6a8c147..32f9e6a3 100644
--- a/i18n/es/device-integrity.md
+++ b/i18n/es/device-integrity.md
@@ -163,9 +163,9 @@ El uso de estas aplicaciones no basta para determinar que un dispositivo está "
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. Esto proporciona una comprobación muy sólida de la integridad del propio dispositivo, pero no comprueba necesariamente si las aplicaciones a nivel de usuario que se ejecutan en el dispositivo son maliciosas.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. Esto proporciona una comprobación muy sólida de la integridad del propio dispositivo, pero no comprueba necesariamente si las aplicaciones a nivel de usuario que se ejecutan en el dispositivo son maliciosas.
 
-El auditor realiza la atestación y la detección de intrusiones con **dos** dispositivos, uno _auditado_ (el dispositivo que se verifica) y un _auditor_ (el dispositivo que realiza la verificación). El auditor puede ser cualquier dispositivo Android 10+ (o un servicio web remoto operado por [GrapheneOS](android.md#grapheneos)), mientras que el auditado debe ser específicamente un [dispositivo soportado](https://attestation.app/about#device-support). Auditor funciona así:
+El auditor realiza la atestación y la detección de intrusiones con **dos** dispositivos, uno _auditado_ (el dispositivo que se verifica) y un _auditor_ (el dispositivo que realiza la verificación). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor funciona así:
 
 - DocumentaciónUtilizando un modelo [Confiar en el Primer Uso (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) entre un _auditor_ y un _auditado_, la pareja establece una clave privada en el [almacén de claves respaldado por hardware](https://source.android.com/security/keystore) del _Auditor_.
 - El _auditor_ puede ser otra instancia de la aplicación Auditor o el [Servicio de Certificación a Distancia](https://attestation.app).
@@ -197,7 +197,7 @@ El uso de estas aplicaciones no basta para determinar que un dispositivo está "
 ![Logo de Hypatia](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Logo de Hypatia](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** es un escáner de malware en tiempo real para Android, creado por el desarrollador de [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Página principal](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Política de privacidad" }
diff --git a/i18n/es/mobile-phones.md b/i18n/es/mobile-phones.md
new file mode 100644
index 00000000..2d46aa9c
--- /dev/null
+++ b/i18n/es/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Advertencia</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criterios
+
+**Por favor, ten en cuenta que no estamos afiliados con ninguno de los proyectos que recomendamos.** Además de [nuestros criterios estándar](about/criteria.md), hemos desarrollado un conjunto claro de requisitos que nos permiten ofrecer recomendaciones objetivas. Sugerimos que te familiarices con esta lista, antes de decidir utilizar un proyecto y realizar tu propia investigación para asegurarte de que es la elección ideal para ti.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/es/os/android-overview.md b/i18n/es/os/android-overview.md
index 9677b3d5..45c8f6e1 100644
--- a/i18n/es/os/android-overview.md
+++ b/i18n/es/os/android-overview.md
@@ -18,7 +18,7 @@ Este problema puede ser solucionado al usar una distribución modificada de Andr
 
 Idealmente, cuando escojas una distribución de Android, deberías asegurarte de que mantenga el modelo de seguridad de Android. Al menos, la distribución debería tener compilaciones de producción, soporte para AVB, protección de reversión, actualizaciones oportunas del firmware y el sistema operativo, y tener a SELinux en [modo de cumplimiento](https://source.android.com/security/selinux/concepts#enforcement_levels). Todas nuestras distribuciones recomendadas para Android cumplen con estos criterios.
 
-[Nuestras recomendaciones del sistema Android :material-arrow-right:](../android.md ""){.md-button}
+[Nuestras recomendaciones del sistema Android :material-arrow-right:](../android/distributions.md ""){.md-button}
 
 ### Evita el Rooting
 
@@ -125,7 +125,7 @@ Con los perfiles de usuario, puedes imponer restricciones a un perfil específic
 
 Los [perfiles de trabajo](https://support.google.com/work/android/answer/6191949) son otra manera de aislar aplicaciones individuales y pueden ser más convenientes que usar perfiles de usuario separados.
 
-Para crear un perfil de trabajo sin un MDM empresarial se necesita una aplicación de **controlador de dispositivo** como [Shelter](../android.md#shelter), a menos que se utilice un sistema operativo personalizado de Android que incluya uno.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 El perfil de trabajo depende de un controlador de dispositivo para funcionar. Características como el *transbordador de archivos* y el *bloqueo de búsqueda de contactos* o cualquier tipo de característica de aislamiento debe ser implementada por el controlador. También debes confiar plenamente en la aplicación del controlador del dispositivo, ya que tiene acceso total a tus datos dentro del perfil de trabajo.
 
diff --git a/i18n/es/os/index.md b/i18n/es/os/index.md
index eaf75ca8..01b394ea 100644
--- a/i18n/es/os/index.md
+++ b/i18n/es/os/index.md
@@ -4,7 +4,7 @@ title: Sistemas Operativos
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/es/os/ios-overview.md b/i18n/es/os/ios-overview.md
index f560255b..5e86965d 100644
--- a/i18n/es/os/ios-overview.md
+++ b/i18n/es/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS es un sistema operativo móvil desarrollado por Apple para el i
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. Sin embargo, el carácter restrictivo del ecosistema de Apple -especialmente con sus dispositivos móviles- sigue obstaculizando la privacidad de varias maneras.
 
-En general, consideramos que iOS ofrece una protección de la privacidad y la seguridad mejor que la media para la mayoría de la gente, en comparación con los dispositivos Android de serie de cualquier fabricante. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+En general, consideramos que iOS ofrece una protección de la privacidad y la seguridad mejor que la media para la mayoría de la gente, en comparación con los dispositivos Android de serie de cualquier fabricante. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Bloqueo de Activación
 
diff --git a/i18n/es/os/windows/group-policies.md b/i18n/es/os/windows/group-policies.md
index 1963f8fc..cd464830 100644
--- a/i18n/es/os/windows/group-policies.md
+++ b/i18n/es/os/windows/group-policies.md
@@ -14,7 +14,7 @@ You can find these settings by opening `gpedit.msc` and navigating to **Local Co
 
 To change any group policy, double click it and select Enabled or Disabled at the top of the window that appears depending on the recommendations below. Some group policies have additional settings that can be configured, and if that's the case the appropriate settings are noted below as well.
 
-### Sistema
+### System
 
 #### Device Guard
 
diff --git a/i18n/es/pastebins.md b/i18n/es/pastebins.md
new file mode 100644
index 00000000..7abf2d37
--- /dev/null
+++ b/i18n/es/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Los datos se cifran/descifran en el navegador utilizando AES de 256 bits. Es la versión mejorada de ZeroBin.
+
+[:octicons-home-16: Página Principal](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Instancias Públicas"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentación}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Código Fuente" }
+
+</div>
+
+## Criterios
+
+**Por favor, ten en cuenta que no estamos afiliados con ninguno de los proyectos que recomendamos.** Además de [nuestros criterios estándar](about/criteria.md), hemos desarrollado un conjunto claro de requisitos que nos permiten ofrecer recomendaciones objetivas. Sugerimos que te familiarices con esta lista, antes de decidir utilizar un proyecto y realizar tu propia investigación para asegurarte de que es la elección ideal para ti.
+
+### Requisitos Mínimos
+
+- Debe ser de código abierto.
+- Debe implementar el cifrado de extremo a extremo de "confianza cero".
+- Debe admitir archivos protegidos por contraseña.
+
+### Mejor Caso
+
+Nuestro criterio del mejor caso representa lo que nos gustaría ver del proyecto perfecto en esta categoría. Es posible que nuestras recomendaciones no incluyan todas o algunas de estas funciones, pero las que sí las incluyan pueden estar mejor clasificadas que otras en esta página.
+
+- Debe tener una auditoría publicada por una tercera parte independiente y de buena reputación.
diff --git a/i18n/es/productivity.md b/i18n/es/productivity.md
index ae041c02..7864af1e 100644
--- a/i18n/es/productivity.md
+++ b/i18n/es/productivity.md
@@ -154,39 +154,6 @@ En general, definimos las paquetes ofimáticos como aplicaciones que podrían su
 - Debe admitir la edición de documentos, hojas de cálculo y presentaciones de diapositivas.
 - Debe exportar archivos a formatos de documento estándar.
 
-## Servicios Pastebin
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** es un pastebin en línea minimalista y de código abierto en el que el servidor no tiene ningún conocimiento de los datos pegados. Los datos se cifran/descifran en el navegador utilizando AES de 256 bits. Es la versión mejorada de ZeroBin.
-
-[:octicons-home-16: Página Principal](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Instancias Públicas"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentación}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Código Fuente" }
-
-</div>
-
-### Criterios
-
-**Por favor, ten en cuenta que no estamos afiliados con ninguno de los proyectos que recomendamos.** Además de [nuestros criterios estándar](about/criteria.md), hemos desarrollado un conjunto claro de requisitos que nos permiten ofrecer recomendaciones objetivas. Sugerimos que te familiarices con esta lista, antes de decidir utilizar un proyecto y realizar tu propia investigación para asegurarte de que es la elección ideal para ti.
-
-#### Requisitos Mínimos
-
-- Debe ser de código abierto.
-- Debe implementar el cifrado de extremo a extremo de "confianza cero".
-- Debe admitir archivos protegidos por contraseña.
-
-#### Mejor Caso
-
-Nuestro criterio del mejor caso representa lo que nos gustaría ver del proyecto perfecto en esta categoría. Es posible que nuestras recomendaciones no incluyan todas o algunas de estas funciones, pero las que sí las incluyan pueden estar mejor clasificadas que otras en esta página.
-
-- Debe tener una auditoría publicada por una tercera parte independiente y de buena reputación.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/es/tools.md b/i18n/es/tools.md
index e148e6eb..fb29111d 100644
--- a/i18n/es/tools.md
+++ b/i18n/es/tools.md
@@ -394,16 +394,25 @@ Para cifrar la unidad de su sistema operativo, normalmente recomendamos utilizar
 
 [Más información :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Más información :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Herramientas de Productividad
 
 <div class="grid cards" markdown>
 
-- ![logo de Nextcloud](assets/img/productivity/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud (Self-Hostable)](productivity.md#nextcloud)
-- ![logo de LibreOffice](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
-- ![logo de OnlyOffice](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
-- ![logo de CryptPad](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![logo de PrivateBin](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
-- ![logo de LanguageTool](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
+- ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud (Self-Hostable)](productivity.md#nextcloud)
+- ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
+- ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
+- ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
+- ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
 
@@ -437,32 +446,53 @@ Para cifrar la unidad de su sistema operativo, normalmente recomendamos utilizar
 
 [Más información :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Más información :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Sistemas Operativos
 
 ### Móvil
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![logo de GrapheneOS](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![logo de DivestOS](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Más información :material-arrow-right-drop-circle:](android.md)
+[Más información :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Aplicaciones de Android
 
 <div class="grid cards" markdown>
 
-- ![logo de Obtainium](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![logo de Aurora Store](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![logo de Shelter](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![logo de Secure Camera](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![logo de Secure PDF Viewer](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Más información :material-arrow-right-drop-circle:](android.md#general-apps)
+[Más información :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Más información :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Escritorio/PC
 
diff --git a/i18n/fa/android.md b/i18n/fa/android.md
deleted file mode 100644
index 32edc357..00000000
--- a/i18n/fa/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP Derivatives
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** is the best choice when it comes to privacy and security.
-
-GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Operating Systems
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/fa/android/distributions.md b/i18n/fa/android/distributions.md
new file mode 100644
index 00000000..b01bb172
--- /dev/null
+++ b/i18n/fa/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/fa/android/general-apps.md b/i18n/fa/android/general-apps.md
new file mode 100644
index 00000000..d13deac9
--- /dev/null
+++ b/i18n/fa/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/fa/android/index.md b/i18n/fa/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/fa/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/fa/android/obtaining-apps.md b/i18n/fa/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/fa/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/fa/device-integrity.md b/i18n/fa/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/fa/device-integrity.md
+++ b/i18n/fa/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/fa/mobile-phones.md b/i18n/fa/mobile-phones.md
new file mode 100644
index 00000000..c4e2ccc1
--- /dev/null
+++ b/i18n/fa/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/fa/os/android-overview.md b/i18n/fa/os/android-overview.md
index 07ff0492..8f6d59de 100644
--- a/i18n/fa/os/android-overview.md
+++ b/i18n/fa/os/android-overview.md
@@ -18,7 +18,7 @@ This problem could be solved by using a custom Android distribution that does no
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Our Android System Recommendations :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Avoid Rooting
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/fa/os/index.md b/i18n/fa/os/index.md
index 25f7d659..cb628588 100644
--- a/i18n/fa/os/index.md
+++ b/i18n/fa/os/index.md
@@ -4,7 +4,7 @@ title: Operating Systems
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/fa/os/ios-overview.md b/i18n/fa/os/ios-overview.md
index c1149459..dc5971d8 100644
--- a/i18n/fa/os/ios-overview.md
+++ b/i18n/fa/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/fa/pastebins.md b/i18n/fa/pastebins.md
new file mode 100644
index 00000000..66d41268
--- /dev/null
+++ b/i18n/fa/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Must be open source.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/fa/productivity.md b/i18n/fa/productivity.md
index 4c275a95..c1f0e4c4 100644
--- a/i18n/fa/productivity.md
+++ b/i18n/fa/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
-- Must be open source.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/fa/tools.md b/i18n/fa/tools.md
index fbad1ded..4818cfa8 100644
--- a/i18n/fa/tools.md
+++ b/i18n/fa/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Productivity Tools
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Operating Systems
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md)
+[Learn more :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android Apps
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md#general-apps)
+[Learn more :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/fr/android.md b/i18n/fr/android.md
deleted file mode 100644
index 0420d77d..00000000
--- a/i18n/fr/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Recommandations Android : GrapheneOS et DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: Vous pouvez remplacer le système d'exploitation de votre téléphone Android par ces alternatives sécurisées et respectueuses de la vie privée.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Systèmes d'exploitation Android privés
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Logo d'Android](assets/img/android/android.svg){ align=right }
-
-**Android Open Source Project** est un système d'exploitation mobile open source dirigé par Google qui équipe la majorité des appareils mobiles dans le monde. La plupart des téléphones vendus avec Android sont modifiés pour inclure des intégrations et des applications invasives telles que Google Play Services. Vous pouvez donc améliorer considérablement votre vie privée sur votre appareil mobile en remplaçant l'installation par défaut de votre téléphone par une version d'Android dépourvue de ces fonctionnalités invasives.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-Voici les systèmes d'exploitation, les appareils et les applications Android que nous recommandons pour optimiser la sécurité et la confidentialité de votre appareil mobile. Pour en savoir plus sur Android :
-
-[Présentation générale d'Android :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## Dérivés de AOSP
-
-Nous vous recommandons d'installer l'un de ces systèmes d'exploitation Android personnalisés sur votre appareil, classés par ordre de préférence, en fonction de la compatibilité de votre appareil avec ces systèmes d'exploitation.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. Ces appareils ne peuvent pas être considérés comme totalement sûrs, quel que soit le logiciel installé.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![Logo GrapheneOS](assets/img/android/grapheneos.svg#only-light){ align=right }
-![Logo GrapheneOS](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** est le meilleur choix en matière de confidentialité et de sécurité.
-
-GrapheneOS apporte des améliorations supplémentaires en matière de [renforcement de la sécurité](https://fr.wikipedia.org/wiki/Durcissement_%28informatique%29) et de confidentialité. Il dispose d'un [allocateur de mémoire renforcé](https://github.com/GrapheneOS/hardened_malloc), d'autorisations pour le réseau et les capteurs, et de diverses autres [fonctions de sécurité](https://grapheneos.org/features). GrapheneOS est également livré avec des mises à jour complètes du micrologiciel et des versions signées, de sorte que le démarrage vérifié est entièrement pris en charge.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS prend en charge [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), qui exécute les [Services Google Play](https://fr.wikipedia.org/wiki/Services_Google_Play) entièrement sandboxed comme toute autre application normale. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Pourquoi nous recommandons GrapheneOS plutôt que CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS hérite de nombreux [appareils pris en charge](https://divestos.org/index.php?page=devices&base=LineageOS) de LineageOS. Il a des versions signées, ce qui permet d'avoir un [démarrage vérifié](https://source.android.com/security/verifiedboot) sur certains appareils autres que des Pixel.
-
-[:octicons-home-16: Page d'accueil](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Service onion" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Politique de confidentialité" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Code source" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribuer }
-
-</div>
-
-DivestOS a une [correction](https://gitlab.com/divested-mobile/cve_checker) automatique des vulnérabilités de noyau ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)), moins de blobs propriétaires, et un fichier [hosts](https://divested.dev/index.php?page=dnsbl) personnalisé. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS inclut également les correctifs de noyau de GrapheneOS et active toutes les fonctions de sécurité de noyau disponibles via le [renforcement defconfig](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS met en œuvre certains correctifs de renforcement du système développés à l'origine pour GrapheneOS. DivestOS 16.0 et plus implémente les autorisations [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) et SENSORS de GrapheneOS, l'[allocateur de mémoire renforcé](https://github.com/GrapheneOS/hardened_malloc), l'[exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), la [constification](https://en.wikipedia.org/wiki/Java_Native_Interface) [JNI](https://en.wikipedia.org/wiki/Const_(computer_programming)), et des patchs de renforcement [bioniques](https://en.wikipedia.org/wiki/Bionic_(software)) partiels. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS utilise F-Droid comme magasin d'applications par défaut. Nous [recommandons normalement d'éviter F-Droid](#f-droid), mais ce n'est pas possible sur DivestOS ; les développeurs mettent à jour leurs applications via leurs propres dépôts F-Droid ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) et [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. Pour les autres applications, nos méthodes recommandées pour les obtenir restent applicables.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Avertissement</p>
-
-L'[état](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) des mises à jour du micrologiciel DivestOS et le contrôle de la qualité varient selon les appareils qu'il prend en charge. Nous recommandons toujours GrapheneOS en fonction de la compatibilité de votre appareil. Pour les autres appareils, DivestOS est une bonne alternative.
-
-Tous les appareils pris en charge ne disposent pas d'un démarrage vérifié, et certains le font mieux que d'autres.
-
-</div>
-
-## Appareils Android
-
-Lorsque vous achetez un appareil, nous vous recommandons d'en prendre un aussi neuf que possible. Les logiciels et les micrologiciels des appareils mobiles ne sont pris en charge que pour une durée limitée. L'achat de nouveaux appareils permet donc de prolonger cette durée de vie autant que possible.
-
-Évitez d'acheter des téléphones auprès des opérateurs de réseaux mobiles. Ces derniers ont souvent un **chargeur d'amorçage verrouillé** et ne supportent pas le [déverrouillage constructeur](https://source.android.com/devices/bootloader/locking_unlocking). Ces variantes de téléphone vous empêcheront d'installer tout type de distribution Android alternative.
-
-Soyez très **prudent** lorsque vous achetez des téléphones d'occasion sur des marchés en ligne. Vérifiez toujours la réputation du vendeur. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). Il y a également un risque d'être associé à l'activité de l'ancien propriétaire.
-
-Quelques conseils supplémentaires concernant les appareils Android et la compatibilité des systèmes d'exploitation :
-
-- N'achetez pas d'appareils qui ont atteint ou sont sur le point d'atteindre leur fin de vie, des mises à jour supplémentaires du micrologiciel doivent être fournies par le fabricant.
-- N'achetez pas de téléphones LineageOS ou /e/ OS préchargés ou tout autre téléphone Android sans prise en charge adéquate du [Démarrage Vérifié](https://source.android.com/security/verifiedboot) et sans mises à jour du micrologiciel. En outre, ces appareils ne vous permettent pas de vérifier s'ils ont été manipulés.
-- En bref, si un appareil ou une distribution Android ne figure pas dans cette liste, il y a probablement une bonne raison. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Les téléphones Google Pixel sont les **seuls** appareils dont nous recommandons l'achat. Les téléphones Pixel ont une sécurité matérielle plus forte que tous les autres appareils Android actuellement sur le marché, grâce à une prise en charge AVB adéquate pour les systèmes d'exploitation tiers et aux puces de sécurité personnalisées [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) de Google faisant office d'Elément Sécurisé.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-Les appareils **Google Pixel** sont connus pour avoir une bonne sécurité et prendre correctement en charge le [Démarrage Vérifié](https://source.android.com/security/verifiedboot), même lors de l'installation de systèmes d'exploitation personnalisés.
-
-À partir des **Pixel 8** et **8 Pro**, les appareils Pixel bénéficient d'un minimum de 7 ans de mises à jour de sécurité garanties, ce qui leur assure une durée de vie bien plus longue que les 2 à 5 ans généralement proposés par les constructeurs concurrents.
-
-[:material-shopping: Boutique](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Les Eléments Sécurisés comme le Titan M2 sont plus limités que le Trusted Execution Environment du processeur utilisé par la plupart des autres téléphones, car ils ne sont utilisés que pour le stockage des secrets, l'attestation matérielle et la limitation du débit, et non pour exécuter des programmes "de confiance". Les téléphones dépourvus d'un Elément Sécurisé doivent utiliser le TEE pour *toutes* ces fonctions, ce qui élargit la surface d'attaque.
-
-Les téléphones Google Pixel utilisent un OS TEE appelé Trusty qui est [open source](https://source.android.com/security/trusty#whyTrusty), contrairement à de nombreux autres téléphones.
-
-L'installation de GrapheneOS sur un téléphone Pixel est facile avec leur [installateur web](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-Quelques conseils supplémentaires pour l'achat d'un Google Pixel :
-
-- Si vous cherchez une bonne affaire pour un appareil Pixel, nous vous suggérons d'acheter un modèle "**a**", juste après la sortie du prochain produit phare de la marque. Des remises sont généralement disponibles parce que Google essaie d'écouler son stock.
-- Tenez compte des offres spéciales et réductions proposées par les magasins en dur.
-- Consultez les sites communautaires de bonnes affaires en ligne dans votre pays. Ils peuvent vous alerter lors de bonnes ventes.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- Si le pixel n'est pas disponible dans votre région, le [NitroPhone](https://shop.nitrokey.com/shop) peut être expédié dans le monde entier.
-
-## Applications générales
-
-Nous recommandons une grande variété d'applications Android sur ce site. Les applications répertoriées ici sont exclusives à Android et améliorent ou remplacent les principales fonctionnalités du système.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Logo Shelter](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** est une application qui vous aide à tirer parti de la fonctionnalité Profil professionnel d'Android pour isoler ou dupliquer des applications sur votre appareil.
-
-Shelter prend en charge le blocage de la recherche de contacts entre profils et le partage de fichiers entre profils via le gestionnaire de fichiers par défaut ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Avertissement</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-En utilisant Shelter, vous accordez une confiance totale à son développeur, car Shelter agit en tant qu'[administrateur de l'appareil](https://developer.android.com/guide/topics/admin/device-admin) pour créer le Profil professionnel, et il a un accès étendu aux données stockées dans ce dernier.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Logo de Secure Camera](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Logo de Secure Camera](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** est une application de caméra axée sur la confidentialité et la sécurité qui peut capturer des images, des vidéos et des QR codes. Les extensions du vendeur CameraX (Portrait, HDR, Night Sight, Face Retouch et Auto) sont également prises en charge sur les appareils disponibles.
-
-[:octicons-repo-16: Dépôt](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Code source" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuer }
-
-<details class="downloads" markdown>
-<summary>Téléchargements</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: Magasin d'applications de GrapheneOS](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Les principales caractéristiques de confidentialité comprennent :
-
-- Suppression automatique des métadonnées [Exif](https://en.wikipedia.org/wiki/Exif) (activée par défaut)
-- Utilisation de la nouvelle API [Media](https://developer.android.com/training/data-storage/shared/media), donc les [autorisations de stockage](https://developer.android.com/training/data-storage) ne sont pas nécessaires
-- L'autorisation microphone n'est pas nécessaire, sauf si vous souhaitez enregistrer des sons
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Les métadonnées ne sont pour le moment pas supprimées des fichiers vidéo, mais cela est prévu.
-
-Les métadonnées d'orientation de l'image ne sont pas supprimées. Si vous activez la fonction de localisation (dans Secure Camera), elle ne **sera pas** non plus supprimée. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Logo de Secure PDF Viewer](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Logo de Secure PDF Viewer](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** est un visualiseur de PDF basé sur [pdf.js](https://en.wikipedia.org/wiki/PDF.js) qui ne nécessite aucune autorisation. Le PDF est introduit dans une [webview](https://developer.android.com/guide/webapps/webview) [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)). Cela signifie qu'il n'a pas besoin d'autorisation directe pour accéder au contenu ou aux fichiers.
-
-[Content-Security-Policy](https://fr.wikipedia.org/wiki/Content_Security_Policy) est utilisé pour faire en sorte que les propriétés JavaScript et de style dans la WebView soient entièrement statiques.
-
-[:octicons-repo-16: Dépôt](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Code source" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuer }
-
-<details class="downloads" markdown>
-<summary>Téléchargements</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtenir des applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![logo Obtainium](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** est un gestionnaire d'applications qui vous permet d'installer et de mettre à jour des applications directement à partir de la page de publication du développeur (i.e. GitHub, GitLab, le site web du développeur, etc.), plutôt qu'un magasin d'applications/dépôt centralisé. Il prend en charge les mises à jour automatiques en arrière-plan sur Android 12 et les versions ultérieures.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Téléchargements</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium vous permet de télécharger des fichiers d'installation APK à partir d'une grande variété de sources, et c'est à vous de vous assurer que ces sources et ces applications sont légitimes. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. Le risque d'installer une *mise à jour* malveillante est plus faible, car Android vérifie lui-même que toutes les mises à jour d'applications sont signées par le même développeur que l'application existante sur votre téléphone avant de les installer.
-
-### Magasin d'applications de GrapheneOS
-
-Le magasin d'applications de GrapheneOS est disponible sur [GitHub](https://github.com/GrapheneOS/Apps/releases). Il prend en charge Android 12 et plus et est capable de se mettre à jour. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). Si vous recherchez ces applications, nous vous recommandons vivement de les obtenir à partir du magasin d'applications de GrapheneOS plutôt que du Play Store, car les applications de leur magasin sont signées par la signature du projet GrapheneOS à laquelle Google n'a pas accès.
-
-### Aurora Store
-
-Le Google Play Store nécessite un compte Google pour se connecter, ce qui n'est pas idéal pour la confidentialité. Vous pouvez contourner ce problème en utilisant un client alternatif, tel que Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Logo Aurora Store](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** est un client Google Play Store qui ne nécessite pas de compte Google, de services Google Play ou microG pour télécharger des applications.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Téléchargements</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store ne vous permet pas de télécharger des applications payantes grâce à sa fonction de compte anonyme. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manuellement avec les notifications RSS
-
-Pour les applications publiées sur des plateformes telles que GitHub et GitLab, vous pouvez ajouter un flux RSS à votre [agrégateur d'actualités](news-aggregators.md) qui vous aidera à suivre les nouvelles versions.
-
-![APK RSS](./assets/img/android/rss-apk-light.png#only-light) ![APK RSS](./assets/img/android/rss-apk-dark.png#only-dark) ![Notes de version APK](./assets/img/android/rss-changes-light.png#only-light) ![Notes de version APK](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-Sur GitHub, en prenant l'exemple de [Secure Camera](#secure-camera), vous naviguez vers sa [page de publications](https://github.com/GrapheneOS/Camera/releases) et ajoutez `.atom` à l'URL :
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-Sur GitLab, en prenant l'exemple de [Aurora Store](#aurora-store), vous naviguez vers son [dépôt de projet](https://gitlab.com/AuroraOSS/AuroraStore) et ajoutez `/-/tags?format=atom` à l'URL :
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Vérifier les empreintes numériques des APK
-
-Si vous téléchargez des fichiers APK à installer manuellement, vous pouvez vérifier leur signature à l'aide de l'outil [`apksigner`](https://developer.android.com/studio/command-line/apksigner), qui fait partie des [build-tools](https://developer.android.com/studio/releases/build-tools) d'Android.
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Téléchargez les [outils de ligne de commande d'Android Studio](https://developer.android.com/studio#command-tools).
-
-3. Extrayez l'archive téléchargée :
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Exécutez la commande de vérification de la signature :
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. Les hachés obtenus peuvent ensuite être comparés avec une autre source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![Logo F-Droid](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==Nous recommandons F-Droid uniquement comme moyen d'obtenir des applications qui ne peuvent pas être obtenues par les moyens ci-dessus.== F-Droid est souvent recommandé comme alternative à Google Play, en particulier dans la communauté de la vie privée. La possibilité d'ajouter des dépôts tiers et de ne pas être confiné au jardin clos de Google a conduit à sa popularité. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. Cependant, la façon dont F-Droid construit, signe et livre les paquets présente quelques inconvénients liés à la sécurité :
-
-En raison de leur processus de construction d'applications, les applications du dépôt officiel de F-Droid sont souvent en retard sur les mises à jour. Les mainteneurs de F-Droid réutilisent également les identifiants des paquets tout en signant les applications avec leurs propres clés, ce qui n'est pas idéal car cela donne à l'équipe F-Droid une confiance ultime. En outre, les conditions requises pour qu'une application soit incluse dans le répertoire officiel de F-Droid sont moins strictes que dans d'autres magasins d'applications comme Google Play, ce qui signifie que F-Droid a tendance à héberger beaucoup plus d'applications qui sont plus anciennes, non mises à jour, ou qui ne répondent plus aux [normes de sécurité modernes](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. Le dépôt IzzyOnDroid récupère les versions directement depuis GitHub et constitue la meilleure alternative aux dépôts des développeurs. Cependant, ce n'est pas quelque chose que nous pouvons entièrement recommander, car les applications sont généralement [retirées](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) de ce dépôt si elles sont ajoutées plus tard au dépôt principal de F-Droid. Bien que cela soit logique (puisque le but de ce dépôt particulier est d'héberger des applications avant qu'elles ne soient acceptées dans le dépôt principal de F-Droid), cela peut vous laisser avec des applications installées qui ne reçoivent plus de mises à jour.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. Vous devez faire preuve de discernement lorsque vous recherchez de nouvelles applications par cette méthode, et surveiller la fréquence des mises à jour de l'application. Des applications obsolètes peuvent s'appuyer sur des bibliothèques non maintenues, entre autres, ce qui constitue un risque potentiel pour la sécurité.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Critères
-
-**Veuillez noter que nous ne sommes affiliés à aucun des projets que nous recommandons.** En plus de [nos critères de base](about/criteria.md), nous avons développé un ensemble d'exigences claires pour nous permettre de fournir des recommandations objectives. Nous vous suggérons de vous familiariser avec cette liste avant de choisir d'utiliser un projet, et de mener vos propres recherches pour vous assurer que c'est le bon choix pour vous.
-
-### Systèmes d'exploitation
-
-- Doit être un logiciel open source.
-- Doit prendre en charge le verrouillage du chargeur d'amorçage avec prise en charge d'une clé AVB personnalisée.
-- Doit recevoir les mises à jour majeures d'Android dans le mois suivant leur publication.
-- Doit recevoir les mises à jour des fonctionnalités d'Android (version mineure) dans les 14 jours suivant leur publication.
-- Doit recevoir les correctifs de sécurité réguliers dans les 5 jours suivant leur publication.
-- Ne doit **pas** être fourni "rooté".
-- Ne doit **pas** activer les services Google Play par défaut.
-- Ne doit **pas** nécessiter une modification du système pour prendre en charge les services Google Play.
-
-### Appareils
-
-- Doit prendre en charge au moins l'un des systèmes d'exploitation personnalisés que nous recommandons.
-- Doit être actuellement vendu neuf en magasin.
-- Doit recevoir un minimum de 5 ans de mises à jour de sécurité.
-- Doit disposer d'un matériel dédié aux éléments sécurisés.
-
-### Applications
-
-- Les applications de cette page ne doivent pas être applicables à une autre catégorie de logiciels sur le site.
-- Les applications générales doivent étendre ou remplacer les fonctionnalités de base du système.
-- Les applications doivent être régulièrement mises à jour et maintenues.
diff --git a/i18n/fr/android/distributions.md b/i18n/fr/android/distributions.md
new file mode 100644
index 00000000..291c5977
--- /dev/null
+++ b/i18n/fr/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Avertissement</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Critères
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Nous vous suggérons de vous familiariser avec cette liste avant de choisir d'utiliser un projet, et de mener vos propres recherches pour vous assurer que c'est le bon choix pour vous.
+
+- Doit être un logiciel open source.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/fr/android/general-apps.md b/i18n/fr/android/general-apps.md
new file mode 100644
index 00000000..d35cb3db
--- /dev/null
+++ b/i18n/fr/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Avertissement</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Téléchargements</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: Magasin d'applications de GrapheneOS](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Téléchargements</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: Magasin d'applications de GrapheneOS](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Critères
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Nous vous suggérons de vous familiariser avec cette liste avant de choisir d'utiliser un projet, et de mener vos propres recherches pour vous assurer que c'est le bon choix pour vous.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/fr/android/index.md b/i18n/fr/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/fr/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/fr/android/obtaining-apps.md b/i18n/fr/android/obtaining-apps.md
new file mode 100644
index 00000000..c3e359cd
--- /dev/null
+++ b/i18n/fr/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Téléchargements</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Téléchargements</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/fr/basics/why-privacy-matters.md b/i18n/fr/basics/why-privacy-matters.md
index 5e45bddf..8fbd7f5f 100644
--- a/i18n/fr/basics/why-privacy-matters.md
+++ b/i18n/fr/basics/why-privacy-matters.md
@@ -43,7 +43,7 @@ Tous ces concepts se chevauchent, mais il est possible de les combiner. Pour la
 
 Un contre-argument courant aux mouvements en faveur de la protection de la vie privée est l'idée que l'on n'a pas besoin de vie privée si l'on n'a **"rien à cacher"**. Il s'agit d'une idée fausse et dangereuse, car elle donne l'impression que les personnes qui exigent le respect de la vie privée sont forcément déviantes, criminelles ou mauvaises.
 
-==Il ne faut pas confondre vie privée et secret.== Nous savons ce qui se passe dans les toilettes, mais vous fermez quand même la porte. C'est parce que vous voulez une vie privée, et non pas du secret. Il y a toujours certains faits nous concernant - par exemple, des informations sur notre santé personnelle ou notre comportement sexuel - que nous ne voudrions pas que le monde entier connaisse, et c'est normal. Le besoin de vie privée est légitime et c'est ce qui fait de nous des êtres humains. La protection de la vie privée consiste à renforcer vos droits sur vos propres informations, et non à cacher des secrets.
+==Il ne faut pas confondre vie privée et secret.== Nous savons ce qui se passe dans les toilettes, mais vous fermez quand même la porte. That's because you want privacy, not secrecy. Il y a toujours certains faits nous concernant - par exemple, des informations sur notre santé personnelle ou notre comportement sexuel - que nous ne voudrions pas que le monde entier connaisse, et c'est normal. Le besoin de vie privée est légitime et c'est ce qui fait de nous des êtres humains. La protection de la vie privée consiste à renforcer vos droits sur vos propres informations, et non à cacher des secrets.
 
 ## La vie privée est-elle une question de contrôle ?
 
diff --git a/i18n/fr/device-integrity.md b/i18n/fr/device-integrity.md
index 8be560cc..3f0faf43 100644
--- a/i18n/fr/device-integrity.md
+++ b/i18n/fr/device-integrity.md
@@ -163,9 +163,9 @@ L'utilisation de ces applications ne suffit pas à déterminer qu'un appareil es
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. Cela fournit un contrôle d'intégrité très solide de l'appareil lui-même, mais qui ne permet pas nécessairement de vérifier si les applications utilisateur exécutées sur l'appareil sont malveillantes.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. Cela fournit un contrôle d'intégrité très solide de l'appareil lui-même, mais qui ne permet pas nécessairement de vérifier si les applications utilisateur exécutées sur l'appareil sont malveillantes.
 
-Auditor effectue l'attestation et la détection d'intrusion avec **deux** appareils, un _audité_ (l'appareil vérifié) et un _auditeur_ (l'appareil effectuant la vérification). L'auditeur peut être n'importe quel appareil Android 10+ (ou un service web distant géré par [GrapheneOS](android.md#grapheneos)), tandis que l'audité doit être un [appareil pris en charge](https://attestation.app/about#device-support) spécifique. Auditor fonctionne comme tel :
+Auditor effectue l'attestation et la détection d'intrusion avec **deux** appareils, un _audité_ (l'appareil vérifié) et un _auditeur_ (l'appareil effectuant la vérification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor fonctionne comme tel :
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - L'_auditeur_ peut être une autre instance de l'application Auditor ou le [service d'attestation à distance](https://attestation.app).
@@ -197,7 +197,7 @@ L'utilisation de ces applications ne suffit pas à déterminer qu'un appareil es
 ![logo Hypatia](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![logo Hypatia](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** est un scanner de logiciels malveillants en temps réel pour Android, développé par le concepteur de [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Page d'accueil](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Politique de confidentialité" }
diff --git a/i18n/fr/mobile-phones.md b/i18n/fr/mobile-phones.md
new file mode 100644
index 00000000..901fd483
--- /dev/null
+++ b/i18n/fr/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Avertissement</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Critères
+
+**Veuillez noter que nous ne sommes affiliés à aucun des projets que nous recommandons.** En plus de [nos critères de base](about/criteria.md), nous avons développé un ensemble d'exigences claires pour nous permettre de fournir des recommandations objectives. Nous vous suggérons de vous familiariser avec cette liste avant de choisir d'utiliser un projet, et de mener vos propres recherches pour vous assurer que c'est le bon choix pour vous.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/fr/os/android-overview.md b/i18n/fr/os/android-overview.md
index 65972238..5e9033ab 100644
--- a/i18n/fr/os/android-overview.md
+++ b/i18n/fr/os/android-overview.md
@@ -18,7 +18,7 @@ Ce problème pourrait être résolu en utilisant une distribution Android qui n'
 
 Idéalement, lorsque vous choisissez une distribution Android, vous devez vous assurer qu'elle respecte le modèle de sécurité Android. Au minimum, la distribution doit disposer de builds de production, d'un support pour AVB, d'une rollback protection, de mises à jour dans les meilleurs délais du firmware et du système d'exploitation, et de SELinux en [mode enforcing](https://source.android.com/security/selinux/concepts#enforcement_levels). Toutes les distributions Android que nous recommandons répondent à ces critères.
 
-[Nos recommandations de distributions Android :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Nos recommandations de distributions Android :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Éviter le rootage
 
@@ -125,7 +125,7 @@ Avec les profils d'utilisateur, vous pouvez imposer des restrictions à un profi
 
 Les [Profils Professionnels](https://support.google.com/work/android/answer/6191949?hl=fr) sont une autre façon d'isoler des applications de manière individuelles et peuvent s'avérer plus pratiques que des profils d'utilisateur séparés.
 
-Une application de **gestionnaire d'appareil** telle que [Shelter](../android.md#shelter) est nécessaire pour créer un profil professionnel sans MDM d'entreprise, à moins que vous n'utilisiez un système d'exploitation Android personnalisé qui en comprend une.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 Le profil professionnel dépend d'un gestionnaire d'appareil pour fonctionner. Les fonctionnalités telles que la *Navigation de Fichiers* et le *blocage de la recherche de contacts* ou tout autre type de fonctionnalités d'isolation doivent être implémentées par le gestionnaire. Vous devez également faire entièrement confiance à l'application de gestionnaire d'appareil, car elle a un accès total à vos données au sein du profil professionnel.
 
diff --git a/i18n/fr/os/index.md b/i18n/fr/os/index.md
index e552bec3..5dc33a95 100644
--- a/i18n/fr/os/index.md
+++ b/i18n/fr/os/index.md
@@ -4,7 +4,7 @@ title: Systèmes d'exploitation
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/fr/os/ios-overview.md b/i18n/fr/os/ios-overview.md
index 5dabae71..0c277d88 100644
--- a/i18n/fr/os/ios-overview.md
+++ b/i18n/fr/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS est un système d'exploitation mobile développé par Apple pou
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. Cependant, le caractère restrictif de l'écosystème d'Apple - en particulier avec ses appareils mobiles - continue d'entraver la protection de la vie privée de plusieurs manières.
 
-Nous considérons généralement qu'iOS offre des protections de la vie privée et de la sécurité supérieures à la moyenne pour la plupart des gens, par rapport aux appareils Android d'origine, quel que soit le fabricant. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+Nous considérons généralement qu'iOS offre des protections de la vie privée et de la sécurité supérieures à la moyenne pour la plupart des gens, par rapport aux appareils Android d'origine, quel que soit le fabricant. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Verrouillage d'activation
 
@@ -63,7 +63,7 @@ Vos données de localisation ne sont pas E2EE lorsque votre appareil est en lign
 
 En haut de l'application **Réglages**, vous verrez votre nom et votre photo de profil si vous êtes connecté à un identifiant Apple. Sélectionnez-les, puis selectionnez **Localiser**. Vous pouvez ici choisir d'activer ou de désactiver les fonctions de Localiser ma position.
 
-### Paramètres
+### Settings
 
 De nombreux autres paramètres liés à la protection de la vie privée peuvent être trouvés dans l'application **Réglages**.
 
diff --git a/i18n/fr/os/windows/group-policies.md b/i18n/fr/os/windows/group-policies.md
index 09a599c5..82855e70 100644
--- a/i18n/fr/os/windows/group-policies.md
+++ b/i18n/fr/os/windows/group-policies.md
@@ -14,7 +14,7 @@ You can find these settings by opening `gpedit.msc` and navigating to **Local Co
 
 To change any group policy, double click it and select Enabled or Disabled at the top of the window that appears depending on the recommendations below. Some group policies have additional settings that can be configured, and if that's the case the appropriate settings are noted below as well.
 
-### Système
+### System
 
 #### Device Guard
 
diff --git a/i18n/fr/pastebins.md b/i18n/fr/pastebins.md
new file mode 100644
index 00000000..4b260817
--- /dev/null
+++ b/i18n/fr/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Les données sont chiffrées/déchiffrées dans le navigateur en utilisant AES 256 bits. Il s'agit de la version améliorée de ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Critères
+
+**Veuillez noter que nous ne sommes affiliés à aucun des projets que nous recommandons.** En plus de [nos critères de base](about/criteria.md), nous avons développé un ensemble d'exigences claires pour nous permettre de fournir des recommandations objectives. Nous vous suggérons de vous familiariser avec cette liste avant de choisir d'utiliser un projet, et de mener vos propres recherches pour vous assurer que c'est le bon choix pour vous.
+
+### Exigences minimales
+
+- Doit être open-source.
+- Doit implémenter le chiffrement de bout en bout "à confiance zéro".
+- Doit prendre en charge les fichiers protégés par un mot de passe.
+
+### Dans le meilleur des cas
+
+Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet parfait dans cette catégorie. Nos recommandations peuvent ne pas inclure tout ou partie de cette fonctionnalité, mais celles qui l'inclus peuvent être mieux classées que les autres sur cette page.
+
+- Devrait disposer d'un audit publié par une tierce partie indépendante et réputée.
diff --git a/i18n/fr/productivity.md b/i18n/fr/productivity.md
index 074aaf53..77c0e8b8 100644
--- a/i18n/fr/productivity.md
+++ b/i18n/fr/productivity.md
@@ -154,39 +154,6 @@ En général, nous définissons les suites bureautiques comme des applications q
 - Doit prendre en charge l'édition de documents, de feuilles de calcul et de diaporamas.
 - Doit exporter les fichiers vers des formats de document standard.
 
-## Services de collage
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![Logo PrivateBin](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** est un service de collage en ligne minimaliste et open-source où le serveur n'a aucune connaissance des données collées. Les données sont chiffrées/déchiffrées dans le navigateur en utilisant AES 256 bits. Il s'agit de la version améliorée de ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Critères
-
-**Veuillez noter que nous ne sommes affiliés à aucun des projets que nous recommandons.** En plus de [nos critères de base](about/criteria.md), nous avons développé un ensemble d'exigences claires pour nous permettre de fournir des recommandations objectives. Nous vous suggérons de vous familiariser avec cette liste avant de choisir d'utiliser un projet, et de mener vos propres recherches pour vous assurer que c'est le bon choix pour vous.
-
-#### Exigences minimales
-
-- Doit être open-source.
-- Doit implémenter le chiffrement de bout en bout "à confiance zéro".
-- Doit prendre en charge les fichiers protégés par un mot de passe.
-
-#### Dans le meilleur des cas
-
-Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet parfait dans cette catégorie. Nos recommandations peuvent ne pas inclure tout ou partie de cette fonctionnalité, mais celles qui l'inclus peuvent être mieux classées que les autres sur cette page.
-
-- Devrait disposer d'un audit publié par une tierce partie indépendante et réputée.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/fr/tools.md b/i18n/fr/tools.md
index 7fd02a5e..c77cebdf 100644
--- a/i18n/fr/tools.md
+++ b/i18n/fr/tools.md
@@ -394,6 +394,16 @@ Pour chiffrer le disque de votre système d'exploitation, nous vous recommandons
 
 [En savoir plus :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[En savoir plus :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Outils de productivité
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ Pour chiffrer le disque de votre système d'exploitation, nous vous recommandons
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ Pour chiffrer le disque de votre système d'exploitation, nous vous recommandons
 
 [En savoir plus :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[En savoir plus :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Systèmes d'exploitation
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[En savoir plus :material-arrow-right-drop-circle:](android.md)
+[En savoir plus :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Applications Android
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[En savoir plus :material-arrow-right-drop-circle:](android.md#general-apps)
+[En savoir plus :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[En savoir plus :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Bureau/PC
 
diff --git a/i18n/he/android.md b/i18n/he/android.md
deleted file mode 100644
index b16b481f..00000000
--- a/i18n/he/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "אנדרואיד"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: אנדרואיד
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: אנדרואיד
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: אנדרואיד
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: אנדרואיד
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: אנדרואיד
----
-
-![לוגו אנדרואיד](assets/img/android/android.svg){ align=right }
-
-**פרויקט הקוד הפתוח של אנדרואיד** היא מערכת הפעלה ניידת בקוד פתוח בהובלת גוגל, המניעה את רוב המכשירים הניידים בעולם. רוב הטלפונים הנמכרים עם אנדרואיד שונו כך שיכללו אינטגרציות פולשניות ואפליקציות כגון שירותי Google Play, כך שתוכל לשפר משמעותית את הפרטיות שלך במכשיר הנייד שלך על ידי החלפת התקנת ברירת המחדל של הטלפון שלך בגרסת אנדרואיד ללא תכונות פולשניות אלו.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-אלו הן מערכות ההפעלה, המכשירים והאפליקציות של אנדרואיד שאנו ממליצים על מנת למקסם את האבטחה והפרטיות של המכשיר הנייד שלך. למידע נוסף על אנדרואיד:
-
-[סקירה כללית של אנדרואיד :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## נגזרות AOSP
-
-אנו ממליצים להתקין במכשיר שלך אחת ממערכות ההפעלה המותאמות אישית של אנדרואיד, המפורטות לפי סדר העדפה, בהתאם לתאימות המכשיר שלך למערכות הפעלה אלו.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. מכישירים אלה אינם יכולים להיחשב מאובטחים לחלוטין ללא קשר לתוכנה המותקנת.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![לוגו GrapheneOS](assets/img/android/grapheneos.svg#only-light){ align=right }
-![לוגו GrapheneOS](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** היא הבחירה הטובה ביותר בכל הנוגע לפרטיות ואבטחה.
-
-GrapheneOS מספקת [הקשחת אבטחה](https://en.wikipedia.org/wiki/Hardening_(computing)) ושיפורי פרטיות נוספים. יש לו [מקצה זיכרון מוקשה](https://github.com/GrapheneOS/hardened_malloc), הרשאות רשת וחיישנים ועוד [תכונות אבטחה](https://grapheneos.org/features) שונות. GrapheneOS מגיעה גם עם עדכוני קושחה מלאים ו-builds חתומים, כך שאתחול מאומת נתמך באופן מלא.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS תומך ב-[Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), המריץ את [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) בארגז חול מלא כמו כל אפליקציה רגילה אחרת. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[מדוע אנו ממליצים על GrapheneOS על פני CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. יש לו builds חתומים, מה שמאפשר לקבל [אתחול מאומת](https://source.android.com/security/verifiedboot) בחלק מהמכשירים שאינם Pixel.
-
-[:octicons-home-16: דף הבית](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="שירות בצל" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="מדיניות פרטיות" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=תיעוד}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="קוד מקור" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=לתרומה }
-
-</div>
-
-ל - DivestOS יש פגיעות ליבה ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [שמתוקן](https://gitlab.com/divested-mobile/cve_checker) אוטומטית, פחות בועות קנייניות, וקובץ [מארחים](https://divested.dev/index.php?page=dnsbl) מותאם. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS כוללת גם תיקוני ליבה מ-GrapheneOS ומאפשרת את כל תכונות האבטחה הזמינות של הליבה באמצעות [הקשחת defconfig](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS מיישמת כמה תיקוני הקשחת מערכת שפותחו במקור עבור GrapheneOS. DivestOS 16.0 ומעלה מיישמת את החלפת הרשאות [`אינטרנט`](https://developer.android.com/training/basics/network-ops/connecting) וחיישנים של GrapheneOS, [מקצית זיכרון מוקשחת](https://github.com/GrapheneOS/hardened_malloc), [השרצת מנהלים](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [קונסטיפיקציה](https://en.wikipedia.org/wiki/Const_(computer_programming)) של [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) ותיקוני התקשות [ביונית](https://en.wikipedia.org/wiki/Bionic_(software)) חלקית. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS משתמשת ב-F-Droid כחנות האפליקציות המוגדרת כברירת מחדל. בדרך כלל אנו [ממליצים להימנע מ-F-Droid](#f-droid), אך אין לעשות זאת ב-DivestOS; המפתחים מעדכנים את האפליקציות שלהם באמצעות מאגרי F-Droid משלהם ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. לגבי אפליקציות אחרות, השיטות המומלצות שלנו להשגתן עדיין חלות.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-עדכון קושחה של DivestOS [סטטוס](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) ובקרת איכות משתנים בין המכשירים שבהם הוא תומך. אנו עדיין ממליצים על GrapheneOS בהתאם לתאימות המכשיר שלך. עבור מכשירים אחרים, DivestOS היא אלטרנטיבה טובה.
-
-לא לכל המכשירים הנתמכים יש אתחול מאומת, וחלקם מבצעים אותו טוב יותר מאחרים.
-
-</div>
-
-## מכשירי אנדרואיד
-
-בעת רכישת מכשיר, אנו ממליצים לרכוש אחד חדש ככל האפשר. התוכנה והקושחה של מכשירים ניידים נתמכות רק לזמן מוגבל, כך שקנייה חדשה מאריכה את תוחלת החיים עד כמה שניתן.
-
-הימנע מרכישת טלפונים ממפעילי רשתות סלולריות. לאלה יש לרוב **מאתחול נעול** ואינם תומכים ב[פתיחת נעילה של OEM](https://source.android.com/devices/bootloader/locking_unlocking). גרסאות טלפון אלה ימנעו ממך להתקין כל סוג של הפצת אנדרואיד חלופית.
-
-היה מאוד **זהיר** בקניית טלפונים יד שנייה משוק אונליין. בדוק תמיד את המוניטין של המוכר. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). קיים גם סיכון שכרוך בהיותך קשור לפעילות של הבעלים הקודם.
-
-עוד כמה טיפים לגבי מכשירי אנדרואיד ותאימות מערכות הפעלה:
-
-- אל תקנו מכשירים שהגיעו או קרובים לסוף החיים שלהם, עדכוני קושחה נוספים חייבים להיות מסופקים על ידי היצרן.
-- אל תקנו טלפונים טעונים מראש של LineageOS או /e/ OS או כל טלפון אנדרואיד ללא תמיכה מתאימה של [אתחול מאומת](https://source.android.com/security/verifiedboot) ועדכוני קושחה. גם למכשירים האלה אין דרך לבדוק אם התעסקו בהם.
-- בקיצור, אם לא מופיעה כאן הפצת מכשיר או אנדרואיד, כנראה שיש סיבה טובה. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### גוגל פיקסל
-
-טלפונים של גוגל פיקסל הם המכשירים **היחידים** שאנו ממליצים לרכישה. לטלפונים של Pixel יש אבטחת חומרה חזקה יותר מכל מכשירי אנדרואיד אחרים הקיימים כיום בשוק, בשל תמיכת AVB נאותה עבור מערכות הפעלה של צד שלישי ושבבי האבטחה המותאמים אישית [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) של גוגל הפועלים כ-Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-מכשירי **גוגל פיקסל** ידועים כבעלי אבטחה טובה ותומכים כראוי ב[אתחול מאומת](https://source.android.com/security/verifiedboot), גם בעת התקנת מערכות הפעלה מותאמות אישית.
-
-החל מ-**Pixel 8** ו-**8 Pro**, מכשירי Pixel מקבלים לפחות 7 שנים של עדכוני אבטחה מובטחים, מה שמבטיח תוחלת חיים ארוכה בהרבה בהשוואה ל-2-5 שנים שמציעות בדרך כלל יצרני OEM מתחרים.
-
-[:material-shopping: חנות](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-רכיבים מאובטחים כמו Titan M2 מוגבלים יותר מסביבת הביצוע המהימנה של המעבד המשמשת את רוב הטלפונים האחרים מכיוון שהם משמשים רק לאחסון סודות, הוכחת חומרה והגבלת קצב, לא להפעלת תוכניות "מהימנות". טלפונים ללא Secure Element חייבים להשתמש ב-TEE עבור *כל* הפונקציות הללו, וכתוצאה מכך משטח התקפה גדול יותר.
-
-טלפונים של Google Pixel משתמשים במערכת הפעלה TEE בשם Trusty שהיא [קוד פתוח](https://source.android.com/security/trusty#whyTrusty), בניגוד לטלפונים רבים אחרים.
-
-ההתקנה של GrapheneOS בטלפון Pixel קלה עם [מתקין האינטרנט שלהם](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-עוד כמה טיפים לרכישת Google Pixel:
-
-- אם אתה מחפש מציאה על מכשיר פיקסל, אנו מציעים לקנות דגם "**a**", מיד לאחר יציאת ספינת הדגל הבאה. הנחות זמינות בדרך כלל מכיוון שגוגל תנסה לסלק את המלאי שלה.
-- שקול אפשרויות מכות מחיר ומבצעים המוצעים בחנויות פיזיות.
-- עיין באתרי עסקאות אןנליין של קהילתיות במדינה שלך. אלה יכולים להתריע על מכירות טובות.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## אפליקציות כלליות
-
-אנו ממליצים על מגוון רחב של אפליקציות אנדרואיד ברחבי אתר זה. האפליקציות המפורטות כאן הן בלעדיות לאנדרואיד ומשפרות או מחליפות באופן ספציפי את פונקציונליות המערכת המרכזית.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter לוגו](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** היא אפליקציה שעוזרת לך למנף את הפונקציונליות של פרופיל העבודה של אנדרואיד כדי לבודד או לשכפל אפליקציות במכשיר שלך.
-
-Shelter תומך בחסימת פרופילים חוצי חיפוש אנשי קשר ושיתוף קבצים בין פרופילים באמצעות מנהל הקבצים המוגדר כברירת מחדל ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-כשאתה משתמש ב-Shelter, אתה נותן אמון מלא במפתח שלו, שכן Shelter פועל כ[מנהל מכשיר](https://developer.android.com/guide/topics/admin/device-admin) כדי ליצור את פרופיל העבודה, וכן יש לו גישה נרחבת לנתונים המאוחסנים בפרופיל העבודה.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera לוגו](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera לוגו](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** היא אפליקציית מצלמה המתמקדת בפרטיות ואבטחה שיכולה לצלם תמונות, סרטונים וקודי QR. הרחבות של ספקי CameraX (פורטרט, HDR, ראיית לילה, ריטוש פנים ואוטומטי) נתמכות גם במכשירים זמינים.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-תכונות הפרטיות העיקריות כוללות:
-
-- הסרה אוטומטית של מטא נתונים של [Exif](https://en.wikipedia.org/wiki/Exif) (מופעל כברירת מחדל)
-- שימוש בממשק ה-API החדש של ה[מדיה](https://developer.android.com/training/data-storage/shared/media), לכן אין צורך ב[הרשאות אחסון](https://developer.android.com/training/data-storage)
-- אין צורך בהרשאת מיקרופון אלא אם ברצונך להקליט קול
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-מטא נתונים אינם נמחקים כעת מקבצי וידאו אבל זה מתוכנן.
-
-המטא נתונים של כיוון התמונה לא נמחקים. אם תפעיל מיקום ב(Secure Camera) זה גם **לא** יימחק. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer לוגו](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer לוגו](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** הוא מציג PDF המבוסס על [pdf.js](https://en.wikipedia.org/wiki/PDF.js) שאינו דורש הרשאות כלשהן. ה-PDF מוזן לתוך [ארגז חול](https://en.wikipedia.org/wiki/Sandbox_(software_development))[webview](https://developer.android.com/guide/webapps/webview). המשמעות היא שזה לא דורש הרשאה ישירה כדי לגשת לתוכן או לקבצים.
-
-[תוכן-אבטחה-מדיניות](https://en.wikipedia.org/wiki/Content_Security_Policy) משמש כדי לאכוף שמאפייני JavaScript והסגנון ב-WebView הם תוכן סטטי לחלוטין.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## קבלת בקשות
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium לוגו](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** הוא מנהל אפליקציות המאפשר לך להתקין ולעדכן אפליקציות ישירות מדף ההפצות של המפתח עצמו (כלומר. GitHub, GitLab, אתר האינטרנט של המפתח וכו'), במקום חנות/מאגר אפליקציות מרכזי. הוא תומך בעדכוני רקע אוטומטיים באנדרואיד 12 ומעלה.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium מאפשר לך להוריד קבצי התקנת APK ממגוון רחב של מקורות, וזה תלוי בך לוודא שהמקורות והאפליקציות האלה לגיטימיים. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. הסיכון של התקנת *עדכון* זדוני נמוך יותר, מכיוון שאנדרואיד עצמו מוודא שכל עדכוני האפליקציה חתומים על ידי אותו מפתח כמו האפליקציה הקיימת בטלפון שלך לפני התקנתם.
-
-### GrapheneOS App Store
-
-חנות האפליקציות של GrapheneOS זמינה ב-[GitHub](https://github.com/GrapheneOS/Apps/releases). הוא תומך באנדרואיד 12 ומעלה ומסוגל לעדכן את עצמו. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). אם אתם מחפשים אפליקציות אלו, אנו ממליצים בחום להשיג אותן מחנות האפליקציות של GrapheneOS במקום מחנות Play, שכן האפליקציות בחנות שלהן חתומות על ידי חתימת הפרויקט של ה-GrapheneOS שלגוגל אין גישה אליה.
-
-### Aurora Store
-
-חנות Google Play דורשת חשבון Google כדי להתחבר וזה לא נהדר לפרטיות. אתה יכול לעקוף את זה על ידי שימוש בלקוח חלופי, כגון Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store לוגו](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** היא לקוח של חנות Google Play שאינה דורשת חשבון Google, שירותי Google Play או microG כדי להוריד אפליקציות.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store לא מאפשרת להוריד אפליקציות בתשלום עם תכונת החשבון האנונימי שלהן. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### התראות RSS באופן ידני
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![שינויים ב-APK](./assets/img/android/rss-changes-light.png#only-light) ![שינויים ב-APK](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### Github
-
-ב-GitHub, באמצעות [Secure Camera](#secure-camera) כדוגמה, תנווט ל[דף ההפצות](https://github.com/GrapheneOS/Camera/releases) שלו ותוסיף את `.atom` לכתובת האתר:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-ב-GitLab, באמצעות [Aurora Store](#aurora-store) כדוגמה, תנווט אל [מאגר הפרויקטים](https://gitlab.com/AuroraOSS/AuroraStore) שלו ותוסיף `/-/tags?format=atom` לכתובת האתר:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### אימות טביעות אצבע של APK
-
-אם אתה מוריד קבצי APK להתקנה ידנית, אתה יכול לאמת את החתימה שלהם עם הכלי [`apksigner`](https://developer.android.com/studio/command-line/apksigner), שהוא חלק מ[כלי הבנייה](https://developer.android.com/studio/releases/build-tools) של אנדרואיד.
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. הורד את [כלי שורת הפקודה של אנדרואיד סטודיו](https://developer.android.com/studio#command-tools).
-
-3. חלץ את הארכיון שהורד:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. הפעל את פקודת אימות החתימה:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. לאחר מכן ניתן להשוות את ה-hashes המתקבלים עם מקור אחר. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![לוגו F-Droid](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==אנו ממליצים רק על F-Droid כדרך להשיג אפליקציות שלא ניתן להשיג באמצעים שלמעלה.== F-Droid מומלצת לעתים קרובות כחלופה ל-Google Play, במיוחד בקהילת הפרטיות. האפשרות להוסיף מאגרי צד שלישי ולא להיות מוגבלים לגן המוקף חומה של גוגל הובילה לפופולריות שלו. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. עם זאת, ישנם כמה חסרונות הקשורים לאבטחה באופן שבו F-Droid בונה, חותם ומספק חבילות:
-
-בשל תהליך בניית האפליקציות שלהם, אפליקציות במאגר ה-F-Droid הרשמי מפגרות לעתים קרובות בפיגור לגבי עדכונים. מנהלי F-Droid גם עושים שימוש חוזר במזהי חבילה בזמן חתימת אפליקציות עם המפתחות שלהם, וזה לא אידיאלי מכיוון שהוא נותן אמון אולטימטיבי לצוות F-Droid. בנוסף, הדרישות להכללת אפליקציה במאגר ה-F-Droid הרשמי הן פחות מחמירות מחנויות אפליקציות אחרות כמו Google Play, כלומר F-Droid נוטה לארח הרבה יותר אפליקציות ישנות יותר, לא מתוחזקות או לא יותר לעמוד ב[תקני אבטחה מודרניים](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. מאגר IzzyOnDroid מושך רכיבים ישירות מ-GitHub והוא הדבר הטוב הבא למאגרים של המפתחים עצמם. עם זאת, זה לא משהו שאנחנו יכולים להמליץ עליו באופן מלא, מכיוון שאפליקציות בדרך כלל [מוסרות](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) מהמאגר הזה אם הם יתווספו מאוחר יותר למאגר F-Droid הראשי. למרות שזה הגיוני (מכיוון שהמטרה של המאגר המסוים הזה היא לארח אפליקציות לפני שהן מתקבלות למאגר ה-F-Droid הראשי), זה יכול להשאיר אותך עם אפליקציות מותקנות שכבר לא מקבלים עדכונים.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. כדאי להשתמש במיטב שיקול הדעת כשאתה מחפש אפליקציות חדשות בשיטה זו, ולעקוב אחר התדירות שבה האפליקציה מתעדכנת. אפליקציות מיושנות עשויות להסתמך על ספריות שאינן נתמכות, בין היתר, מהוות סיכון אבטחה פוטנציאלי.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## קריטריונים
-
-**שים לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל [הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו סט ברור של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך.
-
-### מערכות הפעלה
-
-- חייבת להיות תוכנת קוד פתוח.
-- חייב לתמוך בנעילת bootloader עם תמיכת מפתח AVB מותאמת אישית.
-- חייב לקבל עדכוני אנדרואיד גדולים בתוך 0-1 חודשים מהשחרור.
-- חייב לקבל עדכוני תכונות אנדרואיד (גרסה מינורית) בתוך 0-14 ימים מהשחרור.
-- חייב לקבל תיקוני אבטחה רגילים בתוך 0-5 ימים מהשחרור.
-- חייבים **לא** להיות "rooted" מהקופסה.
-- חייב **לא** להפעיל את שירותי Google Play כברירת מחדל.
-- חייב **לא** לדרוש שינוי מערכת כדי לתמוך בשירותי Google Play.
-
-### מכשירים
-
-- חייב לתמוך לפחות באחת ממערכות ההפעלה המומלצות שלנו.
-- חייב להימכר כרגע חדש בחנויות.
-- חייב לקבל לפחות 5 שנים של עדכוני אבטחה.
-- חייב להיות חומרה ייעודית לרכיב מאובטח.
-
-### יישומים
-
-- יישומים בדף זה לא חייבים להיות ישימים לכל קטגוריית תוכנה אחרת באתר.
-- יישומים כלליים צריכים להרחיב או להחליף את פונקציונליות הליבה של המערכת.
-- יישומים צריכים לקבל עדכונים ותחזוקה שוטפים.
diff --git a/i18n/he/android/distributions.md b/i18n/he/android/distributions.md
new file mode 100644
index 00000000..ab7563bf
--- /dev/null
+++ b/i18n/he/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## קריטריונים
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך.
+
+- חייבת להיות תוכנת קוד פתוח.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/he/android/general-apps.md b/i18n/he/android/general-apps.md
new file mode 100644
index 00000000..8047a9a4
--- /dev/null
+++ b/i18n/he/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: אנדרואיד
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: אנדרואיד
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: אנדרואיד
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## קריטריונים
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/he/android/index.md b/i18n/he/android/index.md
new file mode 100644
index 00000000..0a2a48f9
--- /dev/null
+++ b/i18n/he/android/index.md
@@ -0,0 +1,34 @@
+---
+title: אנדרואיד
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: אנדרואיד
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/he/android/obtaining-apps.md b/i18n/he/android/obtaining-apps.md
new file mode 100644
index 00000000..e4c54cf8
--- /dev/null
+++ b/i18n/he/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### Github
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/he/basics/why-privacy-matters.md b/i18n/he/basics/why-privacy-matters.md
index eaca26eb..defb71df 100644
--- a/i18n/he/basics/why-privacy-matters.md
+++ b/i18n/he/basics/why-privacy-matters.md
@@ -43,7 +43,7 @@ icon: 'material/shield-account'
 
 טיעון נגד נפוץ לתנועות התומכות בפרטיות היא התפיסה שאין צורך בפרטיות אם אין להם **"אין מה להסתיר."** זוהי תפיסה שגויה מסוכנת, כי זה יוצר תחושה שאנשים שדורשים פרטיות חייבים להיות סוטים, פליליים או טועים.
 
-==לא כדאי לבלבל פרטיות עם סודיות.== אנחנו יודעים מה קורה בשירותים, אבל אתה עדיין סוגר את הדלת. זה בגלל שאתה רוצה פרטיות, לא סודיות. תמיד יש עובדות מסוימות עלינו - נגיד מידע בריאותי אישי או התנהגות מינית - שלא היינו רוצים שכל העולם ידע, וזה בסדר. הצורך בפרטיות הוא לגיטימי, וזה מה שהופך אותנו לאנושיים. פרטיות עוסקת בהעצמת זכויותיך על המידע שלך, לא בהסתרת סודות.
+==לא כדאי לבלבל פרטיות עם סודיות.== אנחנו יודעים מה קורה בשירותים, אבל אתה עדיין סוגר את הדלת. That's because you want privacy, not secrecy. תמיד יש עובדות מסוימות עלינו - נגיד מידע בריאותי אישי או התנהגות מינית - שלא היינו רוצים שכל העולם ידע, וזה בסדר. הצורך בפרטיות הוא לגיטימי, וזה מה שהופך אותנו לאנושיים. פרטיות עוסקת בהעצמת זכויותיך על המידע שלך, לא בהסתרת סודות.
 
 ## האם פרטיות קשורה לשליטה?
 
diff --git a/i18n/he/device-integrity.md b/i18n/he/device-integrity.md
index c0b734f4..e0b6c7a9 100644
--- a/i18n/he/device-integrity.md
+++ b/i18n/he/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/he/mobile-phones.md b/i18n/he/mobile-phones.md
new file mode 100644
index 00000000..9d93c769
--- /dev/null
+++ b/i18n/he/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## קריטריונים
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/he/os/android-overview.md b/i18n/he/os/android-overview.md
index 83ab1ba8..8860e48e 100644
--- a/i18n/he/os/android-overview.md
+++ b/i18n/he/os/android-overview.md
@@ -18,7 +18,7 @@ When you buy an Android phone, the default operating system comes bundled with a
 
 באופן אידיאלי, בעת בחירת הפצת אנדרואיד מותאמת אישית, עליך לוודא שהיא מקיימת את מודל האבטחה של אנדרואיד. לכל הפחות, להפצה צריכה להיות בניית ייצור, תמיכה ב-AVB, הגנה על חזרה, עדכוני קושחה ומערכת הפעלה בזמן, ו-SELinux ב[מצב אכיפה](https://source.android.com/security/selinux/concepts#enforcement_levels). כל הפצות האנדרואיד המומלצות שלנו עומדות בקריטריונים האלה.
 
-[המלצות מערכת אנדרואיד שלנו :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[המלצות מערכת אנדרואיד שלנו :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### הימנע מהשתרשות
 
@@ -125,7 +125,7 @@ Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/
 
 [פרופילי עבודה](https://support.google.com/work/android/answer/6191949) הם דרך נוספת לבודד אפליקציות בודדות ועשויה להיות נוחה יותר מפרופילי משתמשים נפרדים.
 
-יישום **בקר מכשיר** כגון [Shelter](../android.md#shelter) נדרש ליצירת פרופיל עבודה ללא ארגון MDM, אלא אם אתה משתמש במערכת הפעלה אנדרואיד מותאמת אישית הכוללת אחת.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 פרופיל העבודה תלוי בבקר התקן כדי לתפקד. תכונות כגון *מעבורת קבצים* ו*חסימת חיפוש אנשי קשר* או כל סוג של תכונות בידוד חייבות להיות מיושמות על ידי הבקר. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/he/os/index.md b/i18n/he/os/index.md
index b97d6fbc..bf3a6144 100644
--- a/i18n/he/os/index.md
+++ b/i18n/he/os/index.md
@@ -4,7 +4,7 @@ title: מערכות הפעלה
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/he/os/ios-overview.md b/i18n/he/os/ios-overview.md
index 83b46ff6..2c6890c9 100644
--- a/i18n/he/os/ios-overview.md
+++ b/i18n/he/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. עם זאת, ההגבלה של המערכת האקולוגית של אפל - במיוחד עם המכשירים הניידים שלה - עדיין פוגעת בפרטיות במספר דרכים.
 
-בדרך כלל אנו מחשיבים את iOS כמספקת הגנות פרטיות ואבטחה טובות מהממוצע עבור רוב האנשים, בהשוואה למכשירי אנדרואיד במלאי מכל יצרן. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+בדרך כלל אנו מחשיבים את iOS כמספקת הגנות פרטיות ואבטחה טובות מהממוצע עבור רוב האנשים, בהשוואה למכשירי אנדרואיד במלאי מכל יצרן. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### נעילת הפעלה
 
@@ -63,7 +63,7 @@ iOS devices are frequently praised by security experts for their robust data pro
 
 בחלק העליון של האפליקציה **הגדרות**, תראה את שמך ותמונת הפרופיל שלך אם אתה מחובר ל-Apple ID. בחר באפשרות זו, ולאחר מכן בחר **איתור**. כאן באפשרותך לבחור אם להפעיל או להשבית את תכונות המיקום שלי.
 
-### הגדרות
+### Settings
 
 ניתן למצוא הגדרות רבות אחרות הקשורות לפרטיות באפליקציית **הגדרות**.
 
diff --git a/i18n/he/os/windows/group-policies.md b/i18n/he/os/windows/group-policies.md
index aca83294..74552d13 100644
--- a/i18n/he/os/windows/group-policies.md
+++ b/i18n/he/os/windows/group-policies.md
@@ -14,7 +14,7 @@ You can find these settings by opening `gpedit.msc` and navigating to **Local Co
 
 To change any group policy, double click it and select Enabled or Disabled at the top of the window that appears depending on the recommendations below. Some group policies have additional settings that can be configured, and if that's the case the appropriate settings are noted below as well.
 
-### מערכת
+### System
 
 #### Device Guard
 
diff --git a/i18n/he/pastebins.md b/i18n/he/pastebins.md
new file mode 100644
index 00000000..fa6d5a37
--- /dev/null
+++ b/i18n/he/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. הנתונים מוצפנים/מפוענים בדפדפן באמצעות 256 סיביות AES. זוהי הגרסה המשופרת של ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## קריטריונים
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך.
+
+### דרישות מינימליות
+
+- חייב להיות קוד פתוח.
+- חייב ליישם הצפנה "אפס אמון" מקצה לקצה.
+- חייב לתמוך בקבצים המוגנים בסיסמה.
+
+### המקרה הטוב ביותר
+
+הקריטריונים הטובים ביותר שלנו מייצגים את מה שהיינו רוצים לראות מהפרויקט המושלם בקטגוריה זו. ייתכן שההמלצות שלנו לא יכללו חלק מהפונקציונליות הזו או את כולה, אך אלו שכן כן עשויות לדרג גבוה יותר מאחרות בדף זה.
+
+- צריך לפרסם ביקורת מצד שלישי מכובד ובלתי תלוי.
diff --git a/i18n/he/productivity.md b/i18n/he/productivity.md
index 74c5f014..975ee2ea 100644
--- a/i18n/he/productivity.md
+++ b/i18n/he/productivity.md
@@ -154,39 +154,6 @@ cover: productivity.webp
 - חייב לתמוך בעריכת מסמכים, גיליונות אלקטרוניים ומצגות שקופיות.
 - יש לייצא קבצים לפורמטים סטנדרטיים של מסמכים.
 
-## שירותי הדבקה
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![לוגו PrivateBin](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** הוא מינימליסטי, קוד פתוח מקוון Pastebin שבו לשרת יש אפס ידע על נתונים מודבקים. הנתונים מוצפנים/מפוענים בדפדפן באמצעות 256 סיביות AES. זוהי הגרסה המשופרת של ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### קריטריונים
-
-**שים לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל [הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו סט ברור של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך.
-
-#### דרישות מינימליות
-
-- חייב להיות קוד פתוח.
-- חייב ליישם הצפנה "אפס אמון" מקצה לקצה.
-- חייב לתמוך בקבצים המוגנים בסיסמה.
-
-#### המקרה הטוב ביותר
-
-הקריטריונים הטובים ביותר שלנו מייצגים את מה שהיינו רוצים לראות מהפרויקט המושלם בקטגוריה זו. ייתכן שההמלצות שלנו לא יכללו חלק מהפונקציונליות הזו או את כולה, אך אלו שכן כן עשויות לדרג גבוה יותר מאחרות בדף זה.
-
-- צריך לפרסם ביקורת מצד שלישי מכובד ובלתי תלוי.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/he/tools.md b/i18n/he/tools.md
index ac59f0a8..18bf650f 100644
--- a/i18n/he/tools.md
+++ b/i18n/he/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [למד עוד :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[למד עוד :material-arrow-right-drop-circle:](pastebins.md)
+
 ### כלי פרודוקטיביות
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [למד עוד :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[למד עוד :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## מערכות הפעלה
 
 ### נייד
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[למד עוד :material-arrow-right-drop-circle:](android.md)
+[למד עוד :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### אפליקציות אנדרואיד
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[למד עוד :material-arrow-right-drop-circle:](android.md#general-apps)
+[למד עוד :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[למד עוד :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### שולחן עבודה/מחשב אישי
 
diff --git a/i18n/hi/android.md b/i18n/hi/android.md
deleted file mode 100644
index 32edc357..00000000
--- a/i18n/hi/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP Derivatives
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** is the best choice when it comes to privacy and security.
-
-GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Operating Systems
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/hi/android/distributions.md b/i18n/hi/android/distributions.md
new file mode 100644
index 00000000..b01bb172
--- /dev/null
+++ b/i18n/hi/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/hi/android/general-apps.md b/i18n/hi/android/general-apps.md
new file mode 100644
index 00000000..d13deac9
--- /dev/null
+++ b/i18n/hi/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/hi/android/index.md b/i18n/hi/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/hi/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/hi/android/obtaining-apps.md b/i18n/hi/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/hi/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/hi/device-integrity.md b/i18n/hi/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/hi/device-integrity.md
+++ b/i18n/hi/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/hi/mobile-phones.md b/i18n/hi/mobile-phones.md
new file mode 100644
index 00000000..c4e2ccc1
--- /dev/null
+++ b/i18n/hi/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/hi/os/android-overview.md b/i18n/hi/os/android-overview.md
index 07ff0492..8f6d59de 100644
--- a/i18n/hi/os/android-overview.md
+++ b/i18n/hi/os/android-overview.md
@@ -18,7 +18,7 @@ This problem could be solved by using a custom Android distribution that does no
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Our Android System Recommendations :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Avoid Rooting
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/hi/os/index.md b/i18n/hi/os/index.md
index 25f7d659..cb628588 100644
--- a/i18n/hi/os/index.md
+++ b/i18n/hi/os/index.md
@@ -4,7 +4,7 @@ title: Operating Systems
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/hi/os/ios-overview.md b/i18n/hi/os/ios-overview.md
index 4c8122ea..293a0554 100644
--- a/i18n/hi/os/ios-overview.md
+++ b/i18n/hi/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/hi/pastebins.md b/i18n/hi/pastebins.md
new file mode 100644
index 00000000..66d41268
--- /dev/null
+++ b/i18n/hi/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Must be open source.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/hi/productivity.md b/i18n/hi/productivity.md
index 4c275a95..c1f0e4c4 100644
--- a/i18n/hi/productivity.md
+++ b/i18n/hi/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
-- Must be open source.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/hi/tools.md b/i18n/hi/tools.md
index fbad1ded..4818cfa8 100644
--- a/i18n/hi/tools.md
+++ b/i18n/hi/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Productivity Tools
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Operating Systems
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md)
+[Learn more :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android Apps
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md#general-apps)
+[Learn more :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/hu/android.md b/i18n/hu/android.md
deleted file mode 100644
index 8ae6303e..00000000
--- a/i18n/hu/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP Derivatives
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** is the best choice when it comes to privacy and security.
-
-GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Figyelmeztetés</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Figyelmeztetés</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Követelmények
-
-**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra.
-
-### Operációs Rendszerek
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/hu/android/distributions.md b/i18n/hu/android/distributions.md
new file mode 100644
index 00000000..52244313
--- /dev/null
+++ b/i18n/hu/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Figyelmeztetés</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Követelmények
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/hu/android/general-apps.md b/i18n/hu/android/general-apps.md
new file mode 100644
index 00000000..d73ccbf0
--- /dev/null
+++ b/i18n/hu/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Figyelmeztetés</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Követelmények
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/hu/android/index.md b/i18n/hu/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/hu/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/hu/android/obtaining-apps.md b/i18n/hu/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/hu/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/hu/basics/why-privacy-matters.md b/i18n/hu/basics/why-privacy-matters.md
index 598ee475..728cdcda 100644
--- a/i18n/hu/basics/why-privacy-matters.md
+++ b/i18n/hu/basics/why-privacy-matters.md
@@ -43,7 +43,7 @@ Mindezek a fogalmak átfedik egymást, de ezek bármilyen kombinációja lehets
 
 A common counter-argument to pro-privacy movements is the notion that one doesn't need privacy if they have **"nothing to hide."** This is a dangerous misconception, because it creates a sense that people who demand privacy must be deviant, criminal, or wrong.
 
-==You shouldn't confuse privacy with secrecy.== We know what happens in the bathroom, but you still close the door. Ez azért van, mert magánéletet akarsz, nem titoktartást. There are always certain facts about us—say, personal health information, or sexual behavior—that we wouldn't want the whole world to know, and that's okay. The need for privacy is legitimate, and that's what makes us human. Privacy is about empowering your rights over your own information, not about hiding secrets.
+==You shouldn't confuse privacy with secrecy.== We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. There are always certain facts about us—say, personal health information, or sexual behavior—that we wouldn't want the whole world to know, and that's okay. The need for privacy is legitimate, and that's what makes us human. Privacy is about empowering your rights over your own information, not about hiding secrets.
 
 ## Is Privacy About Control?
 
diff --git a/i18n/hu/device-integrity.md b/i18n/hu/device-integrity.md
index 259b8048..81909171 100644
--- a/i18n/hu/device-integrity.md
+++ b/i18n/hu/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/hu/mobile-phones.md b/i18n/hu/mobile-phones.md
new file mode 100644
index 00000000..e40b73bb
--- /dev/null
+++ b/i18n/hu/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Figyelmeztetés</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Követelmények
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/hu/os/android-overview.md b/i18n/hu/os/android-overview.md
index 4d63c1ed..9f15628f 100644
--- a/i18n/hu/os/android-overview.md
+++ b/i18n/hu/os/android-overview.md
@@ -18,7 +18,7 @@ Ez a probléma megoldható lehet egy olyan egyedi Android-disztribúció haszná
 
 Ideális esetben, amikor egyedi Android disztribúciót választasz, győződj meg arról, hogy az, az Android biztonsági modellt követi. A disztribúciónak minimum rendelkeznie kell gyártási buildekkel, AVB támogatással, rollback védelemmel, időszerű firmware és operációs rendszer frissítésekkel, valamint SELinux-xal [enforcing módban](https://source.android.com/security/selinux/concepts#enforcement_levels). Az általunk ajánlott összes Android disztribúció megfelel ezeknek a követelményeknek.
 
-[Android rendszer ajánlásaink :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Android rendszer ajánlásaink :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Kerüld a rootolást
 
@@ -125,7 +125,7 @@ A felhasználói profilok segítségével korlátozásokat szabhatsz meg egy ado
 
 A [Munkaprofilok](https://support.google.com/work/android/answer/6191949) egy másik módja egyes alkalmazások elkülönítésének, és kényelmesebb lehet, mint a különálló felhasználói profilok használata.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/hu/os/index.md b/i18n/hu/os/index.md
index b9d3e42a..ce4677ef 100644
--- a/i18n/hu/os/index.md
+++ b/i18n/hu/os/index.md
@@ -4,7 +4,7 @@ title: Operációs Rendszerek
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/hu/os/ios-overview.md b/i18n/hu/os/ios-overview.md
index b2aa5ec2..5997fdfa 100644
--- a/i18n/hu/os/ios-overview.md
+++ b/i18n/hu/os/ios-overview.md
@@ -10,7 +10,7 @@ Az **iOS** és az **iPadOS** az Apple által az iPhone és az iPad termékekhez
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. Azonban az Apple zárt ökoszisztémájának korlátozó volta – különösen a mobil eszközök esetében – továbbra is számos módon hátráltatja a magánélet védelmét.
 
-Általánosságban úgy véljük, hogy az iOS a legtöbb ember számára az átlagosnál jobb adatvédelmi és biztonsági védelmet nyújt, mint a bármelyik gyártótól származó Android készülékek. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+Általánosságban úgy véljük, hogy az iOS a legtöbb ember számára az átlagosnál jobb adatvédelmi és biztonsági védelmet nyújt, mint a bármelyik gyártótól származó Android készülékek. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Aktiválási zár
 
diff --git a/i18n/hu/pastebins.md b/i18n/hu/pastebins.md
new file mode 100644
index 00000000..18529bfd
--- /dev/null
+++ b/i18n/hu/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Az adatok titkosítása/dekódolása a böngészőben történik 256 bites AES használatával. Ez a ZeroBin továbbfejlesztett változata.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Követelmények
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra.
+
+### Alap elvárások
+
+- Nyílt forráskódúnak kell lennie.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Legjobb esetben
+
+A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretnénk látni egy kifogástalan projekttől ebben a kategóriában. Előfordulhat, hogy ajánlásaink nem tartalmazzák az összes ilyen funkciót, de azok, amelyek igen, magasabb helyen szerepelhetnek, mint mások ezen az oldalon.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/hu/productivity.md b/i18n/hu/productivity.md
index 45a461ae..b8350f47 100644
--- a/i18n/hu/productivity.md
+++ b/i18n/hu/productivity.md
@@ -154,39 +154,6 @@ Az **OnlyOffice** egy felhőalapú, ingyenes és nyílt forráskódú irodai pro
 - Támogatnia kell a dokumentumok, táblázatok és diavetítések szerkesztését.
 - Fájlokat szabványos dokumentumformátumba kell exportálnia.
 
-## Paste szolgáltatások
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**A **PrivateBin** egy minimalista, nyílt forráskódú online pastebin, ahol a szerver nem ismeri a pastelt adatokat. Az adatok titkosítása/dekódolása a böngészőben történik 256 bites AES használatával. Ez a ZeroBin továbbfejlesztett változata.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Követelmények
-
-**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra.
-
-#### Alap elvárások
-
-- Nyílt forráskódúnak kell lennie.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Legjobb esetben
-
-A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretnénk látni egy kifogástalan projekttől ebben a kategóriában. Előfordulhat, hogy ajánlásaink nem tartalmazzák az összes ilyen funkciót, de azok, amelyek igen, magasabb helyen szerepelhetnek, mint mások ezen az oldalon.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/hu/tools.md b/i18n/hu/tools.md
index 9dbf4cee..cd011702 100644
--- a/i18n/hu/tools.md
+++ b/i18n/hu/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [További információ :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[További információ :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Produktivitás Eszközök
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [További információ :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[További információ :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Operációs Rendszerek
 
 ### Mobil
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[További információ :material-arrow-right-drop-circle:](android.md)
+[További információ :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android Alkalmazások
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[További információ :material-arrow-right-drop-circle:](android.md#general-apps)
+[További információ :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[További információ :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Asztal/PC
 
diff --git a/i18n/id/android.md b/i18n/id/android.md
deleted file mode 100644
index 39f3d9f5..00000000
--- a/i18n/id/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-**Android Open Source Project** adalah sistem operasi seluler sumber terbuka yang dipimpin oleh Google yang mendukung sebagian besar perangkat seluler di dunia. Sebagian besar ponsel yang dijual dengan Android telah dimodifikasi untuk menyertakan integrasi dan aplikasi invasif seperti Google Play Services, jadi Anda dapat meningkatkan privasi Anda secara signifikan pada perangkat seluler Anda dengan mengganti instalasi bawaan ponsel Anda dengan versi Android tanpa fitur-fitur invasif ini.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-Berikut ini adalah sistem operasi, perangkat, dan aplikasi Android yang kami rekomendasikan untuk memaksimalkan keamanan dan privasi perangkat seluler Anda. Untuk mengetahui lebih lanjut tentang Android:
-
-[Gambaran Umum Android :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## Turunan AOSP
-
-Kami menyarankan untuk menginstal salah satu sistem operasi Android khusus berikut ini pada perangkat Anda, yang terdaftar dalam urutan preferensi, tergantung kompatibilitas perangkat Anda dengan sistem operasi berikut ini.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. Perangkat ini tidak dapat dianggap sepenuhnya aman terlepas dari perangkat lunak yang terinstal.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** adalah pilihan terbaik dalam hal privasi dan keamanan.
-
-GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS mendukung [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), yang menjalankan [Layanan Google Play](https://en.wikipedia.org/wiki/Google_Play_Services) sepenuhnya di-sandbox seperti aplikasi biasa lainnya. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Mengapa kami lebih merekomendasikan GrapheneOS daripada CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Beranda](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Layanan Onion" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Kebijakan Privasi" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Dokumentasi}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Kode Sumber" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Kontribusi }
-
-</div>
-
-DivestOS memiliki mekanisme [penambalan](https://gitlab.com/divested-mobile/cve_checker) kerentanan kernel ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) otomatis, lebih sedikit *proprietary blobs*, dan berkas [hosts](https://divested.dev/index.php?page=dnsbl) khusus. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS juga menyertakan tambalan kernel dari GrapheneOS dan mengaktifkan semua fitur keamanan kernel yang tersedia melalui [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS mengimplementasikan beberapa tambalan penguatan sistem yang awalnya dikembangkan untuk GrapheneOS. DivestOS 16.0 dan yang lebih tinggi mengimplementasikan fitur GrapheneOS izin [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) dan SENSORS, [pengalokasi memori yang diperkuat](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), dan perangkat tambahan penguatan [bionik](https://en.wikipedia.org/wiki/Bionic_(software)) parsial. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS menggunakan F-Droid sebagai toko aplikasi bawaan. Kami biasanya [menyarankan untuk menghindari F-Droid](#f-droid), tetapi melakukan hal itu di DivestOS tidak memungkinkan; para pengembang DivestOS memperbarui aplikasi mereka melalui repositori F-Droid mereka sendiri ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) dan [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. Untuk aplikasi-aplikasi lain, kami tetap menyarankan metode yang kami rekomendasikan.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Pembaruan firmware [status] (https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) dan kontrol kualitas perangkat-perangkat yang didukung DivestOS bervariasi. Kami tetap merekomendasikan GrapheneOS tergantung kompatibilitas perangkat Anda. Untuk perangkat lain, DivestOS adalah alternatif yang bagus.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Mulai **Pixel 8** dan **8 Pro**, perangkat Pixel menerima minimal 7 tahun pembaruan keamanan terjamin, memastikan masa pakai yang jauh lebih lama dibandingkan dengan 2-5 tahun yang biasanya ditawarkan oleh OEM pesaing.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Ponsel Google Pixel menggunakan OS TEE yang disebut Trusty yang [bersumber terbuka](https://source.android.com/security/trusty#whyTrusty), tidak seperti ponsel lainnya.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Kriteria
-
-**Harap diperhatikan bahwa kami tidak berafiliasi dengan proyek-proyek yang kami rekomendasikan.** Selain [kriteria standar kami](about/criteria.md), kami telah mengembangkan serangkaian persyaratan yang jelas untuk memungkinkan kami memberikan rekomendasi yang objektif. Kami sarankan Anda membiasakan diri dengan daftar ini sebelum memilih untuk menggunakan sebuah proyek, dan melakukan penelitian sendiri untuk memastikan bahwa itu adalah pilihan yang tepat untuk Anda.
-
-### Sistem Operasi
-
-- Harus berupa perangkat lunak sumber terbuka.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/id/android/distributions.md b/i18n/id/android/distributions.md
new file mode 100644
index 00000000..303e0b90
--- /dev/null
+++ b/i18n/id/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Kriteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Kami sarankan Anda membiasakan diri dengan daftar ini sebelum memilih untuk menggunakan sebuah proyek, dan melakukan penelitian sendiri untuk memastikan bahwa itu adalah pilihan yang tepat untuk Anda.
+
+- Harus berupa perangkat lunak sumber terbuka.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/id/android/general-apps.md b/i18n/id/android/general-apps.md
new file mode 100644
index 00000000..e119f124
--- /dev/null
+++ b/i18n/id/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Kriteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Kami sarankan Anda membiasakan diri dengan daftar ini sebelum memilih untuk menggunakan sebuah proyek, dan melakukan penelitian sendiri untuk memastikan bahwa itu adalah pilihan yang tepat untuk Anda.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/id/android/index.md b/i18n/id/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/id/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/id/android/obtaining-apps.md b/i18n/id/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/id/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/id/device-integrity.md b/i18n/id/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/id/device-integrity.md
+++ b/i18n/id/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/id/mobile-phones.md b/i18n/id/mobile-phones.md
new file mode 100644
index 00000000..972dfb10
--- /dev/null
+++ b/i18n/id/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Kriteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Kami sarankan Anda membiasakan diri dengan daftar ini sebelum memilih untuk menggunakan sebuah proyek, dan melakukan penelitian sendiri untuk memastikan bahwa itu adalah pilihan yang tepat untuk Anda.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/id/os/android-overview.md b/i18n/id/os/android-overview.md
index 7fa6cc56..82c70ced 100644
--- a/i18n/id/os/android-overview.md
+++ b/i18n/id/os/android-overview.md
@@ -18,7 +18,7 @@ This problem could be solved by using a custom Android distribution that does no
 
 Idealnya, ketika memilih distribusi Android kustom, Anda harus memastikan bahwa distribusi tersebut menjunjung tinggi model keamanan Android. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). Semua distribusi Android yang kami rekomendasikan memenuhi kriteria ini.
 
-[Rekomendasi Sistem Android kami :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Rekomendasi Sistem Android kami :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Avoid Rooting
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/id/os/index.md b/i18n/id/os/index.md
index e0fac8f4..0037a7d1 100644
--- a/i18n/id/os/index.md
+++ b/i18n/id/os/index.md
@@ -4,7 +4,7 @@ title: Sistem Operasi
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/id/os/ios-overview.md b/i18n/id/os/ios-overview.md
index d519339c..a550a1fa 100644
--- a/i18n/id/os/ios-overview.md
+++ b/i18n/id/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/id/pastebins.md b/i18n/id/pastebins.md
new file mode 100644
index 00000000..fce72911
--- /dev/null
+++ b/i18n/id/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Kriteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Kami sarankan Anda membiasakan diri dengan daftar ini sebelum memilih untuk menggunakan sebuah proyek, dan melakukan penelitian sendiri untuk memastikan bahwa itu adalah pilihan yang tepat untuk Anda.
+
+### Persyaratan Minimum
+
+- Must be open source.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Kasus Terbaik
+
+Kriteria kasus terbaik kami mewakili apa yang ingin kami lihat dari proyek yang sempurna dalam kategori ini. Rekomendasi kami mungkin tidak menyertakan salah satu atau semua fungsi ini, tetapi rekomendasi yang menyertakan fungsi ini mungkin memiliki peringkat yang lebih tinggi daripada yang lain di halaman ini.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/id/productivity.md b/i18n/id/productivity.md
index 76c2d034..8eff3d57 100644
--- a/i18n/id/productivity.md
+++ b/i18n/id/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Kriteria
-
-**Harap diperhatikan bahwa kami tidak berafiliasi dengan proyek-proyek yang kami rekomendasikan.** Selain [kriteria standar kami](about/criteria.md), kami telah mengembangkan serangkaian persyaratan yang jelas untuk memungkinkan kami memberikan rekomendasi yang objektif. Kami sarankan Anda membiasakan diri dengan daftar ini sebelum memilih untuk menggunakan sebuah proyek, dan melakukan penelitian sendiri untuk memastikan bahwa itu adalah pilihan yang tepat untuk Anda.
-
-#### Persyaratan Minimum
-
-- Klien sebaiknya haruslah terbuka.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Kasus Terbaik
-
-Kriteria kasus terbaik kami mewakili apa yang ingin kami lihat dari proyek yang sempurna dalam kategori ini. Rekomendasi kami mungkin tidak menyertakan salah satu atau semua fungsi ini, tetapi rekomendasi yang menyertakan fungsi ini mungkin memiliki peringkat yang lebih tinggi daripada yang lain di halaman ini.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
@@ -224,5 +191,5 @@ Kriteria kasus terbaik kami mewakili apa yang ingin kami lihat dari proyek yang
 
 **Harap diperhatikan bahwa kami tidak berafiliasi dengan proyek-proyek yang kami rekomendasikan.** Selain [kriteria standar kami](about/criteria.md), kami telah mengembangkan serangkaian persyaratan yang jelas untuk memungkinkan kami memberikan rekomendasi yang objektif. Kami sarankan Anda membiasakan diri dengan daftar ini sebelum memilih untuk menggunakan sebuah proyek, dan melakukan penelitian sendiri untuk memastikan bahwa itu adalah pilihan yang tepat untuk Anda.
 
-- Must be open source.
+- Klien sebaiknya haruslah terbuka.
 - Must be possible to self-host.
diff --git a/i18n/id/tools.md b/i18n/id/tools.md
index f25edd73..ee91da66 100644
--- a/i18n/id/tools.md
+++ b/i18n/id/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Pelajari lebih lanjut :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Pelajari lebih lanjut :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Alat Produktivitas
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Pelajari lebih lanjut :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Pelajari lebih lanjut :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Sistem Operasi
 
 ### Seluler
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Pelajari lebih lanjut :material-arrow-right-drop-circle:](android.md)
+[Pelajari lebih lanjut :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Aplikasi Android
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Pelajari lebih lanjut :material-arrow-right-drop-circle:](android.md#general-apps)
+[Pelajari lebih lanjut :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Pelajari lebih lanjut :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/it/android.md b/i18n/it/android.md
deleted file mode 100644
index 53230154..00000000
--- a/i18n/it/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Consigli su Android: GrapheneOS e DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: Puoi sostituire il sistema operativo sul tuo telefono Android con queste alternative sicure e rispettose della privacy.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Sistemi operativi Android privati
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://it.wikipedia.org/wiki/Android
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://it.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://it.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Logo di Android](assets/img/android/android.svg){ align=right }
-
-Il **Progetto Open Source di Android** è un sistema operativo mobile e open source sviluppato da Google, utilizzato da gran parte dei dispositivi mobili al mondo. Gran parte dei telefonini venduti con Android sono modificati per includere integrazioni e app invasive come Google Play Services, quindi, puoi migliorare significativamente la tua privacy sul tuo dispositivo mobile, sostituendo l'installazione predefinita del tuo telefono con una versione di Android priva di tali funzionalità invasive.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Pagina Principale }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentazione}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Codice Sorgente" }
-
-Questi sono i sistemi operativi, i dispositivi e le app Android che consigliamo, per massimizzare la sicurezza e la privacy del tuo dispositivo mobile. Per scoprire di più su Android:
-
-[Panoramica generale di Android :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## Derivati di AOSP
-
-Consigliamo di installare uno di questi sistemi operativi personalizzati di Android sul tuo dispositivo, elencati per preferenza, a seconda della compatibilità del tuo dispositivo con essi.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Nota</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. Questi dispositivi non sono considerabili interamente sicuri, indipendentemente dal software installato.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![Logo di GrapheneOS](assets/img/android/grapheneos.svg#only-light){ align=right }
-![Logo di GrapheneOS](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** è la scelta migliore per quanto riguarda privacy e sicurezza.
-
-GrapheneOS fornisce maggiore [sicurezza] (https://it.wikipedia.org/wiki/Hardening) e miglioramenti della privacy. Dispone di un [allocatore di memoria rafforzato](https://github.com/GrapheneOS/hardened_malloc), autorizzazioni di rete e dei sensori e varie altre [funzionalità di sicurezza](https://grapheneos.org/features). Inoltre, dispone di aggiornamenti completi del firmware e build firmate, quindi, l'avvio verificato è pienamente supportato.
-
-[:octicons-home-16: Pagina Principale](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Politica sulla Privacy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentazione}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Codice Sorgente" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuisci }
-
-</div>
-
-GrapheneOS supporta [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), che esegue [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) in piena modalità sandbox, come ogni altra app regolare. Ciò significa che puoi sfruttare la maggior parte dei Google Play Services, come le [notifiche push](https://firebase.google.com/docs/cloud-messaging), offrendoti il pieno controllo delle autorizzazioni e dell'accesso, contenendoli in un [profilo di lavoro](os/android-overview.md#work-profile) specifico o in un [profilo utente](os/android-overview.md#user-profiles) di tua scelta.
-
-I telefoni Google Pixel sono gli unici dispositivi che attualmente soddisfano i [requisiti di sicurezza hardware](https://grapheneos.org/faq#future-devices) di GrapheneOS.
-
-[Perché consigliamo GrapheneOS, rispetto a CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![Logo di DivestOS](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** è un soft-fork di [LineageOS](https://lineageos.org).
-DivestOS eredita molti [dispositivi supportati](https://divestos.org/index.php?page=devices&base=LineageOS) da LineageOS. Dispone di build firmate, rendendo possibile l'[avvio verificato](https://source.android.com/docs/security/features/verifiedboot?hl=it) su alcuni dispositivi non Pixel.
-
-[:octicons-home-16: Home](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Servizio Onion" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Politica sulla Privacy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentazione}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Codice Sorgente" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribuisci }
-
-</div>
-
-DivestOS offre [correzioni](https://gitlab.com/divested-mobile/cve_checker) automatizzate delle vulnerabilità del kernel (CVE), minori blob proprietari e un file degli [host](https://divested.dev/index.php?page=dnsbl) personalizzato. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. Inoltre, DivestOS include delle correzioni del kernel da GrapheneOS e consente tutte le funzionalità di sicurezza del kernel disponibili, tramite il [rafforzamento di defconfig](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implementa alcune correzioni di rafforzamento del sistema, sviluppate in origine per GrapheneOS. DivestOS 16.0 e superiori implementano l'interruttore delle autorizzazioni [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) e SENSORS, l'[allocatore di memoria rafforzato](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constificato](https://en.wikipedia.org/wiki/Const_(computer_programming)) e serie di correzioni di rafforzamento [bionico](https://en.wikipedia.org/wiki/Bionic_(software)). 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS utilizza F-Droid come app store predefinito. Normalmente [consigliamo di evitare F-Droid](#f-droid), ma su DivestOS non è possibile farlo; gli sviluppatori aggiornano le loro applicazioni tramite i propri repository di F-Droid ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) e [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). Consigliamo di disabilitare l'applicazione ufficiale F-Droid e di utilizzare [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **con i repository DivestOS abilitati** per mantenere aggiornati questi componenti. Per le altre app, sono ancora validi i nostri metodi consigliati per ottenerle.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Avviso</p>
-
-Lo [stato](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) di aggiornamento del firmware di DivestOS e il controllo della qualiità variano tra i dispositivi supportati. Continuiamo a consigliare GrapheneOS a seconda della compatibilità con il tuo dispositivo. Per altri dispositivi, DivestOS è una buona alternativa.
-
-Non tutti i dispositivi supportati dispongono dell'avvio verificato e, alcuni, lo eseguono meglio di altri.
-
-</div>
-
-## Dispositivi Android
-
-Acquistando un dispositivo, consigliamo di prenderne uno il più recente possibile. Il software e il firmware dei dispositivi mobili sono supportati esclusivamente per un periodo di tempo limitato, quindi, l'acquisto di prodotti nuovi ne estende la durata il più possibile.
-
-Evita di acquistare telefoni dagli operatori di rete mobile. Questi, spesso, dispongono di un **bootloader bloccato** e non supportano lo [sblocco dell'OEM](https://source.android.com/devices/bootloader/locking_unlocking). Queste varianti ti impediranno di installare alcun tipo di distribuzione alternativa di Android.
-
-Presta molta **attenzione** all'acquisto di telefoni di seconda mano dai mercati online. Controlla sempre la reputazione del venditore. Se il dispositivo è stato rubato, c'è la possibilità che venga inserito nel [database IMEI](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). Esiste anche il rischio di essere associati all'attività del proprietario precedente.
-
-Altri consigli sui dispositivi Android e sulla compatibilità del sistema operativo:
-
-- Non acquistare dispositivi che hanno raggiunto o sono prossimi al termine della propria vita, gli aggiornamenti del firmware aggiuntivi devono essere forniti dal produttore.
-- Non acquistare telefoni con LineageOS o /e/ OS preinstallati o qualsiasi dispositivo Android privo dell'adeguato supporto all'[Avvio Verificato](https://source.android.com/security/verifiedboot) e degli aggiornamenti del firmware. Inoltre, questi dispositivi non ti consentono di verificare se sono stati manomessi.
-- In breve, se un dispositivo o una distribuzione Android non sono elencati qui, probabilmente c'è una buona ragione. Dai un'occhiata al nostro [forum](https://discuss.privacyguides.net) per trovare i dettagli!
-
-### Google Pixel
-
-I telefoni Google Pixel sono i **soli** dispositivi che consigliamo di acquistare. I telefoni Pixel presentano una maggiore sicurezza hardware rispetto agli altri dispositivi Android al momento presenti sul mercato, grazie all'adeguato supporto ai sistemi operativi di terze parti e ai chip di sicurezza personalizzati '[Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) di Google, che fungono da Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-I dispositivi **Google Pixel** sono noti per avere una buona sicurezza e per supportare adeguatamente l'[Avvio Verificato](https://source.android.com/docs/security/features/verifiedboot?hl=it), anche installando sistemi operativi personalizzati.
-
-A partire da **Pixel 8** e **8 Pro**, i dispositivi Pixel riceveranno un minimo di 7 anni di aggiornamenti di sicurezza garantiti, assicurando una durata molto maggiore, rispetto a 2-5 anni tipicamente offerti dagli OEM concorrenti.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Gli Elementi Sicuri come Titan M2 sono più limitati dell'Ambiente d'Esecuzione Attendibile del processore, utilizzato da gran parte degli altri dispositivi, essendo utilizzati soltanto per l'archiviazione segreta, l'attestazione del hardware e la limitazione della frequenza, non per eseguire i programmi "attendibili". I telefoni privi di un Elemento Sicuro, devono utilizzare TEE per *tutte* queste funzionalità, risultando in una maggiore superficie di attacco.
-
-I telefoni Google Pixel utilizzano un SO TEE detto Trusty, che è [open source](https://source.android.com/security/trusty#whyTrusty), a differenza di molti altri dispositivi.
-
-L'installazione di GrapheneOS su un telefono Pixel è facile grazie all'[installatore web](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-Altri suggerimenti per l'acquisto di un Google Pixel:
-
-- Se vuoi fare un affare con un dispositivo Pixel, ti consigliamo di acquistare un modello "**A**", poco dopo l'uscita del modello top di gamma successivo. Solitamente, gli sconti, sono disponibili perché Google cercerà di smaltire le scorte.
-- Considera le opzioni di sconto e offerte speciali, nei negozi fisici.
-- Consulta le community di sconti online nel tuo paese. Possono segnalarti le vendite più convenienti.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- Se il Pixel non è disponibile nella tua regione, il [NitroPhone](https://shop.nitrokey.com/shop) può essere spedito a livello globale.
-
-## App generali
-
-Consigliamo un'ampia gamma di app di Android, tramite questo sito. Le app qui elencate sono esclusive di Android e migliorano o sostituiscono nello specifico delle funzionalità fondamentali di sistema.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Logo di Shelter](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** è un'app che ti aiuta a sfruttare la funzionalità del Profilo di Lavoro di Android per isolare o duplicare le app sul tuo dispositivo.
-
-Shelter supporta il blocco della ricerca dei contatti tra profili e la condivisione di file tra profili tramite il gestore dei file predefinito ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Codice Sorgente" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribuisci }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Avviso</p>
-
-Shelter è consigliato rispetto a [Insular](https://secure-system.gitlab.io/Insular) e [Island](https://github.com/oasisfeng/island) poiché supporta il [blocco della ricerca dei contatti](https://secure-system.gitlab.io/Insular/faq.html).
-
-Utilizzando Shelter, ti affidi interamente al suo sviluppatore, poiché Shelter agisce da [Admin del Dispositivo](https://developer.android.com/guide/topics/admin/device-admin?hl=it) per creare il Profilo di Lavoro, e ha ampio accesso ai dati memorizzati nel Profilo di Lavoro.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Logo di Secure Camera](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Logo di Secure camera](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
- **Secure Camera** è un'app per fotocamera incentrata sulla privacy e la sicurezza che può catturare immagini, video e codici QR. Le estensioni del fornitore di CameraX (Ritratto, HDR, Notte, Ritocco del Viso e Automatica) sono supportate anche sui dispositivi disponibili.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentazione}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Codice sorgente" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuisci }
-
-<details class="downloads" markdown>
-<summary>Scarica</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Le principali funzionalità di privacy includono:
-
-- Rimozione automatica dei metadati [Exif](https://en.wikipedia.org/wiki/Exif) (abilitata di default)
-- Utilizzo della nuova API [Media](https://developer.android.com/training/data-storage/shared/media), dunque le [autorizzazioni d'archiviazione](https://developer.android.com/training/data-storage) non sono necessarie
-- L'autorizzazione del microfono non è necessaria a meno che tu non voglia registrare dei suoni
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Nota</p>
-
-I metadati non sono al momento eliminati dai file video, ma la funzionalità è in fase di sviluppo.
-
-I metadati sull'orientamento dell'immagine non vengono eliminati. Se abiliti la posizione (su Secure Camera), nemmeno questa **sarà** eliminata. Se desideri eliminarla in seguito, dovrai utilizzare un'applicazione esterna come [ExifEraser] (data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Logo di Secure PDF Viewer](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Logo di Secure PDF Viewer](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** è un visualizzatore di PDF basato su [pdf.js](https://it.wikipedia.org/wiki/PDF.js), che non richiede alcuna autorizzazione. Il PDF viene inserito in una [webview](https://developer.android.com/guide/webapps/webview) [in modalità sandbox](https://it.wikipedia.org/wiki/Sandbox). Ciò significa che non richiede direttamente l'autorizzazione all'accesso dei contenuti o dei file.
-
-La [Politica sulla Sicurezza dei Contenuti](https://en.wikipedia.org/wiki/Content_Security_Policy) è utilizzata per imporre che le proprietà JavaScript e di stile nella WebView siano contenuti interamente statici.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Codice sorgente" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuisci }
-
-<details class="downloads" markdown>
-<summary>Scarica</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Ottenere le Applicazioni
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Logo di Obtainium](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** è un gestore di app che ti consente di installare e aggiornare le app direttamente dalla pagina di rilascio dello sviluppatore (es. GitHub, GitLab, il sito web dello sviluppatore, ecc.), piuttosto che un app store/repository di app centralizzato. Supporta gli aggiornamenti automatici in background su Android 12 e versioni successive.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentazione}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Codice Sorgente" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribuisci }
-
-<details class="downloads" markdown>
-<summary>Scarica</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium ti consente di scaricare file di installazione APK da un'ampia varietà di fonti, ed è compito tuo assicurarti che tali fonti e applicazioni siano legittime. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. Il rischio di installare un *aggiornamento* dannoso è minore, poiché Android stesso verifica che tutti gli aggiornamenti delle app siano firmati dallo stesso sviluppatore dell'app esistente sul tuo telefono prima di installarli.
-
-### App Store di GrapheneOS
-
-L'app store di GrapheneOS è disponibile su [GitHub](https://github.com/GrapheneOS/Apps/releases). Supporta Android 12 e versioni successive ed è in grado di aggiornarsi da solo. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). Se stai cercando queste app, consigliamo vivamente di ottenere l'app store di GrapheneOS del Play Store, poiché le app sul loro store sono firmate dalla firma dello stesso progetto di GrapheneOS, a cui Google non ha accesso.
-
-### Aurora Store
-
-Il Google Play Store richiede un profilo Google per l'accesso, il che non è un bene per la privacy. Puoi aggirare tale problema utilizzando un client alternativo, come Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Logo di Aurora Store](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** è un client di Google Play Store che non richiede un profilo di Google, Google Play Services o microG per scaricare le app.
-
-[:octicons-home-16: Pagina Principale](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Politica sulla Privacy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Codice Sorgente" }
-
-<details class="downloads" markdown>
-<summary>Scarica</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store non consente di scaricare app a pagamento con la propria funzione del profilo anonimo. Puoi facoltativamente accedere con il tuo account Google all'Aurora Store per scaricare le applicazioni acquistate, il che consente a Google di accedere all'elenco delle applicazioni da te installate. Tuttavia, benefici del vantaggio di non richiedere il client Google Play completo e i Google Play Services o microG sul tuo dispositivo.
-
-### Manualmente con le notifiche RSS
-
-Per le app rilasciate su piattaforme come GitHub e GitLab, potresti aggiungere un feed RSS al tuo [aggregatore di notizie](news-aggregators.md), che ti aiuterà a tener traccia delle nuove versioni.
-
-![APK di RSS](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![Modifiche APK](./assets/img/android/rss-changes-light.png#only-light) ![Modifiche APK](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-Su GitHub, utilizzando come esempio [Secure Camera](#secure-camera), dovresti navigare alla sua [pagina di rilascio](https://github.com/GrapheneOS/Camera/releases) e aggiungere `.atom` all'URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-Su GitLab, utilizzando come esempio [Aurora Store](#aurora-store), dovresti navigare al suo [repository del progetto](https://gitlab.com/AuroraOSS/AuroraStore) e aggiunge `/-/tags?format=atom` all'URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifica delle impronte digitali degli APK
-
-Se scarichi i file APK da installare manualmente, puoi verificarne la firma con lo strumento [`apksigner`](https://developer.android.com/studio/command-line/apksigner), parte degli [strumenti di creazione](https://developer.android.com/studio/releases/build-tools) di Android.
-
-1. Installa [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Scarica gli [strumenti della riga di comando di Android Studio](https://developer.android.com/studio#command-tools).
-
-3. Estrai l'archivio scaricato:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Esegui il comando di verifica della firma:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. Gli hash risultanti possono poi esser confrontati con un'altra fonte. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![Logo di F-Droid](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==Consigliamo F-Droid solo come mezzo per ottenere le applicazioni che non possono essere ottenute con i mezzi riportati sopra.== F-Droid è spesso raccomandato come alternativa a Google Play, in particolare nella community della privacy. La possibilità di aggiungere repository di terze parti e di non essere confinati a Google, ne ha determinato la popolarità. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. Tuttavia, il modo in cui F-Droid costruisce, firma e consegna i pacchetti presenta alcuni aspetti negativi legati alla sicurezza:
-
-A causa del loro processo di creazione delle app, quelle presenti nel repository ufficiale di F-Droid sono spesso in ritardo con gli aggiornamenti. Inoltre, i manutentori di F-Droid riutilizzano gli ID dei pacchetti firmando le app con le proprie chiavi, il che non è ideale, poiché conferisce al team di F-Droid la massima fiducia. Inoltre, i requisiti per l'inclusione di un'applicazione nel repo ufficiale di F-Droid sono meno rigidi rispetto ad altri app store come Google Play, il che significa che F-Droid tende ad ospitare molte applicazioni più vecchie, non mantenute o che comunque non soddisfano più [i standard moderni di sicurezza](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. Il repository IzzyOnDroid estrae le build direttamente da GitHub ed è la seconda scelta migliore dopo i repository degli sviluppatori. Tuttavia, non è un'opzione che possiamo consigliare pienamente, poiché le applicazioni vengono tipicamente [rimosse](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) da questo repository se in seguito vengono aggiunte al repository principale di F-Droid. Sebbene ciò abbia senso (dato che l'obiettivo di questo particolare repository è ospitare le app prima che vengano accettate nel repository principale di F-Droid), ti può lasciare con le app installate senza ricevere più aggiornamenti.
-
-Detto ciò, i repository di [F-Droid](https://f-droid.org/en/packages) e [IzzyOnDroid](https://apt.izzysoft.de/fdroid) ospitano innumerevoli applicazioni, quindi possono essere uno strumento utile per cercare e scoprire applicazioni open-source che puoi scaricare attraverso altri mezzi come Play Store, Aurora Store o ottenendo l'APK direttamente dallo sviluppatore. Quando cerchi nuove applicazioni attraverso questo metodo, dovresti usare il tuo miglior giudizio e tenere d'occhio la frequenza con cui l'applicazione viene aggiornata. Le applicazioni obsolete possono fare affidamento su librerie non supportate, tra le altre cose, comportando un potenziale rischio per la sicurezza.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In alcuni casi rari, lo sviluppatore di un'applicazione la distribuisce solo attraverso F-Droid ([Gadgetbridge](https://gadgetbridge.org) ne è un esempio). Se hai davvero bisogno di un'applicazione del genere, ti consigliamo di utilizzare il nuovo client [F-Droid Basic](https://f-droid.org/it/packages/org.fdroid.basic/) invece dell'applicazione originale F-Droid per ottenerla. F-Droid Basic supporta gli aggiornamenti automatici in background senza estensione privilegiata o root e ha un set di funzionalità ridotto (che limita la superficie di attacco).
-
-</div>
-
-## Criteri
-
-**Ti preghiamo di notare che non siamo affiliati con alcun progetto consigliato.** Oltre ai [nostri criteri standard](about/criteria.md), abbiamo sviluppato una serie chiara di requisiti per consentirci di fornire consigli oggettivi. Ti suggeriamo di familiarizzare con questo elenco prima di scegliere di utilizzare un progetto e di condurre le tue ricerche per assicurarti che si tratti della scelta adatta a te.
-
-### Sistemi Operativi
-
-- Deve essere un software open source.
-- Deve supportare il blocco del bootloader con supporto alla chiave AVB personalizzato.
-- Deve ricevere gli aggiornamenti principali di Android entro 0-1 mesi dalla pubblicazione.
-- Deve ricevere gli aggiornamenti delle funzionalità Android (versione minore) entro 0-14 giorni dalla pubblicazione.
-- Deve ricevere regolarmente le correzioni di sicurezza entro 0-5 giorni dalla pubblicazione.
-- **Non** deve essere preconfigurato con il "root".
-- **Non** deve abilitare Google Play Services di default.
-- **Non** deve richiedere la modifica del sistema per supportare Google Play Services.
-
-### Dispositivi
-
-- Deve supportare almeno uno dei sistemi operativi personalizzati consigliati.
-- Al momento, deve essere venduto nuovo nei negozi.
-- Deve ricevere un minimo di 5 anni di aggiornamenti di sicurezza.
-- Deve disporre di un hardware Secure Element dedicato.
-
-### Applicazioni
-
-- Le applicazioni su questa pagina non devono essere applicabili ad alcuna altra categoria di software presente sul sito.
-- Le applicazioni generali dovrebbero estendere o sostituire le funzionalità di base del sistema.
-- Le applicazioni dovrebbero ricevere aggiornamenti e manutenzione regolari.
diff --git a/i18n/it/android/distributions.md b/i18n/it/android/distributions.md
new file mode 100644
index 00000000..616d92f7
--- /dev/null
+++ b/i18n/it/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Avviso</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteri
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Ti suggeriamo di familiarizzare con questo elenco prima di scegliere di utilizzare un progetto e di condurre le tue ricerche per assicurarti che si tratti della scelta adatta a te.
+
+- Deve essere un software open source.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/it/android/general-apps.md b/i18n/it/android/general-apps.md
new file mode 100644
index 00000000..299d3a45
--- /dev/null
+++ b/i18n/it/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Avviso</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Scarica</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Nota</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Scarica</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteri
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Ti suggeriamo di familiarizzare con questo elenco prima di scegliere di utilizzare un progetto e di condurre le tue ricerche per assicurarti che si tratti della scelta adatta a te.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/it/android/index.md b/i18n/it/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/it/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/it/android/obtaining-apps.md b/i18n/it/android/obtaining-apps.md
new file mode 100644
index 00000000..b3e319d1
--- /dev/null
+++ b/i18n/it/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Scarica</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Scarica</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/it/device-integrity.md b/i18n/it/device-integrity.md
index b648f342..41ca0fba 100644
--- a/i18n/it/device-integrity.md
+++ b/i18n/it/device-integrity.md
@@ -163,9 +163,9 @@ L'utilizzo di queste app non è sufficiente per determinarre che un dispositivo
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. Ciò fornisce un controllo d'integrità molto robusto del tuo stesso dispositivo, ma non verifica necessariamente che le app a livello utente, eseguite sul tuo dispositivo, siano dannose.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. Ciò fornisce un controllo d'integrità molto robusto del tuo stesso dispositivo, ma non verifica necessariamente che le app a livello utente, eseguite sul tuo dispositivo, siano dannose.
 
-Auditor esegue l'attestazione e il rilevamento delle intrusioni con **due** dispositivi, un **controllato** (il dispositivo da verificare) e un **controllore** (il dispositivo che esegue la verifica). Il controllore può essere qualsiasi dispositivo con Android 10+ (o un servizio web da remoto operato da [GrapheneOS](android.md#grapheneos)), mentre il controllato dev'essere, nello specifico, un [dispositivo supportato](https://attestation.app/about#device-support). Auditor opera:
+Auditor esegue l'attestazione e il rilevamento delle intrusioni con **due** dispositivi, un **controllato** (il dispositivo da verificare) e un **controllore** (il dispositivo che esegue la verifica). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor opera:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - Il _controllore_ può essere un'altra istanza dell'app di Auditor o il [Servizio di Attestazione da Remoto](https://attestation.app).
@@ -197,7 +197,7 @@ L'utilizzo di queste app non è sufficiente per determinare che un dispositivo s
 ![Logo Hypatia](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Logo Hypatia](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** è uno scanner di malware real-time open source per Android, realizzato dallo sviluppatore di [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Informativa sulla Privacy" }
diff --git a/i18n/it/mobile-phones.md b/i18n/it/mobile-phones.md
new file mode 100644
index 00000000..d586a97f
--- /dev/null
+++ b/i18n/it/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Avviso</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteri
+
+**Ti preghiamo di notare che non siamo affiliati con alcun progetto consigliato.** Oltre ai [nostri criteri standard](about/criteria.md), abbiamo sviluppato una serie chiara di requisiti per consentirci di fornire consigli oggettivi. Ti suggeriamo di familiarizzare con questo elenco prima di scegliere di utilizzare un progetto e di condurre le tue ricerche per assicurarti che si tratti della scelta adatta a te.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/it/os/android-overview.md b/i18n/it/os/android-overview.md
index 259dc529..e00bd2f2 100644
--- a/i18n/it/os/android-overview.md
+++ b/i18n/it/os/android-overview.md
@@ -18,7 +18,7 @@ Questo problema potrebbe essere risolto utilizzando una distribuzione modificata
 
 Idealmente, quando si sceglie una distribuzione modificata di Android, bisogna assicurarsi che rispetti il modello di sicurezza Android. Come minimo, la distribuzione dovrebbe avere build di produzione, supporto per AVB, protezione dal rollback, aggiornamenti tempestivi del firmware e del sistema operativo e SELinux in [modalità enforcing](https://source.android.com/security/selinux/concepts#enforcement_levels). Tutte le distribuzioni di Android da noi consigliate soddisfano questi criteri.
 
-[Le nostre raccomandazioni per il sistema Android :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Le nostre raccomandazioni per il sistema Android :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Evitare il rooting
 
@@ -125,7 +125,7 @@ Con i profili utente, puoi imporre limitazioni a un profilo specifico, come: eff
 
 I [Profili di Lavoro](https://support.google.com/work/android/answer/6191949) sono un altro metodo per isolare le singole app e potrebbe essere più comodo dei profili utente separati.
 
-Un'app di **controllo del dispositivo**, come [Shelter](../android.md#shelter), è necessaria per creare un Profilo di Lavoro senza un MDM imprenditoriale, a meno che tu non stia utilizzando un OS personalizzato di Android che ne includa uno.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 Il profilo di lavoro dipende da un controllore del dispositivo per funzionare. Le funzionalità come *File Shuttle* e *blocco della ricerca dei contatti* o qualsiasi tipo di funzionalità d'isolamento, devono essere implementate dal controllore. È inoltre necessario fidarsi completamente dell'app di controllo del dispositivo, che ha pieno accesso ai dati dell'utente all'interno del profilo di lavoro.
 
diff --git a/i18n/it/os/index.md b/i18n/it/os/index.md
index 1a9fd8cd..90ca6c90 100644
--- a/i18n/it/os/index.md
+++ b/i18n/it/os/index.md
@@ -4,7 +4,7 @@ title: Sistemi Operativi
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/it/os/ios-overview.md b/i18n/it/os/ios-overview.md
index 565ca76a..f838468c 100644
--- a/i18n/it/os/ios-overview.md
+++ b/i18n/it/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS è un sistema operativo mobile sviluppato da Apple per l'iPhone
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. Tuttavia, le restrizioni dell'ecosistema di Apple, in particolare per quanto riguarda i dispositivi mobili, ostacolano ancora la privacy in diversi modi.
 
-Generalmente, consideriamo che iOS fornisca protezioni della privacy e della sicurezza migliori della media per gran parte delle persone, rispetto ai dispositivi Android di fabbrica da qualsiasi produttore. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+Generalmente, consideriamo che iOS fornisca protezioni della privacy e della sicurezza migliori della media per gran parte delle persone, rispetto ai dispositivi Android di fabbrica da qualsiasi produttore. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Blocco di Attivazione
 
diff --git a/i18n/it/pastebins.md b/i18n/it/pastebins.md
new file mode 100644
index 00000000..286ecaec
--- /dev/null
+++ b/i18n/it/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. I dati sono crittografati/decrittografati nel browser utilizzando AES a 256 bit. È la versione migliorata di ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteri
+
+**Ti preghiamo di notare che non siamo affiliati con alcun progetto consigliato.** Oltre ai [nostri criteri standard](about/criteria.md), abbiamo sviluppato una serie chiara di requisiti per consentirci di fornire consigli oggettivi. Ti suggeriamo di familiarizzare con questo elenco prima di scegliere di utilizzare un progetto e di condurre le tue ricerche per assicurarti che si tratti della scelta adatta a te.
+
+### Requisiti minimi
+
+- Deve essere open source.
+- Deve implementare la crittografia end-to-end "a fiducia zero".
+- Deve supportare i file protetti da password.
+
+### Caso migliore
+
+I nostri criteri ottimali rappresentano ciò che vorremmo vedere dal progetto perfetto in questa categoria. I nostri consigli potrebbero non includere tutte o alcune di queste funzionalità, ma quelli che le includono potrebbero essere preferiti ad altri su questa pagina.
+
+- Dovrebbe disporre di un controllo pubblicato da una terza parte affidabile e indipendente.
diff --git a/i18n/it/productivity.md b/i18n/it/productivity.md
index 467d81fa..55b440c6 100644
--- a/i18n/it/productivity.md
+++ b/i18n/it/productivity.md
@@ -154,39 +154,6 @@ In generale, definiamo suite da ufficio le applicazioni che potrebbero ragionevo
 - Deve supportare la modifica dei documenti, dei fogli di calcolo e delle presentazioni.
 - Deve esportare i file in formati standard dei documenti.
 
-## Servizi Copia/Incolla
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![Logo di PrivateBin](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** è un pastebin online minimalista e open source, il cui server ha zero conoscenze sui dati incollati. I dati sono crittografati/decrittografati nel browser utilizzando AES a 256 bit. È la versione migliorata di ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteri
-
-**Ti preghiamo di notare che non siamo affiliati con alcun progetto consigliato.** Oltre ai [nostri criteri standard](about/criteria.md), abbiamo sviluppato una serie chiara di requisiti per consentirci di fornire consigli oggettivi. Ti suggeriamo di familiarizzare con questo elenco prima di scegliere di utilizzare un progetto e di condurre le tue ricerche per assicurarti che si tratti della scelta adatta a te.
-
-#### Requisiti minimi
-
-- Deve essere open source.
-- Deve implementare la crittografia end-to-end "a fiducia zero".
-- Deve supportare i file protetti da password.
-
-#### Miglior Caso
-
-I nostri criteri ottimali rappresentano ciò che vorremmo vedere dal progetto perfetto in questa categoria. I nostri consigli potrebbero non includere tutte o alcune di queste funzionalità, ma quelli che le includono potrebbero essere preferiti ad altri su questa pagina.
-
-- Dovrebbe disporre di un controllo pubblicato da una terza parte affidabile e indipendente.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/it/tools.md b/i18n/it/tools.md
index 6c5b3a76..67c9f311 100644
--- a/i18n/it/tools.md
+++ b/i18n/it/tools.md
@@ -394,16 +394,25 @@ Per crittografare l'unità del sistema operativo, in genere si consiglia di util
 
 [Scopri di più :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Scopri di più :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Strumenti di produttività
 
 <div class="grid cards" markdown>
 
-- ![Logo di Nextcloud](assets/img/productivity/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud (Auto-Ospitabile)](productivity.md#nextcloud)
-- ![Logo di LibreOffice](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
-- ![Logo di OnlyOffice](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
-- ![Logo di CryptPad](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![Logo di PrivateBin](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
-- ![Logo di LanguageTool](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![Logo di LanguageTool](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
+- ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ .twemoji loading=lazy } [Nextcloud (Self-Hostable)](productivity.md#nextcloud)
+- ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
+- ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
+- ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
+- ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
 
@@ -437,32 +446,53 @@ Per crittografare l'unità del sistema operativo, in genere si consiglia di util
 
 [Scopri di più :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Scopri di più :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Sistemi Operativi
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![Logo di GrapheneOS](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![Logo di GrapheneOS](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![Logo di DivestOS](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Scopri di più :material-arrow-right-drop-circle:](android.md)
+[Scopri di più :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Applicazioni Android
 
 <div class="grid cards" markdown>
 
-- ![Logo di Obtainium](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (Gestore App)](android.md#obtainium)
-- ![Logo di Aurora Store](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Client per Google Play)](android.md#aurora-store)
-- ![Logo di Shelter](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Profili di Lavoro)](android.md#shelter)
-- ![Logo di Secure Camera](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Logo di Secure Camera](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Logo di Secure PDF Viewer](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Logo di Secure PDF Viewer](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Scopri di più :material-arrow-right-drop-circle:](android.md#general-apps)
+[Scopri di più :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Scopri di più :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/ja/android.md b/i18n/ja/android.md
deleted file mode 100644
index 1a4d4409..00000000
--- a/i18n/ja/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP Derivatives
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS**はプライバシーとセキュリティに関して最善の選択です。
-
-GrapheneOSはさらなる[セキュリティの強化（ハードニング）](https://ja.wikipedia.org/wiki/%E3%83%8F%E3%83%BC%E3%83%89%E3%83%8B%E3%83%B3%E3%82%B0)とプライバシーの改善を提供します。 [強化されたメモリアロケータ](https://github.com/GrapheneOS/hardened_malloc)、ネットワークとセンサーの権限、その他のさまざまな[セキュリティ機能](https://grapheneos.org/features)を備えています。 GrapheneOSはまた、完全なファームウェアアップデートと署名付きビルドが付属しており、確認付きブートは完全にサポートされている。
-
-[:octicons-home-16: ホームページ](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="プライバシーポリシー" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=ドキュメント}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="ソースコード" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=貢献 }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-現在唯一、GrapheneOSの[ハードウェアセキュリティ要件](https://grapheneos.org/faq#future-devices)を満たしているデバイスはGoogle Pixel スマートフォンです。
-
-[CalyxOSよりもGrapheneOSが推奨される理由 :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOSは、デフォルトのアプリストアとしてF-Droidを使用しています。 We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Androidデバイス
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-携帯電話会社から電話を購入するのは避けること。 These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. 売り手の評判を常にチェックすること。 If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-以下、Google Pixelを購入する際のいくつかのヒントを示します。
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## 一般的なアプリ
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-画像の向きに関するメタデータは削除されません。 If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APKの変更](./assets/img/android/rss-changes-light.png#only-light) ![APKの変更](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### APKフィンガープリントの検証
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. 署名検証コマンドを実行：
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## 規準
-
-**私たちは、推薦するどのプロジェクトとも提携していません。**客観的に推薦できるよう、[標準となる規準](about/criteria.md)に加えて、一連の明確な要件を定めています。 プロジェクトを利用する前に、このリストをよく理解し、ご自身で調査を行って、そのプロジェクトがあなたにとって適切な選択かどうかをご確認ください。
-
-### オペレーティングシステム
-
-- オープンソースのソフトウェアであること。
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### デバイス
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### アプリケーション
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/ja/android/distributions.md b/i18n/ja/android/distributions.md
new file mode 100644
index 00000000..39cf9eb3
--- /dev/null
+++ b/i18n/ja/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## 規準
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. プロジェクトを利用する前に、このリストをよく理解し、ご自身で調査を行って、そのプロジェクトがあなたにとって適切な選択かどうかをご確認ください。
+
+- オープンソースのソフトウェアであること。
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/ja/android/general-apps.md b/i18n/ja/android/general-apps.md
new file mode 100644
index 00000000..f2836e65
--- /dev/null
+++ b/i18n/ja/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## 規準
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. プロジェクトを利用する前に、このリストをよく理解し、ご自身で調査を行って、そのプロジェクトがあなたにとって適切な選択かどうかをご確認ください。
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/ja/android/index.md b/i18n/ja/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/ja/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/ja/android/obtaining-apps.md b/i18n/ja/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/ja/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/ja/device-integrity.md b/i18n/ja/device-integrity.md
index 7a71d596..285d3a0e 100644
--- a/i18n/ja/device-integrity.md
+++ b/i18n/ja/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/ja/mobile-phones.md b/i18n/ja/mobile-phones.md
new file mode 100644
index 00000000..2845aeea
--- /dev/null
+++ b/i18n/ja/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## 規準
+
+\*\*私たちは、推薦するどのプロジェクトとも提携していません。\*\*客観的に推薦できるよう、[標準となる規準](about/criteria.md)に加えて、一連の明確な要件を定めています。 プロジェクトを利用する前に、このリストをよく理解し、ご自身で調査を行って、そのプロジェクトがあなたにとって適切な選択かどうかをご確認ください。
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/ja/os/android-overview.md b/i18n/ja/os/android-overview.md
index e5932c23..726826e4 100644
--- a/i18n/ja/os/android-overview.md
+++ b/i18n/ja/os/android-overview.md
@@ -18,7 +18,7 @@ When you buy an Android phone, the default operating system comes bundled with a
 
 Androidのカスタムディストリビューションを選択する場合には、Androidのセキュリティーモデルが維持されていることを確認してください。 少なくとも、製品用ビルド、AVBのサポート、ロールバック保護、適時のファームウェアとオペレーティングシステムのアップデート、および[強制モード](https://source.android.com/security/selinux/concepts#enforcement_levels)のSELinuxを持つべきです。 私たちが推奨するAndroidディストリビューションはすべて、これらの基準を満たしています。
 
-[私たちが推奨するAndroidシステム :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[私たちが推奨するAndroidシステム :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### root化を避けること
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/ja/os/index.md b/i18n/ja/os/index.md
index 1613c314..7667ad6f 100644
--- a/i18n/ja/os/index.md
+++ b/i18n/ja/os/index.md
@@ -4,7 +4,7 @@ title: オペレーティングシステム
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/ja/os/ios-overview.md b/i18n/ja/os/ios-overview.md
index 8e4e379e..24778a01 100644
--- a/i18n/ja/os/ios-overview.md
+++ b/i18n/ja/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### アクティベーションロック
 
@@ -63,7 +63,7 @@ Your location data is not E2EE when your device is online and you use Find My iP
 
 At the top of the **Settings** app, you'll see your name and profile picture if you are signed in to an Apple ID. Select that, then select **Find My**. Here you can choose whether to enable or disable Find My location features.
 
-### 設定
+### Settings
 
 Many other privacy-related settings can be found in the **Settings** app.
 
diff --git a/i18n/ja/os/windows/group-policies.md b/i18n/ja/os/windows/group-policies.md
index 6f00cd64..2837fd57 100644
--- a/i18n/ja/os/windows/group-policies.md
+++ b/i18n/ja/os/windows/group-policies.md
@@ -14,7 +14,7 @@ You can find these settings by opening `gpedit.msc` and navigating to **Local Co
 
 To change any group policy, double click it and select Enabled or Disabled at the top of the window that appears depending on the recommendations below. Some group policies have additional settings that can be configured, and if that's the case the appropriate settings are noted below as well.
 
-### システム
+### System
 
 #### Device Guard
 
diff --git a/i18n/ja/pastebins.md b/i18n/ja/pastebins.md
new file mode 100644
index 00000000..9f597d11
--- /dev/null
+++ b/i18n/ja/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. PrivateBinはZeroBinの改良版です。
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## 規準
+
+\*\*私たちは、推薦するどのプロジェクトとも提携していません。\*\*客観的に推薦できるよう、[標準となる規準](about/criteria.md)に加えて、一連の明確な要件を定めています。 プロジェクトを利用する前に、このリストをよく理解し、ご自身で調査を行って、そのプロジェクトがあなたにとって適切な選択かどうかをご確認ください。
+
+### 最低要件
+
+- オープンソースであること。
+- 「ゼロトラスト」のエンドツーエンド暗号化を実装すること。
+- パスワードで保護されたファイルをサポートすること。
+
+### 満たされることが望ましい基準
+
+満たされることが望ましい基準には、このカテゴリーの完璧なプロジェクトに私たちが望むものを示しています。 私たちが推薦するプロジェクトは、この機能の一部または全部を含んでいないかもしれませんが、もし含んでいれば、このページで他のプロジェクトよりも上位にランクされるかもしれません。
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/ja/productivity.md b/i18n/ja/productivity.md
index 0596e28f..911c7aec 100644
--- a/i18n/ja/productivity.md
+++ b/i18n/ja/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - ドキュメント、スプレッドシート、プレゼンテーションの編集をサポートすること。
 - Must export files to standard document formats.
 
-## 貼り付け用サービス
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. PrivateBinはZeroBinの改良版です。
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### 規準
-
-**私たちは、推薦するどのプロジェクトとも提携していません。**客観的に推薦できるよう、[標準となる規準](about/criteria.md)に加えて、一連の明確な要件を定めています。 プロジェクトを利用する前に、このリストをよく理解し、ご自身で調査を行って、そのプロジェクトがあなたにとって適切な選択かどうかをご確認ください。
-
-#### 最低要件
-
-- オープンソースであること。
-- 「ゼロトラスト」のエンドツーエンド暗号化を実装すること。
-- パスワードで保護されたファイルをサポートすること。
-
-#### 満たされることが望ましい基準
-
-満たされることが望ましい基準には、このカテゴリーの完璧なプロジェクトに私たちが望むものを示しています。 私たちが推薦するプロジェクトは、この機能の一部または全部を含んでいないかもしれませんが、もし含んでいれば、このページで他のプロジェクトよりも上位にランクされるかもしれません。
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/ja/tools.md b/i18n/ja/tools.md
index 22b0a062..89d44887 100644
--- a/i18n/ja/tools.md
+++ b/i18n/ja/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [詳細 :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[詳細 :material-arrow-right-drop-circle:](pastebins.md)
+
 ### 生産性向上ツール
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [詳細 :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[詳細 :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## オペレーティングシステム
 
 ### モバイル
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[詳細 :material-arrow-right-drop-circle:](android.md)
+[詳細 :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Androidアプリ
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[詳細 :material-arrow-right-drop-circle:](android.md#general-apps)
+[詳細 :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[詳細 :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### デスクトップ/PC
 
diff --git a/i18n/ko/android.md b/i18n/ko/android.md
deleted file mode 100644
index 60dfbc47..00000000
--- a/i18n/ko/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android 로고](assets/img/android/android.svg){ align=right }
-
-**Android 오픈소스 프로젝트**는 Google이 주도하는 오픈 소스 모바일 운영 체제로, 전 세계 모바일 기기의 대부분이 사용하고 있습니다. Android가 탑재되어 판매되는 대부분의 휴대폰은 Google Play 서비스 등의 여러 앱이 강력하게 통합되어 있습니다. 이러한 프라이버시 침해 기능이 포함되지 않은 Android 버전으로 모바일 기기 운영 체제를 교체하여 프라이버시를 크게 향상시킬 수 있습니다.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-본 내용은 모바일 기기의 보안 및 프라이버시 보호를 극대화하는 용도로 권장드리는 Android 운영 체제, 기기, 애플리케이션 목록입니다. Android 자체에 대한 내용은 Android 기본 개요를 참고해주세요.
-
-[Android 기본 개요 :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP 기반
-
-Privacy Guides에서 권장하는 커스텀 Android 운영 체제의 우선 순위는 본 페이지에 나열된 순서와 동일합니다. 여러분이 가진 기기 호환성에 따라 적절한 운영 체제를 선택하시는 것을 권장드립니다.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. 지원 종료 기기는 그 어떤 소프트웨어를 설치하더라도 완벽히 안전하다고 간주할 수 없습니다.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS 로고](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS 로고](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS**는 프라이버시 및 보안 면에서 최고의 선택입니다.
-
-GraphneOS는 추가적인 [보안 강화](https://en.wikipedia.org/wiki/Hardening_(computing))와 프라이버시 강화 기능을 제공합니다. [메모리 할당 보안 강화](https://github.com/GrapheneOS/hardened_malloc), 네트워크 및 센서 권한 등 다양한 [보안 기능](https://grapheneos.org/features)을 포함하고 있습니다. GrapheneOS는 전체 펌웨어 업데이트 및 서명된 빌드 또한 제공하므로, 자체 검사 부팅을 완벽하게 지원합니다.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS는 [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play) 지원하여, [Google Play 서비스](https://en.wikipedia.org/wiki/Google_Play_Services)를 여타 일반 앱처럼 완벽하게 샌드박스를 적용하여 실행할 수 있습니다. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[CalyxOS보다 GrapheneOS를 추천하는 이유 :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. 서명된 빌드가 존재하여, Pixel 외 기기에서 [검증 부팅(Verified Boot)](https://source.android.com/security/verifiedboot)을 사용할 수 있습니다.
-
-[:octicons-home-16: 홈페이지](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion 서비스" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="프라이버시 정책" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=문서}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="소스 코드" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=기부 }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS 펌웨어 업데이트의 [세부 상태](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) 및 품질 관리는 지원하는 기기에 따라 다릅니다. GrapheneOS와 호환되는 기기라면 GrapheneOS를 권장합니다. GrapheneOS 미지원 기기의 경우, DivestOS는 좋은 대체제입니다.
-
-검증 부팅은 모든 지원 기기에서 사용 가능한 것은 아니며, 일부 기기는 다른 기기보다 더 원활할 수 있습니다.
-
-</div>
-
-## Android 기기
-
-기기를 구매할 때는 가급적 최신 제품을 구입해야 합니다. 모바일 기기의 소프트웨어와 펌웨어 지원 기간은 제한되어 있으므로, 최신 제품을 구입해야 최대한 수명을 늘릴 수 있습니다.
-
-이동 통신사로부터 휴대폰을 사는 것은 지양해야 합니다. 이동 통신사에서 판매하는 휴대폰은 보통 **부트로더 잠금**이 걸려 있으며, [OEM 잠금 해제](https://source.android.com/devices/bootloader/locking_unlocking)를 지원하지 않습니다. 이 경우, 어떤 종류의 대체 Android 배포판도 설치할 수 없습니다.
-
-온라인에서 중고 휴대폰을 구입할 때에는 매우 **주의해야** 합니다. 판매자의 평판을 항상 확인하세요. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). 또한 이전 소유자의 활동과 연관될 수 있다는 위험성도 존재합니다.
-
-Android 기기 및 운영 체제 호환성에 관한 추가 정보:
-
-- 수명이 다했거나 거의 다한 기기는 구매하지 마세요. 제조업체에서 추가 펌웨어 업데이트가 제공되는 기기를 구매해야 합니다.
-- LineageOS나 /e/ OS가 사전 설치된 휴대폰이나, 적절한 [자체 검사 부팅(Verified Boot)](https://source.android.com/security/verifiedboot) 지원 혹은 펌웨어 업데이트가 없는 Android 휴대폰을 구매하지 마세요. 이러한 기기는 조작되었는지 여부를 확인할 방법이 없습니다.
-- 요런대, 어떤 기기나 Android 배포판이 여기에 등재되지 않은 경우에는 그럴 만한 이유가 있을 겁니다. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel은 Privacy Guides에서 **유일하게** 구매를 권장하는 기기입니다. Pixel 스마트폰은 현재 시중에 존재하는 어떤 Android 기기보다도 강력한 하드웨어 보안을 가지고 있습니다. 제3자 운영 체제에 대한 적절한 AVB 지원이 갖추어져 있으며, Secure Element 역할 Google 커스텀 [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) 보안 칩을 탑재하고 있습니다.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## 일반 앱
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter 로고](assets/img/android/shelter.svg){ align=right }
-
-**Shelter**는 Android의 직장 프로필 기능을 이용해 기기에서 앱을 격리/복제할 수 있게 해주는 앱입니다.
-
-Shelter는 기본 파일 관리자([DocumentsUI](https://source.android.com/docs/core/architecture/modular-system/documentsui?hl=ko))를 통해 프로필 간 연락처 검색 차단 및 프로필 간 파일 공유를 지원합니다.
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera 로고](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera 로고](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera**는 프라이버시, 보안 중점 카메라 앱으로 사진, 동영상, QR 코드를 찍을 수 있습니다. 기기에서 지원하는 경우 CameraX 공급업체 확장 기능(인물 모드, HDR, 야간 모드, 얼굴 보정, 자동) 또한 지원됩니다.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-주요 프라이버시 기능은 다음과 같습니다:
-
-- [Exif](https://en.wikipedia.org/wiki/Exif) 메타데이터 자동 제거 (기본 활성화)
-- 새로운 [미디어](https://developer.android.com/training/data-storage/shared/media) API를 사용하므로 [저장 공간 ](https://developer.android.com/training/data-storage)권한이 필요하지 않습니다.
-- 사운드 녹음을 원치 않는 한 마이크 권한은 필요하지 않습니다.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-현재 동영상 파일은 메타데이터 제거가 지원되지 않지만, 지원 예정입니다.
-
-이미지 방향 메타데이터는 제거되지 않습니다. (Secure Camera 내에서) 위치 기록을 활성화할 경우, 위치 기록은 제거되지 않습니다. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer 로고](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer 로고](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer**는 [pdf.js](https://en.wikipedia.org/wiki/PDF.js) 기반 PDF 뷰어로, 어떤 권한도 필요하지 않습니다. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS 앱 스토어
-
-GrapheneOS 앱 스토어는 [GitHub](https://github.com/GrapheneOS/Apps/releases)에서 찾을 수 있습니다. 안드로이드 12 이상을 지원하며 자체 업데이트를 지원합니다. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). 이러한 애플리케이션을 찾는 경우, GrapheneOS 앱 스토어의 앱은 Google이 접근할 수 없는 GrapheneOS 프로젝트 자체 서명으로 서명되어 있으므로, Play 스토어 대신 GrapheneOS 앱 스토어에서 다운로드하실 것을 권장드립니다.
-
-### Aurora Store
-
-Google Play 스토어는 Google 계정 로그인이 필수적이기 때문에 프라이버시 면에서 좋지 않습니다. Aurora Store와 같은 대체 클라이언트를 사용하면 이 문제를 해결할 수 있습니다.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store 로고](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store**는 Google 계정, Google Play 서비스, microG 없이 앱을 다운로드할 수 있는 Google Play 스토어 클라이언트입니다.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store에서는 익명 계정 기능을 사용해 유료 앱은 다운로드 불가능합니다. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-GitHub에서는 ([Secure Camera](#secure-camera) 예시) [릴리스 페이지](https://github.com/GrapheneOS/Camera/releases)로 이동한 뒤 URL에 `atom`을 추가하면 됩니다:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-GitLab에서는 ([Aurora Store](#aurora-store) 예시) [프로젝트 저장소](https://gitlab.com/AuroraOSS/AuroraStore)로 이동한 뒤 URL에 `/-/tags?format=atom`을 추가하면 됩니다:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### APK 핑거프린트 확인
-
-APK 파일을 다운로드해 수동으로 설치하는 경우, Android [빌드 도구](https://developer.android.com/studio/releases/build-tools)의 일부인 [`apksigner`](https://developer.android.com/studio/command-line/apksigner)를 사용해 앱 서명을 확인할 수 있습니다.
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. [Android 스튜디오 명령줄 도구](https://developer.android.com/studio#command-tools)를 다운로드합니다.
-
-3. 다운로드한 압축 파일을 압축 해제합니다.
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. 서명 확인 명령어를 실행합니다:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. 이제 결과 해시를 다른 소스와 비교할 수 있습니다. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid 로고](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## 평가 기준
-
-**Privacy Guides는 권장 목록의 어떠한 프로젝트와도 제휴를 맺지 않았습니다.** 객관적인 권장 목록을 제공하기 위해, [일반적인 평가 기준](about/criteria.md)에 더해 명확한 요구 사항을 정립하였습니다. 어떠한 프로젝트를 선택해 사용하기 전에, 이러한 요구 사항들을 숙지하고 여러분 스스로 조사하는 과정을 거쳐 적절한 선택을 하시기 바랍니다.
-
-### 운영 체제
-
-- 오픈 소스 소프트웨어여야 합니다.
-- 부트로더 잠금 시 사용자 지정 AVB 키를 사용할 수 있도록 지원해야 합니다.
-- Android 메이저 업데이트는 출시 1개월 이내에 제공되어야 합니다.
-- Android 기능 업데이트(마이너 버전)은 출시 14일 이내에 제공되어야 합니다.
-- 정기적인 보안 패치는 출시 5일 이내에 제공되어야 합니다.
-- 기본적으로 루팅이 되어있어서는 **안 됩니다**.
-- Google Play 서비스가 기본적으로 활성화된 상태로 제공되어서는 **안 됩니다**.
-- Google Play 서비스를 활성화하기 위해 시스템 수정이 필요해서는 **안 됩니다**.
-
-### 기기
-
-- 권장 운영 체제 중 한 가지 이상을 지원해야 합니다.
-- 현재 새 제품을 팔고 있어야 합니다.
-- 최소 5년 이상 보안 업데이트를 받아야 합니다.
-- 전용 보안 칩(Secure Element) 하드웨어가 장착되어 있어야 합니다.
-
-### 애플리케이션
-
-- 본 페이지에 등재된 애플리케이션은 Privacy Guides 사이트의 다른 소프트웨어 카테고리에 해당되지 않아야 합니다.
-- 일반 애플리케이션은 핵심 시스템 기능을 확장하거나 대체해야 합니다.
-- 애플리케이션은 꾸준한 업데이트 및 유지 관리가 이루어져야 합니다.
diff --git a/i18n/ko/android/distributions.md b/i18n/ko/android/distributions.md
new file mode 100644
index 00000000..7bb81256
--- /dev/null
+++ b/i18n/ko/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## 평가 기준
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. 어떠한 프로젝트를 선택해 사용하기 전에, 이러한 요구 사항들을 숙지하고 여러분 스스로 조사하는 과정을 거쳐 적절한 선택을 하시기 바랍니다.
+
+- 오픈 소스 소프트웨어여야 합니다.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/ko/android/general-apps.md b/i18n/ko/android/general-apps.md
new file mode 100644
index 00000000..fd147ad2
--- /dev/null
+++ b/i18n/ko/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## 평가 기준
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. 어떠한 프로젝트를 선택해 사용하기 전에, 이러한 요구 사항들을 숙지하고 여러분 스스로 조사하는 과정을 거쳐 적절한 선택을 하시기 바랍니다.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/ko/android/index.md b/i18n/ko/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/ko/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/ko/android/obtaining-apps.md b/i18n/ko/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/ko/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/ko/basics/why-privacy-matters.md b/i18n/ko/basics/why-privacy-matters.md
index 63305ab0..bb1183cb 100644
--- a/i18n/ko/basics/why-privacy-matters.md
+++ b/i18n/ko/basics/why-privacy-matters.md
@@ -43,7 +43,7 @@ All of these concepts overlap, but it is possible to have any combination of the
 
 '프라이버시를 지켜야 합니다'라고 주장할 때 항상 튀어나오는 반박은 **"숨길 게 없다면 프라이버시를 신경 쓸 이유가 없다"**라는 주장입니다. 이는 프라이버시를 지키고자 하는 사람들을 반사회적인 사람이나 범죄자처럼 묘사하고, 마치 프라이버시 보호는 잘못된 행동인 것 같은 느낌을 만들어내는 위험한 오해입니다.
 
-=='무언가를 숨기거나 감추는 것'과 '사생활 보호'를 혼동하면 안 됩니다.== 여러분이 화장실에서 뭘 하는지는 명백함에도 불구하고, 여러분은 항상 화장실 문을 닫아둡니다. 이는 여러분이 무언가를 감추고자 한 것이 아닌, 사생활을 보호하고자 한 것이죠. 우리는 개인 건강 정보나 성생활 등 자신에 대한 정보를 여기저기 퍼뜨리고 다니는 것을 싫어하지만, 이런 마음가짐이 규탄받지는 않습니다. 사생활, 즉 프라이버시를 지키고자 하는 것은 정당한 욕구이며, 우리가 사람답게 살기 위해서는 반드시 필요한 것입니다. 프라이버시란, 비밀을 감추는 것이 아닌, '자신의 정보에 대한 권리를 강화하는 것'입니다.
+=='무언가를 숨기거나 감추는 것'과 '사생활 보호'를 혼동하면 안 됩니다.== 여러분이 화장실에서 뭘 하는지는 명백함에도 불구하고, 여러분은 항상 화장실 문을 닫아둡니다. That's because you want privacy, not secrecy. 우리는 개인 건강 정보나 성생활 등 자신에 대한 정보를 여기저기 퍼뜨리고 다니는 것을 싫어하지만, 이런 마음가짐이 규탄받지는 않습니다. 사생활, 즉 프라이버시를 지키고자 하는 것은 정당한 욕구이며, 우리가 사람답게 살기 위해서는 반드시 필요한 것입니다. 프라이버시란, 비밀을 감추는 것이 아닌, '자신의 정보에 대한 권리를 강화하는 것'입니다.
 
 ## 프라이버시는 결국 '통제'인가요?
 
diff --git a/i18n/ko/device-integrity.md b/i18n/ko/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/ko/device-integrity.md
+++ b/i18n/ko/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/ko/mobile-phones.md b/i18n/ko/mobile-phones.md
new file mode 100644
index 00000000..e8a3f7e5
--- /dev/null
+++ b/i18n/ko/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## 평가 기준
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. 어떠한 프로젝트를 선택해 사용하기 전에, 이러한 요구 사항들을 숙지하고 여러분 스스로 조사하는 과정을 거쳐 적절한 선택을 하시기 바랍니다.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/ko/os/android-overview.md b/i18n/ko/os/android-overview.md
index 7505838d..b7f1dc3c 100644
--- a/i18n/ko/os/android-overview.md
+++ b/i18n/ko/os/android-overview.md
@@ -18,7 +18,7 @@ When you buy an Android phone, the default operating system comes bundled with a
 
 커스텀 Android 배포판을 선택할 때는 해당 배포판이 Android 보안 모델을 준수하는지 확인하는 것이 이상적입니다. 배포판은 적어도 프로덕션 빌드, AVB 지원, 롤백 보호, 시기적절한 펌웨어 및 운영 체제 업데이트, [적용 모드](https://source.android.com/docs/security/features/selinux/concepts?hl=ko#enforcement_levels)의 SELinux를 갖춰야 합니다. Privacy Guides에서 권장하는 Android 배포판은 이러한 기준을 모두 충족하고 있습니다.
 
-[Android 시스템 권장 사항 :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Android 시스템 권장 사항 :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### 루팅 방지
 
@@ -125,7 +125,7 @@ Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/
 
 [직장 프로필](https://support.google.com/work/android/answer/6191949)은 개별 앱을 격리하는 방식 중 하나로, 경우에 따라서 별도 사용자 프로필을 사용하는 것보다 편리합니다.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 직장 프로필은 기기 컨트롤러에 따라 작동 방식이 달라집니다. *File Shuttle*, *연락처 검색 차단*을 비롯한 모든 격리 기능은 컨트롤러에서 구현됩니다. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/ko/os/index.md b/i18n/ko/os/index.md
index 76d170a1..a96fc5e8 100644
--- a/i18n/ko/os/index.md
+++ b/i18n/ko/os/index.md
@@ -4,7 +4,7 @@ title: 운영 체제
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/ko/os/ios-overview.md b/i18n/ko/os/ios-overview.md
index a8298d36..3ab771dc 100644
--- a/i18n/ko/os/ios-overview.md
+++ b/i18n/ko/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
@@ -63,7 +63,7 @@ Your location data is not E2EE when your device is online and you use Find My iP
 
 At the top of the **Settings** app, you'll see your name and profile picture if you are signed in to an Apple ID. Select that, then select **Find My**. Here you can choose whether to enable or disable Find My location features.
 
-### 설정
+### Settings
 
 Many other privacy-related settings can be found in the **Settings** app.
 
diff --git a/i18n/ko/os/windows/group-policies.md b/i18n/ko/os/windows/group-policies.md
index c8ffe1b4..410475d4 100644
--- a/i18n/ko/os/windows/group-policies.md
+++ b/i18n/ko/os/windows/group-policies.md
@@ -14,7 +14,7 @@ You can find these settings by opening `gpedit.msc` and navigating to **Local Co
 
 To change any group policy, double click it and select Enabled or Disabled at the top of the window that appears depending on the recommendations below. Some group policies have additional settings that can be configured, and if that's the case the appropriate settings are noted below as well.
 
-### 시스템
+### System
 
 #### Device Guard
 
diff --git a/i18n/ko/pastebins.md b/i18n/ko/pastebins.md
new file mode 100644
index 00000000..7c2626fe
--- /dev/null
+++ b/i18n/ko/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. 데이터는 브라우저에서 AES-256으로 암호화/복호화됩니다. ZeroBin을 개선한 버전의 서비스이기도 합니다.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## 평가 기준
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. 어떠한 프로젝트를 선택해 사용하기 전에, 이러한 요구 사항들을 숙지하고 여러분 스스로 조사하는 과정을 거쳐 적절한 선택을 하시기 바랍니다.
+
+### 최소 요구 사항
+
+- 오픈 소스여야 합니다.
+- 'Zero Trust' 종단 간 암호화를 구현해야 합니다.
+- 파일을 비밀번호로 보호하는 기능을 지원해야 합니다
+
+### 우대 사항
+
+평가 기준에서 '우대 사항'은 해당 부문에서 완벽한 프로젝트에 기대하는 바를 나타냅니다. 다음의 우대 사항에 해당하지 않더라도 권장 목록에 포함될 수 있습니다. 단, 우대 사항에 해당할수록 이 페이지의 다른 항목보다 높은 순위를 갖습니다.
+
+- 평판이 좋은 독립적인 제3자로부터 공개 감사를 받아야 합니다.
diff --git a/i18n/ko/productivity.md b/i18n/ko/productivity.md
index 1ac96e5d..93390756 100644
--- a/i18n/ko/productivity.md
+++ b/i18n/ko/productivity.md
@@ -154,39 +154,6 @@ Privacy Guides는 Nextcloud용 [E2EE 앱](https://apps.nextcloud.com/apps/end_to
 - 문서, 스프레드시트, 슬라이드쇼 편집을 지원해야 합니다.
 - 파일을 표준 문서 형식으로 내보내야 합니다.
 
-## 텍스트 공유 서비스
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin 로고](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin**은 서버에 어떠한 정보도 공유되지 않는 미니멀한 오픈 소스 온라인 텍스트 공유 서비스입니다. 데이터는 브라우저에서 AES-256으로 암호화/복호화됩니다. ZeroBin을 개선한 버전의 서비스이기도 합니다.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### 평가 기준
-
-**Privacy Guides는 권장 목록의 어떠한 프로젝트와도 제휴를 맺지 않았습니다.** 객관적인 권장 목록을 제공하기 위해, [일반적인 평가 기준](about/criteria.md)에 더해 명확한 요구 사항을 정립하였습니다. 어떠한 프로젝트를 선택해 사용하기 전에, 이러한 요구 사항들을 숙지하고 여러분 스스로 조사하는 과정을 거쳐 적절한 선택을 하시기 바랍니다.
-
-#### 최소 요구 사항
-
-- 오픈 소스여야 합니다.
-- 'Zero Trust' 종단 간 암호화를 구현해야 합니다.
-- 파일을 비밀번호로 보호하는 기능을 지원해야 합니다
-
-#### 우대 사항
-
-평가 기준에서 '우대 사항'은 해당 부문에서 완벽한 프로젝트에 기대하는 바를 나타냅니다. 다음의 우대 사항에 해당하지 않더라도 권장 목록에 포함될 수 있습니다. 단, 우대 사항에 해당할수록 이 페이지의 다른 항목보다 높은 순위를 갖습니다.
-
-- 평판이 좋은 독립적인 제3자로부터 공개 감사를 받아야 합니다.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/ko/tools.md b/i18n/ko/tools.md
index a8b6818b..1e24c055 100644
--- a/i18n/ko/tools.md
+++ b/i18n/ko/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [자세히 알아보기 :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[자세히 알아보기 :material-arrow-right-drop-circle:](pastebins.md)
+
 ### 생산성 툴
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [자세히 알아보기 :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[자세히 알아보기 :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## 운영 체제
 
 ### 모바일
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[자세히 알아보기 :material-arrow-right-drop-circle:](android.md)
+[자세히 알아보기 :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android 앱
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[자세히 알아보기 :material-arrow-right-drop-circle:](android.md#general-apps)
+[자세히 알아보기 :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[자세히 알아보기 :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### 데스크톱/PC
 
diff --git a/i18n/ku-IQ/android.md b/i18n/ku-IQ/android.md
deleted file mode 100644
index 85d51639..00000000
--- a/i18n/ku-IQ/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-**پڕۆژەی ئەندرۆیدی سەرچاوەکراوە** سیستەمی سەرچاوەکراوەی کارپێکردنی مۆبایلە کە لە لایەن گووگڵەوە بەڕێوەدەبرێت, کە زۆربەی ئامێرەکانی مۆبایل لە جیهاندا بەکاردێت. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP Derivatives
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** is the best choice when it comes to privacy and security.
-
-GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Operating Systems
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/ku-IQ/android/distributions.md b/i18n/ku-IQ/android/distributions.md
new file mode 100644
index 00000000..b01bb172
--- /dev/null
+++ b/i18n/ku-IQ/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/ku-IQ/android/general-apps.md b/i18n/ku-IQ/android/general-apps.md
new file mode 100644
index 00000000..d13deac9
--- /dev/null
+++ b/i18n/ku-IQ/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/ku-IQ/android/index.md b/i18n/ku-IQ/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/ku-IQ/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/ku-IQ/android/obtaining-apps.md b/i18n/ku-IQ/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/ku-IQ/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/ku-IQ/device-integrity.md b/i18n/ku-IQ/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/ku-IQ/device-integrity.md
+++ b/i18n/ku-IQ/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/ku-IQ/mobile-phones.md b/i18n/ku-IQ/mobile-phones.md
new file mode 100644
index 00000000..c4e2ccc1
--- /dev/null
+++ b/i18n/ku-IQ/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/ku-IQ/os/android-overview.md b/i18n/ku-IQ/os/android-overview.md
index 07ff0492..8f6d59de 100644
--- a/i18n/ku-IQ/os/android-overview.md
+++ b/i18n/ku-IQ/os/android-overview.md
@@ -18,7 +18,7 @@ This problem could be solved by using a custom Android distribution that does no
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Our Android System Recommendations :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Avoid Rooting
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/ku-IQ/os/index.md b/i18n/ku-IQ/os/index.md
index 25f7d659..cb628588 100644
--- a/i18n/ku-IQ/os/index.md
+++ b/i18n/ku-IQ/os/index.md
@@ -4,7 +4,7 @@ title: Operating Systems
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/ku-IQ/os/ios-overview.md b/i18n/ku-IQ/os/ios-overview.md
index 4c8122ea..293a0554 100644
--- a/i18n/ku-IQ/os/ios-overview.md
+++ b/i18n/ku-IQ/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/ku-IQ/pastebins.md b/i18n/ku-IQ/pastebins.md
new file mode 100644
index 00000000..66d41268
--- /dev/null
+++ b/i18n/ku-IQ/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Must be open source.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/ku-IQ/productivity.md b/i18n/ku-IQ/productivity.md
index 4c275a95..c1f0e4c4 100644
--- a/i18n/ku-IQ/productivity.md
+++ b/i18n/ku-IQ/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
-- Must be open source.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/ku-IQ/tools.md b/i18n/ku-IQ/tools.md
index fbad1ded..4818cfa8 100644
--- a/i18n/ku-IQ/tools.md
+++ b/i18n/ku-IQ/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Productivity Tools
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Operating Systems
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md)
+[Learn more :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android Apps
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md#general-apps)
+[Learn more :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/nl/android.md b/i18n/nl/android.md
deleted file mode 100644
index 338a5832..00000000
--- a/i18n/nl/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-Het **Android Open Source Project** is een open-source mobiel besturingssysteem onder leiding van Google dat de meerderheid van de mobiele apparaten van de wereld aandrijft. De meeste telefoons die met Android worden verkocht zijn aangepast om invasieve integraties en apps zoals Google Play Services op te nemen, dus je kunt jouw privacy op jouw mobiele apparaat aanzienlijk verbeteren door de standaardinstallatie van jouw telefoon te vervangen door een versie van Android zonder deze invasieve functies.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-Dit zijn de Android-besturingssystemen, apparaten en apps die wij aanbevelen om de beveiliging en privacy van jouw mobiele apparaat te maximaliseren. aanbeveling
-
-[Algemeen Android-overzicht en -aanbevelingen :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP-derivaten
-
-Wij raden je aan een van deze aangepaste Android-besturingssystemen op jouw toestel te installeren, in volgorde van voorkeur, afhankelijk van de compatibiliteit van jouw toestel met deze besturingssystemen.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. Deze apparaten kunnen niet als volledig veilig worden beschouwd, ongeacht de geïnstalleerde software.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** is de beste keuze als het gaat om privacy en veiligheid.
-
-GrapheneOS biedt extra [beveiligingsversteviging](https://en.wikipedia.org/wiki/Hardening_(computing)) en privacyverbeteringen. Het heeft een [geharde geheugentoewijzer](https://github.com/GrapheneOS/hardened_malloc), netwerk- en sensormachtigingen, en diverse andere [beveiligingskenmerken](https://grapheneos.org/features). GrapheneOS wordt ook geleverd met volledige firmware-updates en ondertekende builds, dus geverifieerd opstarten wordt volledig ondersteund.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS ondersteunt [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), die draait [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) volledig sandboxed als elke andere gewone app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Waarom we GrapheneOS aanbevelen boven CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. Het heeft ondertekende builds, waardoor het mogelijk is om [geverifieerde boot](https://source.android.com/security/verifiedboot) te hebben op sommige niet-Pixel apparaten.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS heeft geautomatiseerde kernel kwetsbaarheden ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), minder propriëtaire blobs, en een aangepaste [hosts](https://divested.dev/index.php?page=dnsbl) bestand. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS bevat ook kernelpatches van GrapheneOS en schakelt alle beschikbare kernelbeveiligingsfuncties in via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implementeert enkele systeemhardingspatches die oorspronkelijk voor GrapheneOS zijn ontwikkeld. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS gebruikt F-Droid als standaard app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. Voor andere apps gelden nog steeds onze aanbevolen methoden om ze te verkrijgen.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) en kwaliteitscontrole varieert tussen de apparaten die het ondersteunt. We raden nog steeds GrapheneOS aan, afhankelijk van de compatibiliteit van uw toestel. Voor andere apparaten is DivestOS een goed alternatief.
-
-Niet alle ondersteunde apparaten hebben geverifieerde boot, en sommige doen het beter dan andere.
-
-</div>
-
-## Android-apparaten
-
-Wanneer je een apparaat koopt, raden wij je aan er een zo nieuw als mogelijk te kopen. De software en firmware van mobiele apparaten worden slechts een beperkte tijd ondersteund, dus door nieuw te kopen wordt die levensduur zoveel mogelijk verlengd.
-
-Vermijd het kopen van telefoons van jouw mobiele provider. Deze hebben vaak een **vergrendelde bootloader** en bieden geen ondersteuning voor [OEM-ontgrendeling](https://source.android.com/devices/bootloader/locking_unlocking). Deze telefoonvarianten voorkomen dat je enige vorm van alternatieve Android-distributie installeert.
-
-Wees zeer **voorzichtig** met het kopen van tweedehands telefoons van online marktplaatsen. Controleer altijd de reputatie van de verkoper. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). Er is ook een risico dat je in verband wordt gebracht met de activiteiten van de vorige eigenaar.
-
-Nog een paar tips met betrekking tot Android toestellen en compatibiliteit van het besturingssysteem:
-
-- Koop geen apparaten die het einde van hun levensduur hebben bereikt of bijna hebben bereikt, de fabrikant moet voor extra firmware-updates zorgen.
-- Koop geen voorgeladen LineageOS of /e/ OS telefoons of Android telefoons zonder de juiste [Verified Boot](https://source.android.com/security/verifiedboot) ondersteuning en firmware updates. Deze apparaten hebben ook geen manier om te controleren of er mee geknoeid is.
-- Kortom, als een toestel of Android-distributie hier niet vermeld staat, is daar waarschijnlijk een goede reden voor. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel-telefoons zijn de **enige** toestellen die we aanraden om te kopen. Pixel-telefoons hebben een sterkere hardwarebeveiliging dan alle andere Android-toestellen die momenteel op de markt zijn, dankzij de juiste AVB-ondersteuning voor besturingssystemen van derden en Google's aangepaste [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) -beveiligingschips die functioneren als het Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel**-apparaten staan bekend om hun goede beveiliging en goede ondersteuning van [Verified Boot](https://source.android.com/security/verifiedboot), zelfs bij het installeren van aangepaste besturingssystemen.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements zoals de Titan M2 zijn beperkter dan de Trusted Execution Environment van de processor die door de meeste andere telefoons gebruikt wordt, omdat ze alleen gebruikt worden voor geheimen opslag, hardware attestatie, en snelheidsbeperking van het invoeren van wachtwoorden, niet voor het draaien van "vertrouwde" programma's. Telefoons zonder een Secure Element moeten de TEE gebruiken voor *alle* van deze functies. Dat leidt tot een groter aanvalsoppervlak.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-De installatie van GrapheneOS op een Pixel telefoon is eenvoudig met hun [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-Nog een paar tips voor de aanschaf van een Google Pixel:
-
-- Als je op zoek bent naar een koopje voor een Pixel-toestel, raden wij je aan een "**a**"-model te kopen, net nadat het volgende vlaggenschip is uitgebracht. Kortingen zijn meestal beschikbaar omdat Google zal proberen om hun voorraad op te ruimen.
-- Overweeg de mogelijkheden om de prijzen te verlagen en de speciale aanbiedingen van de fysieke winkels.
-- Kijk naar online naar de koopjes sites in jouw land. Deze kunnen je waarschuwen voor goede uitverkopen.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## Algemene toepassingen
-
-Wij bevelen op deze site een groot aantal Android-apps aan. De hier vermelde apps zijn exclusief voor Android en verbeteren of vervangen specifiek belangrijke systeemfuncties.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is een app waarmee je gebruik kunt maken van de functie Werkprofiel van Android om apps op uw apparaat te isoleren of te dupliceren.
-
-Shelter ondersteunt het blokkeren van het zoeken naar contacten tussen profielen en het delen van bestanden tussen profielen via de standaard bestandsbeheerder ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-Wanneer je Shelter gebruikt, stelt je jouw volledige vertrouwen in de ontwikkelaar, aangezien Shelter optreedt als [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) voor het werkprofiel en uitgebreide toegang heeft tot de gegevens die erin zijn opgeslagen.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is een camera-app gericht op privacy en veiligheid die afbeeldingen, video's en QR-codes kan vastleggen. De uitbreidingen van CameraX (Portret, HDR, Nachtzicht, Gezichtsretouche en Auto) worden ook ondersteund op beschikbare toestellen.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-De belangrijkste privacyfuncties zijn:
-
-- Automatisch verwijderen van [Exif](https://en.wikipedia.org/wiki/Exif) metadata (standaard ingeschakeld)
-- Gebruik van de nieuwe [Media](https://developer.android.com/training/data-storage/shared/media) API, daarom zijn [opslagmachtigingen](https://developer.android.com/training/data-storage) niet vereist
-- Microfoontoestemming niet vereist, tenzij je geluid wilt opnemen
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata worden momenteel niet verwijderd uit videobestanden, maar dat is wel de bedoeling.
-
-De metadata over de beeldoriëntatie worden niet gewist. Als je gps locatie inschakelt (in Secure camera), wordt deze **niet** verwijderd. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is een PDF-viewer gebaseerd op [pdf.js](https://en.wikipedia.org/wiki/PDF.js) die geen rechten vereist. De PDF wordt ingevoerd in een [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_ontwikkeling)) [webview](https://developer.android.com/guide/webapps/webview). Dit betekent dat er niet direct toestemming nodig is om toegang te krijgen tot inhoud of bestanden.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) wordt gebruikt om af te dwingen dat de JavaScript en styling eigenschappen binnen het WebView volledig statische inhoud zijn.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Het verkrijgen van Applicaties
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-De app store van GrapheneOS is beschikbaar op [GitHub](https://github. com/GrapheneOS/Apps/releases). Het ondersteunt Android 12 en hoger en is in staat om zichzelf te updaten. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). Als je op zoek bent naar deze applicaties, raden wij je ten zeerste aan ze te halen uit de app-winkel van GrapheneOS in plaats van de Play Store, omdat de apps in hun winkel zijn ondertekend door de eigen handtekening van het GrapheneOS-project waar Google geen toegang toe heeft.
-
-### Aurora Store
-
-De Google Play Store vereist een Google-account om in te loggen, wat de privacy niet ten goede komt. Je kunt dit omzeilen door een alternatieve client te gebruiken, zoals Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is een Google Play Store-client waarvoor geen Google-account, Google Play Services of microG nodig is om apps te downloaden.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Met de Aurora Store kun je geen betaalde apps downloaden met hun anonieme accountfunctie. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Handmatig met RSS-meldingen
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-Op GitHub, met [Secure Camera](#secure-camera) als voorbeeld, zou je navigeren naar de [release pagina](https://github.com/GrapheneOS/Camera/releases) en `.atom` toevoegen aan de URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### Gitlab
-
-Op GitLab, met [Aurora Store](#aurora-store) als voorbeeld, zou je naar zijn [project repository](https://gitlab.com/AuroraOSS/AuroraStore) navigeren en `/-/tags?format=atom` aan de URL toevoegen:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifiëren van APK vingerafdrukken
-
-Als u APK-bestanden downloadt om handmatig te installeren, kunt je hun handtekening verifiëren met de tool [`apksigner`](https://developer.android.com/studio/command-line/apksigner), die deel uitmaakt van Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download de [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Pak het gedownloade archief uit:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Voer het handtekening verificatie commando uit:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. De resulterende hashes kunnen dan worden vergeleken met een andere bron. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. De optie om repositories van derden toe te voegen en niet beperkt te zijn tot het ecosysteem van Google heeft geleid tot de populariteit. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Vanwege hun proces van het bouwen van apps lopen apps in de officiële F-Droid-repository vaak achter op updates. F-Droid maintainers hergebruiken ook pakket-ID's tijdens het ondertekenen van apps met hun eigen sleutels, wat niet ideaal is omdat het F-Droid team dan het ultieme vertrouwen krijgt. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. De IzzyOnDroid repository haalt builds rechtstreeks van GitHub en is het op één na beste optie naast het direct downloaden vanaf de eigen repositories van de ontwikkelaars. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. Hoewel dat logisch is (omdat het doel van die specifieke repository is om apps te hosten voordat ze worden geaccepteerd in de belangrijkste F-Droid-repository), kan het je achterlaten met geïnstalleerde apps die niet langer updates ontvangen.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Wij zijn niet verbonden aan de projecten die wij aanbevelen.** Naast [onze standaardcriteria](about/criteria.md)hebben wij een duidelijke reeks eisen ontwikkeld om objectieve aanbevelingen te kunnen doen. Wij stellen voor dat je jezelf vertrouwd maakt met deze lijst voordat je een project kiest, en jouw eigen onderzoek uitvoert om er zeker van te zijn dat je de juiste keuze maakt.
-
-### Besturingssystemen
-
-- Moet open-source software zijn.
-- Moet bootloadervergrendeling met aangepaste AVB-sleutel ondersteunen.
-- Moet belangrijke Android-updates ontvangen binnen 0-1 maanden na de release.
-- Moet binnen 0-14 dagen na release Android feature updates (minor versie) ontvangen.
-- Moet regelmatige beveiligingspatches ontvangen binnen 0-5 dagen na vrijgave.
-- Moet **niet** standaard "geroot" zijn uit de doos.
-- Moet **niet** standaard Google Play Services inschakelen.
-- Moet **niet** systeemaanpassing vereisen om Google Play Services te ondersteunen.
-
-### Apparaten
-
-- Moet ten minste één van onze aanbevolen aangepaste besturingssystemen ondersteunen.
-- Moet momenteel nieuw in de winkel worden verkocht.
-- Moet minimaal 5 jaar beveiligingsupdates ontvangen.
-- Moet beschikken over speciale hardware voor secure elements.
-
-### Applicaties
-
-- Toepassingen op deze pagina mogen niet van toepassing zijn op andere softwarecategorieën op de site.
-- Algemene toepassingen moeten de kernfunctionaliteit van het systeem uitbreiden of vervangen.
-- Toepassingen moeten regelmatig worden bijgewerkt en onderhouden.
diff --git a/i18n/nl/android/distributions.md b/i18n/nl/android/distributions.md
new file mode 100644
index 00000000..cc4b23ed
--- /dev/null
+++ b/i18n/nl/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Wij stellen voor dat je jezelf vertrouwd maakt met deze lijst voordat je een project kiest, en jouw eigen onderzoek uitvoert om er zeker van te zijn dat je de juiste keuze maakt.
+
+- Moet open-source software zijn.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/nl/android/general-apps.md b/i18n/nl/android/general-apps.md
new file mode 100644
index 00000000..111138c4
--- /dev/null
+++ b/i18n/nl/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Wij stellen voor dat je jezelf vertrouwd maakt met deze lijst voordat je een project kiest, en jouw eigen onderzoek uitvoert om er zeker van te zijn dat je de juiste keuze maakt.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/nl/android/index.md b/i18n/nl/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/nl/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/nl/android/obtaining-apps.md b/i18n/nl/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/nl/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/nl/device-integrity.md b/i18n/nl/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/nl/device-integrity.md
+++ b/i18n/nl/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/nl/mobile-phones.md b/i18n/nl/mobile-phones.md
new file mode 100644
index 00000000..7dafd486
--- /dev/null
+++ b/i18n/nl/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Wij stellen voor dat je jezelf vertrouwd maakt met deze lijst voordat je een project kiest, en jouw eigen onderzoek uitvoert om er zeker van te zijn dat je de juiste keuze maakt.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/nl/os/android-overview.md b/i18n/nl/os/android-overview.md
index 3071164e..f07cb554 100644
--- a/i18n/nl/os/android-overview.md
+++ b/i18n/nl/os/android-overview.md
@@ -18,7 +18,7 @@ Dit probleem kan worden opgelost door een aangepaste Android-distributie te gebr
 
 Idealiter, wanneer je een aangepaste Android distributie kiest, moet je ervoor zorgen dat het het Android beveiligingsmodel handhaaft. Op zijn minst zou de distributie productie builds moeten hebben, ondersteuning voor AVB, rollback bescherming, tijdige firmware en besturingssysteem updates, en SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). Al onze aanbevolen Android distributies voldoen aan deze criteria.
 
-[Onze Android Systeemaanbevelingen :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Onze Android Systeemaanbevelingen :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Rooting vermijden
 
@@ -125,7 +125,7 @@ Met gebruikersprofielen kun je beperkingen opleggen aan een specifiek profiel, z
 
 [Werkprofielen](https://support.google.com/work/android/answer/6191949) zijn een andere manier om afzonderlijke apps te isoleren en kunnen handiger zijn dan afzonderlijke gebruikersprofielen.
 
-Een **apparaatcontroller** zoals [Shelter](../android.md#shelter) is vereist, tenzij je CalyxOS gebruikt die er een bevat.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 Het werkprofiel is afhankelijk van een apparaatcontroller om te kunnen functioneren. Functies zoals *File Shuttle* en *contact zoeken blokkeren* of enige vorm van isolatiefuncties moeten door de controller worden geïmplementeerd. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/nl/os/index.md b/i18n/nl/os/index.md
index d71596fe..c56f0e1b 100644
--- a/i18n/nl/os/index.md
+++ b/i18n/nl/os/index.md
@@ -4,7 +4,7 @@ title: Besturingssystemen
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/nl/os/ios-overview.md b/i18n/nl/os/ios-overview.md
index b9e2b75b..83d128fd 100644
--- a/i18n/nl/os/ios-overview.md
+++ b/i18n/nl/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is een mobiel besturingssysteem ontwikkeld door Apple voor de i
 
 iOS-apparaten worden regelmatig geprijsd door beveiligingsexperts wegens hun robuuste gegevensbeveiliging en voor het volgen van moderne, beste praktijken. Echter, de restrictiviteit van Apples ecosysteem - met name met hun mobiele apparaten - belemmert privacy nog steeds op een aantal manieren.
 
-We zijn over het algemeen van mening dat iOS voor de meeste mensen een beter dan gemiddelde bescherming biedt op het gebied van privacy en beveiliging, vergeleken met klassiek Android-apparaten van welke fabrikant dan ook. Je kunt echter nog hogere privacynormen bereiken met een [aangepast Android-besturingssysteem](../android.md#aosp-derivatives) zoals GrapheneOS, als je volledig onafhankelijk wilt of moet zijn van de clouddiensten van Apple of Google.
+We zijn over het algemeen van mening dat iOS voor de meeste mensen een beter dan gemiddelde bescherming biedt op het gebied van privacy en beveiliging, vergeleken met klassiek Android-apparaten van welke fabrikant dan ook. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activeringsslot
 
@@ -63,7 +63,7 @@ Your location data is not E2EE when your device is online and you use Find My iP
 
 Bovenaan de **Instellingen-app** zie je je naam en profielfoto als je bent aangemeld bij iCloud. Select that, then select **Find My**. Here you can choose whether to enable or disable Find My location features.
 
-### Instellingen
+### Settings
 
 Many other privacy-related settings can be found in the **Settings** app.
 
diff --git a/i18n/nl/os/windows/group-policies.md b/i18n/nl/os/windows/group-policies.md
index 372d1817..af6a74ad 100644
--- a/i18n/nl/os/windows/group-policies.md
+++ b/i18n/nl/os/windows/group-policies.md
@@ -14,7 +14,7 @@ You can find these settings by opening `gpedit.msc` and navigating to **Local Co
 
 To change any group policy, double click it and select Enabled or Disabled at the top of the window that appears depending on the recommendations below. Some group policies have additional settings that can be configured, and if that's the case the appropriate settings are noted below as well.
 
-### Systeem
+### System
 
 #### Device Guard
 
diff --git a/i18n/nl/pastebins.md b/i18n/nl/pastebins.md
new file mode 100644
index 00000000..741c2462
--- /dev/null
+++ b/i18n/nl/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Gegevens worden in de browser versleuteld/ontsleuteld met 256-bit AES. Het is de verbeterde versie van ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Wij stellen voor dat je jezelf vertrouwd maakt met deze lijst voordat je een project kiest, en jouw eigen onderzoek uitvoert om er zeker van te zijn dat je de juiste keuze maakt.
+
+### Minimale vereisten
+
+- Moet open source zijn.
+- End-to-end versleuteling, "zero-trust", moet worden geïmplementeerd.
+- Moet wachtwoordbeveiligde bestanden ondersteunen.
+
+### Beste geval
+
+Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte project in deze categorie. Het is mogelijk dat onze aanbevelingen geen of niet alle functies bevatten, maar degene die dat wel doen kunnen hoger gerangschikt worden dan andere op deze pagina.
+
+- Moet een gepubliceerde audit hebben van een gerenommeerde, onafhankelijke derde partij.
diff --git a/i18n/nl/productivity.md b/i18n/nl/productivity.md
index 84a20f32..49cd5793 100644
--- a/i18n/nl/productivity.md
+++ b/i18n/nl/productivity.md
@@ -154,39 +154,6 @@ In het algemeen definiëren wij kantoorsuites als toepassingen die voor de meest
 - Moet het bewerken van documenten, spreadsheets en diavoorstellingen ondersteunen.
 - Moet bestanden exporteren naar standaard documentformaten.
 
-## Paste diensten
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is een minimalistische, open-source online pastebin waar de server geen kennis heeft van geplakte data. Gegevens worden in de browser versleuteld/ontsleuteld met 256-bit AES. Het is de verbeterde versie van ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Wij zijn niet verbonden aan de projecten die wij aanbevelen.** Naast [onze standaardcriteria](about/criteria.md)hebben wij een duidelijke reeks eisen ontwikkeld om objectieve aanbevelingen te kunnen doen. Wij stellen voor dat je jezelf vertrouwd maakt met deze lijst voordat je een project kiest, en jouw eigen onderzoek uitvoert om er zeker van te zijn dat je de juiste keuze maakt.
-
-#### Minimale vereisten
-
-- Moet open source zijn.
-- End-to-end versleuteling, "zero-trust", moet worden geïmplementeerd.
-- Moet wachtwoordbeveiligde bestanden ondersteunen.
-
-#### Beste geval
-
-Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte project in deze categorie. Het is mogelijk dat onze aanbevelingen geen of niet alle functies bevatten, maar degene die dat wel doen kunnen hoger gerangschikt worden dan andere op deze pagina.
-
-- Moet een gepubliceerde audit hebben van een gerenommeerde, onafhankelijke derde partij.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/nl/tools.md b/i18n/nl/tools.md
index ca2ac338..75d99b6b 100644
--- a/i18n/nl/tools.md
+++ b/i18n/nl/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Meer informatie :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Meer informatie :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Productiviteitshulpmiddelen
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Meer informatie :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Meer informatie :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Besturingssystemen
 
 ### Mobiel
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Meer informatie :material-arrow-right-drop-circle:](android.md)
+[Meer informatie :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android Apps
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Meer informatie :material-arrow-right-drop-circle:](android.md#general-apps)
+[Meer informatie :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Meer informatie :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/pl/android.md b/i18n/pl/android.md
deleted file mode 100644
index 8d66ec84..00000000
--- a/i18n/pl/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-**Android Open Source Project** to system operacyjny o otwartym kodzie źródłowym przeznaczony na urządzenia mobilne, który jest rozwijany przez Google i działa na większości urządzeń mobilnych na Ziemi. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. rekomendacja
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## Pochodne AOSP
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. Te urządzenia nie mogą być uznawane za w pełni bezpieczne niezależnie od zainstalowanego oprogramowania.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** jest najlepszym wyborem w kwestii prywatności i bezpieczeństwa.
-
-GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Urządzenia z Androidem
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Źródła aplikacji
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### GrapheneOS App Store
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### Aurora Store
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Operating Systems
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/pl/android/distributions.md b/i18n/pl/android/distributions.md
new file mode 100644
index 00000000..b01bb172
--- /dev/null
+++ b/i18n/pl/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/pl/android/general-apps.md b/i18n/pl/android/general-apps.md
new file mode 100644
index 00000000..d13deac9
--- /dev/null
+++ b/i18n/pl/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/pl/android/index.md b/i18n/pl/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/pl/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/pl/android/obtaining-apps.md b/i18n/pl/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/pl/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/pl/device-integrity.md b/i18n/pl/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/pl/device-integrity.md
+++ b/i18n/pl/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/pl/mobile-phones.md b/i18n/pl/mobile-phones.md
new file mode 100644
index 00000000..c4e2ccc1
--- /dev/null
+++ b/i18n/pl/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/pl/os/android-overview.md b/i18n/pl/os/android-overview.md
index 85320751..0dc11461 100644
--- a/i18n/pl/os/android-overview.md
+++ b/i18n/pl/os/android-overview.md
@@ -18,7 +18,7 @@ Ten problem można rozwiązać instalując niestandardową dystrybucję Androida
 
 Wybierając niestandardową dystrybucję Androida, należy upewnić się, że jest ona zgodna z modelem bezpieczeństwa tego systemu. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Polecane przez nas dystrybucje Androida :hero-arrow-circle-right-fill:](../android.md ""){.md-button}
+[Polecane przez nas dystrybucje Androida :hero-arrow-circle-right-fill:](../android/distributions.md ""){.md-button}
 
 ### Unikaj rootowania
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/pl/os/index.md b/i18n/pl/os/index.md
index 25f7d659..cb628588 100644
--- a/i18n/pl/os/index.md
+++ b/i18n/pl/os/index.md
@@ -4,7 +4,7 @@ title: Operating Systems
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/pl/os/ios-overview.md b/i18n/pl/os/ios-overview.md
index 5dc580f9..3e69a5f4 100644
--- a/i18n/pl/os/ios-overview.md
+++ b/i18n/pl/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/pl/pastebins.md b/i18n/pl/pastebins.md
new file mode 100644
index 00000000..8694d0a1
--- /dev/null
+++ b/i18n/pl/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Musi być open source.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/pl/productivity.md b/i18n/pl/productivity.md
index 5844cecd..29e2ee64 100644
--- a/i18n/pl/productivity.md
+++ b/i18n/pl/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
-- Musi być open source.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/pl/tools.md b/i18n/pl/tools.md
index e867e4fc..63329696 100644
--- a/i18n/pl/tools.md
+++ b/i18n/pl/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Dowiedz się więcej :hero-arrow-circle-right-fill:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Dowiedz się więcej :hero-arrow-circle-right-fill:](pastebins.md)
+
 ### Productivity Tools
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Dowiedz się więcej :hero-arrow-circle-right-fill:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Dowiedz się więcej :hero-arrow-circle-right-fill:](mobile-phones.md)
+
 ## Operating Systems
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Dowiedz się więcej :hero-arrow-circle-right-fill:](android.md)
+[Dowiedz się więcej :hero-arrow-circle-right-fill:](android/distributions.md)
 
 #### Android Apps
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Dowiedz się więcej :hero-arrow-circle-right-fill:](android.md#general-apps)
+[Dowiedz się więcej :hero-arrow-circle-right-fill:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Dowiedz się więcej :hero-arrow-circle-right-fill:](android/obtaining-apps.md)
 
 ### Magazyny chmurowe
 
diff --git a/i18n/pt-BR/android.md b/i18n/pt-BR/android.md
deleted file mode 100644
index 555c99e1..00000000
--- a/i18n/pt-BR/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-O **Android Open Source Project** é um sistema operacional de código aberto liderado pelo Google que é usado na maioria dos dispositivos móveis do mundo. A maioria dos celulares vendidos com Android são modificados para incluir integrações invasivas e aplicativos como o Google Play Services. Você pode melhorar a privacidade de seu dispositivo significativamente ao usar uma versão do Android sem esses recursos invasivos.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-Estes são os sistemas operacionais, dispositivos e aplicações Android que recomendamos para maximizar a segurança e privacidade do seu dispositivo móvel. Para saber mais sobre o Android:
-
-[Visão Geral do Android :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## Derivados do AOSP
-
-Recomendamos instalar um desses sistemas operacionais Android personalizados em seu dispositivo, listados em ordem de preferência, dependendo da compatibilidade do seu dispositivo com esses sistemas operacionais.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. Estes dispositivos não podem ser considerados completamente seguros, independentemente do software instalado.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS*** é a melhor escolha quando se trata de privacidade e segurança.
-
-O GrapheneOS conta com um [hardening](https://pt.wikipedia.org/wiki/Hardening) adicional e melhorias de privacidade. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Por que recomendamos o GrapheneOS em vez do CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-O DivestOS implementa alguns patches de fortalecimento desenvolvidos originalmente para o GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-Ao adquirir um dispositivo, recomendamos que o adquira o mais novo possível. O software e o firmware dos dispositivos móveis são suportados apenas por um tempo limitado, de modo que a compra de aparelhos recém-lançados prolonga ao máximo a sua vida útil.
-
-Evite comprar telefones de operadoras de redes móveis. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Tenha muito **cuidado** ao comprar celulares usados nas lojas online. Sempre verifique a reputação do vendedor. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). Também existe o risco de você ser associado com a atividade do proprietário anterior.
-
-Mais algumas dicas sobre os aparelhos Android e a compatibilidade do sistema operacional:
-
-- Não compre dispositivos que tenham atingido ou estejam próximos do fim de sua vida útil; atualizações adicionais de firmware devem ser fornecidas pelo fabricante.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- Em resumo, se um dispositivo ou distribuição Android não estiver listado aqui, provavelmente há um bom motivo. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-A Google Play Store exige uma conta do Google para fazer login, o que não é muito bom para a privacidade. Você pode contornar esse problema usando um cliente alternativo, como o Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store não permite que você baixe aplicativos pagos com o recurso de conta anônima. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manualmente com Notificações RSS
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verificando as Impressões Digitais do APK
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extrair o arquivo baixado:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Execute o comando de verificação de assinatura:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Devido ao seu processo de criação de aplicativos, os aplicativos no repositório oficial do F-Droid geralmente ficam para trás nas atualizações. Os mantenedores do F-Droid também reutilizam IDs de pacotes ao assinar aplicativos com suas próprias chaves, o que não é ideal, pois dá à equipe do F-Droid a confiança máxima. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. O repositório IzzyOnDroid extrai as compilações diretamente do GitHub e é a melhor opção em relação aos repositórios dos próprios desenvolvedores. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Sistemas Operacionais
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Dispositivos
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/pt-BR/android/distributions.md b/i18n/pt-BR/android/distributions.md
new file mode 100644
index 00000000..b01bb172
--- /dev/null
+++ b/i18n/pt-BR/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/pt-BR/android/general-apps.md b/i18n/pt-BR/android/general-apps.md
new file mode 100644
index 00000000..d13deac9
--- /dev/null
+++ b/i18n/pt-BR/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/pt-BR/android/index.md b/i18n/pt-BR/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/pt-BR/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/pt-BR/android/obtaining-apps.md b/i18n/pt-BR/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/pt-BR/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/pt-BR/basics/why-privacy-matters.md b/i18n/pt-BR/basics/why-privacy-matters.md
index 20d7cfd5..a73690ff 100644
--- a/i18n/pt-BR/basics/why-privacy-matters.md
+++ b/i18n/pt-BR/basics/why-privacy-matters.md
@@ -43,7 +43,7 @@ Todos esses conceitos se sobrepõem, mas é possível ter qualquer combinação
 
 Um contra-argumento comum aos movimentos pró-privacidade é a ideia de que uma pessoa não precisa de privacidade se não tiver **"nada a esconder"**. Essa é uma concepção falsa e perigosa, pois cria a sensação de que as pessoas que pedem privacidade devem ser desonestas, criminosas ou mal-intencionadas.
 
-==Você nunca pode confundir privacidade com segredo.== Nós sabemos o que acontece no banheiro, mas mesmo assim você fecha a porta. Isso é porque você quer privacidade, não segredo. Sempre há certos fatos sobre nós — digamos, informações pessoais de saúde ou comportamento sexual — que não gostaríamos que o mundo inteiro soubesse, e tudo bem. A necessidade de privacidade é natural, e é isso que nos torna humanos. Privacidade é sobre fortalecer seus direitos sobre suas próprias informações, não sobre esconder segredos.
+==Você nunca pode confundir privacidade com segredo.== Nós sabemos o que acontece no banheiro, mas mesmo assim você fecha a porta. That's because you want privacy, not secrecy. Sempre há certos fatos sobre nós — digamos, informações pessoais de saúde ou comportamento sexual — que não gostaríamos que o mundo inteiro soubesse, e tudo bem. A necessidade de privacidade é natural, e é isso que nos torna humanos. Privacidade é sobre fortalecer seus direitos sobre suas próprias informações, não sobre esconder segredos.
 
 ## Privacidade Fala Sobre Controle?
 
diff --git a/i18n/pt-BR/device-integrity.md b/i18n/pt-BR/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/pt-BR/device-integrity.md
+++ b/i18n/pt-BR/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/pt-BR/mobile-phones.md b/i18n/pt-BR/mobile-phones.md
new file mode 100644
index 00000000..c4e2ccc1
--- /dev/null
+++ b/i18n/pt-BR/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/pt-BR/os/android-overview.md b/i18n/pt-BR/os/android-overview.md
index ba8e1415..731a4bfc 100644
--- a/i18n/pt-BR/os/android-overview.md
+++ b/i18n/pt-BR/os/android-overview.md
@@ -18,7 +18,7 @@ This problem could be solved by using a custom Android distribution that does no
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Our Android System Recommendations :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Evite Roteamento
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 Os [Perfis de Trabalho](https://support.google.com/work/android/answer/6191949) são outra forma de isolar aplicações individuais e podem ser mais convenientes do que perfis de usuário separados.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/pt-BR/os/index.md b/i18n/pt-BR/os/index.md
index d3b05245..c5cc3843 100644
--- a/i18n/pt-BR/os/index.md
+++ b/i18n/pt-BR/os/index.md
@@ -4,7 +4,7 @@ title: Sistemas Operacionais
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/pt-BR/os/ios-overview.md b/i18n/pt-BR/os/ios-overview.md
index 2716ccbb..4360f2a9 100644
--- a/i18n/pt-BR/os/ios-overview.md
+++ b/i18n/pt-BR/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
@@ -63,7 +63,7 @@ Your location data is not E2EE when your device is online and you use Find My iP
 
 At the top of the **Settings** app, you'll see your name and profile picture if you are signed in to an Apple ID. Select that, then select **Find My**. Here you can choose whether to enable or disable Find My location features.
 
-### Configurações
+### Settings
 
 Many other privacy-related settings can be found in the **Settings** app.
 
diff --git a/i18n/pt-BR/os/windows/group-policies.md b/i18n/pt-BR/os/windows/group-policies.md
index 8456c2b9..beb78d7f 100644
--- a/i18n/pt-BR/os/windows/group-policies.md
+++ b/i18n/pt-BR/os/windows/group-policies.md
@@ -14,7 +14,7 @@ You can find these settings by opening `gpedit.msc` and navigating to **Local Co
 
 To change any group policy, double click it and select Enabled or Disabled at the top of the window that appears depending on the recommendations below. Some group policies have additional settings that can be configured, and if that's the case the appropriate settings are noted below as well.
 
-### Sistema
+### System
 
 #### Device Guard
 
diff --git a/i18n/pt-BR/pastebins.md b/i18n/pt-BR/pastebins.md
new file mode 100644
index 00000000..3df97cea
--- /dev/null
+++ b/i18n/pt-BR/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Deve ser de código aberto.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Melhor Caso
+
+Nosso critério de melhor caso representa o que gostaríamos de ver em um projeto perfeito nessa categoria. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/pt-BR/productivity.md b/i18n/pt-BR/productivity.md
index f55eb6f3..8bcd5a9b 100644
--- a/i18n/pt-BR/productivity.md
+++ b/i18n/pt-BR/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
-- Deve ser de código aberto.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Melhor Caso
-
-Nosso critério de melhor caso representa o que gostaríamos de ver em um projeto perfeito nessa categoria. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/pt-BR/tools.md b/i18n/pt-BR/tools.md
index 808e65c4..a8e2e84b 100644
--- a/i18n/pt-BR/tools.md
+++ b/i18n/pt-BR/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Saiba mais :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Saiba mais :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Ferramentas de Produtividade
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Saiba mais :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Saiba mais :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Sistemas Operacionais
 
 ### Celular
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Saiba mais :material-arrow-right-drop-circle:](android.md)
+[Saiba mais :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Aplicativos Android
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Saiba mais :material-arrow-right-drop-circle:](android.md#general-apps)
+[Saiba mais :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Saiba mais :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Computador/PC
 
diff --git a/i18n/pt/android.md b/i18n/pt/android.md
deleted file mode 100644
index 3878fbf5..00000000
--- a/i18n/pt/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Logótipo do Android](assets/img/android/android.svg){ align=right }
-
-O **Projeto de Código Aberto do Android** é um sistema operativo móvel de código aberto liderado pela Google que alimenta a maioria dos dispositivos móveis do mundo. A maioria dos telemóveis vendidos com Android são modificados para incluir integrações e aplicações invasivas, como o Google Play Services, pelo que pode melhorar significativamente a sua privacidade no seu dispositivo móvel substituindo a instalação predefinida do seu telemóvel por uma versão do Android sem estas funcionalidades invasivas.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-Estes são os sistemas operativos, dispositivos e aplicações Android que recomendamos para maximizar a segurança e a privacidade do seu dispositivo móvel. Para saber mais sobre o Android:
-
-[Visão Geral do Android :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## Derivados AOSP
-
-Recomendamos instalar um destes sistemas operativos Android personalizados no seu dispositivo, listados por ordem de preferência, dependendo da compatibilidade do seu dispositivo com estes sistemas operativos.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. Estes dispositivos não podem ser considerados completamente seguros, independentemente do software instalado.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![Logótipo GrapheneOS](assets/img/android/grapheneos.svg#only-light){ align=right }
-![Logótipo GrapheneOS](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-O **GrapheneOS** é a melhor escolha quando se trata de privacidade e segurança.
-
-O GrapheneOS proporciona melhorias adicionais [reforço da segurança](https://en.wikipedia.org/wiki/Hardening_(computing)) e da privacidade. Tem um [alocador de memória reforçado](https://github.com/GrapheneOS/hardened_malloc), permissões de rede e de sensor e várias outras [características de segurança](https://grapheneos.org/features). O GrapheneOS também vem com atualizações de firmware completas e compilações assinadas, pelo que o arranque verificado é totalmente suportado.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS suporta o [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), que executa [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) totalmente sandboxed como qualquer outro aplicativo regular. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Por que recomendamos GrapheneOS em vez de CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. Tem compilações assinadas, possibilitando ter [arranque verificado](https://source.android.com/security/verifiedboot) em alguns dispositivos não Pixel.
-
-[:octicons-home-16: Página Inicial](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Serviço Onion" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Política de Privacidade" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentação}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Código fonte" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribuir }
-
-</div>
-
-O DivestOS tem vulnerabilidades automatizadas do kernel ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), menos blobs proprietários, e um ficheiro [hosts](https://divested.dev/index.php?page=dnsbl) personalizado. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. O DivestOS também inclui patches de kernel do GrapheneOS e habilita todos os recursos de segurança do kernel disponíveis via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-O DivestOS implementa alguns patches de proteção de sistema originalmente desenvolvidos para o GrapheneOS. O DivestOS 16.0 e superior implementa as permissões [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) e SENSORS do GrapheneOS, [alocador de memória endurecido](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constificação](https://en.wikipedia.org/wiki/Const_(computer_programming)), e patchsets parciais de endurecimento [bionic](https://en.wikipedia.org/wiki/Bionic_(software)). 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-O DivestOS utiliza o F-Droid como loja de aplicações por padrão. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. Para outras aplicações, os nossos métodos recomendados para as obter continuam a aplicar-se.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Atualizações do firmware do DivestOS [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) e o controlo de qualidade variam consoante os dispositivos que suporta. Continuamos a recomendar o GrapheneOS, dependendo da compatibilidade do seu dispositivo. Para outros dispositivos, o DivestOS é uma boa alternativa.
-
-Nem todos os dispositivos suportados têm arranque verificado, e alguns têm-no melhor do que outros.
-
-</div>
-
-## Dispositivos Android
-
-Ao comprar um dispositivo, recomendamos que o adquira o mais novo possível. O software e o firmware dos dispositivos móveis só são suportados durante um período limitado, pelo que comprar um novo prolonga o mais possível essa vida útil.
-
-Evite comprar telemóveis a operadores de redes móveis. Estes têm frequentemente um **bootloader bloqueado** e não suportam [desbloqueio OEM](https://source.android.com/devices/bootloader/locking_unlocking). Estas variantes de telemóvel impedem-no de instalar qualquer tipo de distribuição alternativa do Android.
-
-Tenha muito **cuidado** ao comprar telemóveis em segunda mão em mercados online. Verifique sempre a reputação do vendedor. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). Existe também o risco de estar associado à atividade do proprietário anterior.
-
-Mais algumas dicas sobre dispositivos Android e compatibilidade com o sistema operativo:
-
-- Não compre dispositivos que tenham atingido ou estejam perto do fim da sua vida útil; as atualizações de firmware adicionais devem ser fornecidas pelo fabricante.
-- Não compre telemóveis LineageOS ou /e/ OS pré-carregados ou quaisquer telemóveis Android sem o devido suporte [Verified Boot](https://source.android.com/security/verifiedboot) e atualizações de firmware. Estes dispositivos também não permitem verificar se foram adulterados.
-- Em suma, se um dispositivo ou uma distribuição Android não constar da lista, existe provavelmente um bom motivo. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Os telemóveis Google Pixel são os **únicos dispositivos** que recomendamos para compra. Os telemóveis Pixel têm uma segurança de hardware mais forte do que qualquer outro dispositivo Android atualmente no mercado, devido ao suporte AVB adequado para sistemas operativos de terceiros e aos chips de segurança personalizados [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) da Google, que atuam como elemento seguro.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-Os dispositivos **Google Pixel** são conhecidos por terem uma boa segurança e suportarem corretamente o [Verified Boot] (https://source.android.com/security/verifiedboot), mesmo quando instalam sistemas operativos personalizados.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Loja](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Os Secure Elements, como o Titan M2, são mais limitados do que o Trusted Execution Environment do processador utilizado pela maioria dos outros telemóveis, uma vez que são utilizados apenas para armazenamento de segredos, atestação de hardware e limitação de taxas, e não para executar programas "de confiança". Os telemóveis sem um elemento seguro têm de utilizar o TEE para *todas* essas funções, o que resulta numa maior superfície de ataque.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-A instalação do GrapheneOS num telemóvel Pixel é fácil com o seu [instalador por web](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-Mais algumas dicas para comprar um Google Pixel:
-
-- Se procura uma pechincha num dispositivo Pixel, sugerimos que compre um modelo "**a**", logo após o lançamento do próximo topo de gama. Normalmente, os descontos estão disponíveis porque a Google está a tentar liquidar o seu stock.
-- Considere as opções de redução de preços e as promoções oferecidas nas lojas físicas.
-- Consulte os sítios de pechinchas da comunidade em linha no seu país. Estes podem alertá-lo para boas vendas.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## Aplicações Gerais
-
-Nós recomendamos uma grande variedade de aplicações Android neste sítio web. As aplicações aqui listadas são exclusivas do Android e melhoram ou substituem especificamente as principais funcionalidades do sistema.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Logótipo do Shelter](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** é uma aplicação que o ajuda a tirar partido da funcionalidade Perfil de trabalho do Android para isolar ou duplicar aplicações no seu dispositivo.
-
-O Shelter suporta o bloqueio da pesquisa de contactos entre perfis e a partilha de ficheiros entre perfis através do gestor de ficheiros predefinido ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-Ao utilizar o Shelter, deposita a total confiança no seu programador, uma vez que o Shelter atua como [Device Admin] (https://developer.android.com/guide/topics/admin/device-admin) para criar o Perfil de Trabalho com um acesso alargado aos dados armazenados no Perfil de Trabalho.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Logótipo da Câmara Segura](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Logótipo da Câmara Segura](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** é uma aplicação de câmara centrada na privacidade e segurança que pode captar imagens, vídeos e códigos QR. As extensões do fornecedor CameraX (Retrato, HDR, Visão noturna, retoque facial e Automático) também são suportadas nos dispositivos disponíveis.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-As principais características de privacidade incluem:
-
-- Remoção automática dos metadados [Exif](https://en.wikipedia.org/wiki/Exif) (ativada por predefinição)
-- Utilização da nova API [Media](https://developer.android.com/training/data-storage/shared/media), pelo que não são necessárias as [permissões de armazenamento](https://developer.android.com/training/data-storage)
-- Não é necessária autorização para microfone, exceto se pretender gravar som
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Atualmente, os metadados não são eliminados dos ficheiros de vídeo, mas isso está planeado.
-
-Os metadados de orientação da imagem não são eliminados. Se ativar a localização (na Câmara segura), esta **não será** apagada. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Visualizador de PDF Seguro
-
-<div class="admonition recommendation" markdown>
-
-![Logótipo do Visualizador Seguro de PDF](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Logótipo do Secure PDF Viewer](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-O **Secure PDF Viewer** é um visualizador de PDF baseado em [pdf.js](https://en.wikipedia.org/wiki/PDF.js) que não requer quaisquer permissões. O PDF é introduzido num ficheiro [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). Isto significa que não necessita de permissão direta para aceder a conteúdos ou ficheiros.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) é utilizado para garantir que o JavaScript e as propriedades de estilo no WebView são inteiramente conteúdos estáticos.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obter Aplicações
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### Loja de Aplicações GrapheneOS
-
-A loja de aplicações GrapheneOS está disponível no [GitHub](https://github.com/GrapheneOS/Apps/releases). Suporta o Android 12 e superior, e é capaz de se atualizar. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). Se estiver à procura destas aplicações, recomendamos vivamente que as obtenha na loja de aplicações GrapheneOS em vez de na Play Store, uma vez que as aplicações na sua loja são assinadas pela própria assinatura do projeto GrapheneOS, à qual a Google não tem acesso.
-
-### Loja Aurora
-
-A Google Play Store requer uma conta do Google para entrar, o que não é ótimo para privacidade. Pode contornar isto utilizando um cliente alternativo, como a Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Logótipo da Aurora Store](assets/img/android/aurora-store.webp){ align=right }
-
-A **Aurora Store** é um cliente da Google Play Store que não requer uma Conta Google, Google Play Services ou microG para transferir aplicações.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-A Aurora Store não permite descarregar aplicações pagas com a sua funcionalidade de conta anónima. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manualmente com notificações RSS
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![APK do RSS](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![Alterações de APK](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-No GitHub, utilizando [Secure Camera](#secure-camera) como exemplo, deve navegar para a sua [página de lançamentos](https://github.com/GrapheneOS/Camera/releases) e anexar `atom` ao URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-No GitLab, utilizando [Aurora Store](#aurora-store) como exemplo, navegará para o seu [repositório de projeto](https://gitlab.com/AuroraOSS/AuroraStore) e acrescentará `/-/tags?format=atom` ao URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verificar impressões digitais APK
-
-Se descarregar ficheiros APK para instalar manualmente, pode verificar a sua assinatura com a ferramenta [`apksigner`](https://developer.android.com/studio/command-line/apksigner), que faz parte do Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Descarregue as ferramentas de linha de comandos do [Android Studio](https://developer.android.com/studio#command-tools).
-
-3. Extraia o arquivo descarregado:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Execute o comando de verificação da assinatura:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. Os hashes resultantes podem então ser comparados com outra fonte. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![Logótipo do F-Droid](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. A opção de adicionar repositórios de terceiros e não ficar confinado ao jardim murado do Google levou à sua popularidade. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Devido ao seu processo de criação de aplicações, as aplicações no repositório oficial do F-Droid atrasam-se frequentemente nas atualizações. Os manejadores do F-Droid também reutilizam IDs de pacotes enquanto assinam aplicativos com as suas próprias chaves, o que não é ideal, por dar à equipe do F-Droid a confiança final. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. O repositório IzzyOnDroid puxa as compilações diretamente do GitHub e é a melhor coisa a seguir aos repositórios dos próprios programadores. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. Embora isso faça sentido (uma vez que o objetivo desse repositório em particular é alojar aplicações antes de serem aceites no repositório principal do F-Droid), pode deixá-lo com aplicações instaladas que já não recebem atualizações.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Critérios
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Sistemas Operativos
-
-- O software deve ser de código aberto.
-- Deve suportar o bloqueio do carregador de arranque com suporte de chave AVB personalizada.
-- Deve receber as principais atualizações do Android no prazo de 0 a 1 mês após o lançamento.
-- Deve receber atualizações de funcionalidades Android (versão secundária) no prazo de 0-14 dias após o lançamento.
-- Deve receber regularmente correções de segurança no prazo de 0 a 5 dias após o lançamento.
-- Deve **não** estar "enraizado" fora da caixa.
-- Deve **não** ativar o Google Play Services por predefinição.
-- Deve **não** exigir a modificação do sistema para suportar o Google Play Services.
-
-### Dispositivos
-
-- Deve suportar pelo menos um dos nossos sistemas operativos personalizados recomendados.
-- Deve ser atualmente vendido novo nas lojas.
-- Deve receber um mínimo de 5 anos de atualizações de segurança.
-- Deve ter hardware dedicado a elementos seguros.
-
-### Aplicações
-
-- As aplicações desta página não devem ser aplicáveis a nenhuma outra categoria de software do sítio.
-- As aplicações gerais devem alargar ou substituir a funcionalidade central do sistema.
-- As aplicações devem receber actualizações e manutenção regulares.
diff --git a/i18n/pt/android/distributions.md b/i18n/pt/android/distributions.md
new file mode 100644
index 00000000..c103a2c0
--- /dev/null
+++ b/i18n/pt/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Framadate
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- O software deve ser de código aberto.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/pt/android/general-apps.md b/i18n/pt/android/general-apps.md
new file mode 100644
index 00000000..cdfdc9d4
--- /dev/null
+++ b/i18n/pt/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Framadate
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/pt/android/index.md b/i18n/pt/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/pt/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/pt/android/obtaining-apps.md b/i18n/pt/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/pt/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/pt/basics/why-privacy-matters.md b/i18n/pt/basics/why-privacy-matters.md
index 9d705c52..81132a6d 100644
--- a/i18n/pt/basics/why-privacy-matters.md
+++ b/i18n/pt/basics/why-privacy-matters.md
@@ -43,7 +43,7 @@ Todos estes conceitos sobrepõem-se, mas é possível haver qualquer combinaçã
 
 Um contra-argumento comum para movimentos pró-privacidade é a noção de que não se precisa da privacidade se eles tiverem **"nada a esconder.** Este é um erro perigoso, porque cria uma sensação de que as pessoas que exigem privacidade devem ser desviantes, criminosas ou erradas.
 
-==Não deve confundir privacidade com secretismo.== Sabemos o que acontece na casa de banho, mas ainda fecha a porta. Isso é porque queremos privacidade, não secretismo. Há sempre certos fatos sobre nós — digamos, informações de saúde pessoal ou comportamento sexual — que não queremos que o mundo inteiro saiba, e isso está bem. A necessidade de privacidade é legítima, e é isso que nos faz humanos. Privacidade tem a ver com capacitar os seus direitos sobre as suas próprias informações, não sobre esconder segredos.
+==Não deve confundir privacidade com secretismo.== Sabemos o que acontece na casa de banho, mas ainda fecha a porta. That's because you want privacy, not secrecy. Há sempre certos fatos sobre nós — digamos, informações de saúde pessoal ou comportamento sexual — que não queremos que o mundo inteiro saiba, e isso está bem. A necessidade de privacidade é legítima, e é isso que nos faz humanos. Privacidade tem a ver com capacitar os seus direitos sobre as suas próprias informações, não sobre esconder segredos.
 
 ## É a Privacidade Sobre Controlo?
 
diff --git a/i18n/pt/device-integrity.md b/i18n/pt/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/pt/device-integrity.md
+++ b/i18n/pt/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/pt/mobile-phones.md b/i18n/pt/mobile-phones.md
new file mode 100644
index 00000000..e0b85724
--- /dev/null
+++ b/i18n/pt/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Framadate
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/pt/os/android-overview.md b/i18n/pt/os/android-overview.md
index dde232c8..ce8f7099 100644
--- a/i18n/pt/os/android-overview.md
+++ b/i18n/pt/os/android-overview.md
@@ -18,7 +18,7 @@ This problem could be solved by using a custom Android distribution that does no
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Our Android System Recommendations :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Avoid Rooting
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/pt/os/index.md b/i18n/pt/os/index.md
index eaf75ca8..01b394ea 100644
--- a/i18n/pt/os/index.md
+++ b/i18n/pt/os/index.md
@@ -4,7 +4,7 @@ title: Sistemas Operativos
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/pt/os/ios-overview.md b/i18n/pt/os/ios-overview.md
index d4c103f3..b9a193af 100644
--- a/i18n/pt/os/ios-overview.md
+++ b/i18n/pt/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
@@ -63,7 +63,7 @@ Your location data is not E2EE when your device is online and you use Find My iP
 
 At the top of the **Settings** app, you'll see your name and profile picture if you are signed in to an Apple ID. Select that, then select **Find My**. Here you can choose whether to enable or disable Find My location features.
 
-### Definições
+### Settings
 
 Many other privacy-related settings can be found in the **Settings** app.
 
diff --git a/i18n/pt/os/windows/group-policies.md b/i18n/pt/os/windows/group-policies.md
index 783a432a..ba48f483 100644
--- a/i18n/pt/os/windows/group-policies.md
+++ b/i18n/pt/os/windows/group-policies.md
@@ -14,7 +14,7 @@ You can find these settings by opening `gpedit.msc` and navigating to **Local Co
 
 To change any group policy, double click it and select Enabled or Disabled at the top of the window that appears depending on the recommendations below. Some group policies have additional settings that can be configured, and if that's the case the appropriate settings are noted below as well.
 
-### Sistema
+### System
 
 #### Device Guard
 
diff --git a/i18n/pt/pastebins.md b/i18n/pt/pastebins.md
new file mode 100644
index 00000000..1b4c35cf
--- /dev/null
+++ b/i18n/pt/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Os dados são encriptados/desencriptados no browser utilizando AES de 256 bits. É a versão melhorada do ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Framadate
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Requisitos mínimos
+
+- Deve ser de fonte aberta.
+- Devem implementar uma encriptação de ponta a ponta de "confiança zero".
+- Devem suportar ficheiros protegidos por palavra-passe.
+
+### Melhor caso
+
+Os nossos melhores critérios representam o que gostaríamos de ver num projeto perfeito desta categoria. As nossas recomendações podem não incluir todas as funcionalidades, mas incluem as que, na nossa opinião, têm um impacto mais elevado.
+
+- Devem ter uma auditoria publicada por um terceiro independente e de boa reputação.
diff --git a/i18n/pt/productivity.md b/i18n/pt/productivity.md
index c28872d6..b5f04fa6 100644
--- a/i18n/pt/productivity.md
+++ b/i18n/pt/productivity.md
@@ -154,39 +154,6 @@ Em geral, definimos suites de escritório como aplicações que podem razoavelme
 - Devem suportar a edição de documentos, folhas de cálculo e apresentações de diapositivos.
 - Devem exportar ficheiros para formatos de documentos normalizados.
 
-## Serviços de colagem
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![Logotipo PrivateBin](assets/img/productivity/privatebin.svg){ align=right }
-
-O **PrivateBin** é um pastebin online minimalista e de código aberto, e cujo servidor não tem conhecimento dos dados colados. Os dados são encriptados/desencriptados no browser utilizando AES de 256 bits. É a versão melhorada do ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Critérios
-
-**Note que não estamos associados a nenhum dos projetos que recomendamos.**Para além dos [nossos critérios padrão](about/criteria.md), temos um conjunto claro de requisitos que nos permitem fornecer recomendações objetivas. Sugerimos que se familiarize com esta lista antes de optar por um projeto e que desenvolva a sua própria investigação para garantir que se trata da escolha certa para si.
-
-#### Requisitos mínimos
-
-- Deve ser de fonte aberta.
-- Devem implementar uma encriptação de ponta a ponta de "confiança zero".
-- Devem suportar ficheiros protegidos por palavra-passe.
-
-#### Melhor caso
-
-Os nossos melhores critérios representam o que gostaríamos de ver num projeto perfeito desta categoria. As nossas recomendações podem não incluir todas as funcionalidades, mas incluem as que, na nossa opinião, têm um impacto mais elevado.
-
-- Devem ter uma auditoria publicada por um terceiro independente e de boa reputação.
-
 ## Language services
 
 ### LanguageTool
@@ -220,9 +187,9 @@ Os nossos melhores critérios representam o que gostaríamos de ver num projeto
 
 </div>
 
-### Framadate
+### Critérios
 
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Note que não estamos associados a nenhum dos projetos que recomendamos.**Para além dos [nossos critérios padrão](about/criteria.md), temos um conjunto claro de requisitos que nos permitem fornecer recomendações objetivas. Sugerimos que se familiarize com esta lista antes de optar por um projeto e que desenvolva a sua própria investigação para garantir que se trata da escolha certa para si.
 
 - Deve ser de fonte aberta.
 - Must be possible to self-host.
diff --git a/i18n/pt/tools.md b/i18n/pt/tools.md
index 03d58f58..434a3aea 100644
--- a/i18n/pt/tools.md
+++ b/i18n/pt/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Saiba mais :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Saiba mais :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Ferramentas de produtividade
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Saiba mais :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Saiba mais :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Sistemas Operativos
 
 ### Móvel
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Saiba mais :material-arrow-right-drop-circle:](android.md)
+[Saiba mais :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Aplicações Android
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Saiba mais :material-arrow-right-drop-circle:](android.md#general-apps)
+[Saiba mais :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Saiba mais :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/ru/android.md b/i18n/ru/android.md
deleted file mode 100644
index 83134c4b..00000000
--- a/i18n/ru/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Логотип Android](assets/img/android/android.svg){ align=right }
-
-**Проект с открытым исходным кодом Android** - это мобильная операционная система с открытым исходным кодом под руководством Google, на которой работает большинство мобильных устройств в мире. Большинство телефонов, продаваемых с ОС Android, модифицированы для включения инвазивных интеграций и приложений, таких как Google Play Services, поэтому вы можете значительно улучшить свою конфиденциальность на мобильном устройстве, заменив стандартную ОС телефона на версию Android без этих инвазивных функций.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-Это операционные системы, устройства и приложения для Android, которые мы рекомендуем для обеспечения максимальной безопасности и конфиденциальности вашего мобильного устройства. Чтобы узнать больше об Android:
-
-[Общий обзор Android :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## Основанные на AOSP
-
-Мы рекомендуем установить на ваше устройство одну из этих кастомных операционных систем Android, перечисленных в порядке предпочтения, в зависимости от совместимости вашего устройства с этими операционными системами.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. Эти устройства нельзя считать полностью безопасными, независимо от установленного программного обеспечения.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![Логотип GrapheneOS](assets/img/android/grapheneos.svg#only-light){ align=right }
-![Логотип GrapheneOS](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** - это лучший выбор для вашей безопасности и конфиденциальности.
-
-GrapheneOS обеспечивает дополнительное [улучшение безопасности](https://en.wikipedia.org/wiki/Hardening_(computing)) и улучшение конфиденциальности. Она имеет [улучшенный memory allocator] (https://github.com/GrapheneOS/hardened_malloc), сетевые и сенсорные разрешения и другие различные [функции безопасности] (https://grapheneos.org/features). GrapheneOS также поставляется с полными обновлениями прошивки и подписанными сборками, поэтому проверенная загрузка полностью поддерживается.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS поддерживает [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), который запускает [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) полностью в песочнице, как любое другое обычное приложение. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Почему мы рекомендуем GrapheneOS, а не CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. Он имеет подписанные сборки, что делает возможным [verified boot](https://source.android.com/security/verifiedboot) на некоторых не-Pixel устройствах.
-
-[:octicons-home-16: Домашняя страница](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Сервис Onion" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Политика конфиденциальности" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Документация}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Исходный код" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Поддержать }
-
-</div>
-
-DivestOS имеет автоматизированное ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [исправление](https://gitlab.com/divested-mobile/cve_checker) уязвимостей ядра, меньше проприетарных зависимостей и кастомный [hosts](https://divested.dev/index.php?page=dnsbl) файл. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS также включает патчи ядра от GrapheneOS и включает все доступные функции безопасности ядра с помощью [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-В DivestOS реализованы некоторые патчи для защиты системы, изначально разработанные для GrapheneOS. В DivestOS 16.0 и выше реализованы переключатели из GrapheneOS для [`интернета`](https://developer.android.com/training/basics/network-ops/connecting) и сенсоров, [улучшенный memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), и частичные патчи [bionic](https://en.wikipedia.org/wiki/Bionic_(software)). 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS использует F-Droid в качестве магазина приложений по умолчанию. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. Для других приложений по-прежнему действуют рекомендованные нами способы их получения.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Предупреждение</p>
-
-[Статус](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) обновлений прошивки DivestOS и контроль качества варьируются в зависимости от поддерживаемых устройств. Мы по-прежнему рекомендуем GrapheneOS, если ваш телефон её поддерживает. Для других устройств хорошей альтернативой является DivestOS.
-
-Не все поддерживаемые устройства имеют функцию проверенной загрузки, а некоторые выполняют ее лучше, чем другие.
-
-</div>
-
-## Android-устройства
-
-При покупке устройства рекомендуем приобрести как можно более новое. ПО и прошивка мобильных устройств поддерживаются только в течение ограниченного периода времени, поэтому покупка нового устройства продлевает его жизненный цикл настолько, насколько это возможно.
-
-Избегайте покупки телефонов у операторов мобильной связи. У них часто **заблокирован загрузчик** и они не поддерживают [OEM разблокировку](https://source.android.com/devices/bootloader/locking_unlocking). Эти варианты телефонов не позволят вам установить какой-либо альтернативный дистрибутив Android.
-
-Будьте **очень осторожны** при покупке подержанных телефонов в интернет-магазинах. Всегда проверяйте репутацию продавца. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). Также существует риск связывания вас с действиями предыдущего владельца устройства.
-
-Еще несколько советов относительно устройств Android и совместимости с операционной системой:
-
-- Не покупайте устройства, срок службы которых истек или близок к концу, дополнительные обновления прошивки должны быть предоставлены производителем.
-- Не покупайте телефоны с предустановленной LineageOS или /e/ OS или любые телефоны Android без надлежащей поддержки [проверенной загрузки (Verified Boot)](https://source.android.com/security/verifiedboot?hl=ru) и обновлений прошивки. Вы также не сможете проверить, взломаны ли эти устройства.
-- Короче, если устройство или дистрибутив Android не указаны в этом списке, вероятно, на это есть веская причина. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Телефоны Google Pixel - это **единственные** устройства, которые мы рекомендуем к покупке. Телефоны Pixel имеют более высокий уровень аппаратной безопасности, чем любые другие устройства Android, представленные в настоящее время на рынке, благодаря надлежащей поддержке AVB для сторонних операционных систем и кастомным чипам безопасности Google [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html), выступающим в качестве элемента безопасности.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-Устройства **Google Pixel** известны хорошей безопасностью и правильной поддержкой [Verified Boot](https://source.android.com/security/verifiedboot), даже при установке сторонних операционных систем.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Магазин](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Элементы безопасности, такие как Titan M2, более ограничены, чем процессорная Trusted Execution Environment, используемая в большинстве других телефонов, поскольку они используются только для хранения секретов, аппаратной аттестации и ограничения скорости, а не для запуска "доверенных" программ. Телефоны без защищенного элемента вынуждены использовать TEE для *всех* этих функций, что приводит к увеличению поверхности атаки.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-Установить GrapheneOS на телефон Pixel легко с помощью [веб-установщика](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-Еще несколько советов по покупке Google Pixel:
-
-- Если вы хотите купить устройство Pixel по выгодной цене, мы советуем приобрести модель "**a**" сразу после выхода следующего флагмана. Скидки обычно предоставляются потому, что Google пытается очистить свои запасы.
-- Рассмотрите варианты снижения цены и специальные предложения, предлагаемые в физических магазинах.
-- Просмотрите сайты общественных онлайн-сделок в вашей стране. Они могут предупредить вас о хороших распродажах.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## Основные приложения
-
-Мы рекомендуем широкий спектр приложений для Android на этом сайте. Приложения, перечисленные здесь, предназначены исключительно для Android и специально улучшают или заменяют ключевые функции системы.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Логотип Shelter](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** - это приложение, которое поможет вам использовать функциональность рабочего профиля Android для изоляции или дублирования приложений на вашем устройстве.
-
-Shelter поддерживает блокировку поиска контактов между профилями и обмен файлами между профилями через файловый менеджер по умолчанию ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Предупреждение</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-Используя Shelter, вы полностью доверяете его разработчику, поскольку Shelter действует как [администратор устройства](https://developer.android.com/guide/topics/admin/device-admin) для создания рабочего профиля и имеет широкий доступ к данным, хранящимся в рабочем профиле.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Логотип Secure camera](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Логотип Secure camera](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** - это приложение камеры, ориентированное на конфиденциальность и безопасность, которое может снимать изображения, видео и сканировать QR-коды. Расширения производителя CameraX (Портрет, HDR, Ночное зрение, Ретушь лица и Авто) также поддерживаются на доступных устройствах.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Основные функции конфиденциальности:
-
-- Автоматическое удаление метаданных [Exif](https://en.wikipedia.org/wiki/Exif) (включено по умолчанию)
-- Использование нового API [Media](https://developer.android.com/training/data-storage/shared/media), поэтому разрешения [на память](https://developer.android.com/training/data-storage) не требуются
-- Разрешение на микрофон не требуется, если вы не хотите записывать звук
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-В настоящее время метаданные не удаляются из видео, но эта функция запланирована.
-
-Метаданные об ориентации изображения не удаляются. Если вы включите функцию определения местоположения (в Secure Camera), эта запись также **не будет** удалена. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Логотип Secure PDF Viewer](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Логотип Secure PDF Viewer](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** - это программа просмотра PDF, основанная на [pdf.js](https://en.wikipedia.org/wiki/PDF.js), которая не требует никаких разрешений. PDF открывается в [песочнице](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). Это означает, что для доступа к содержимому или файлам не требуется прямого разрешения.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) используется для обеспечения того, чтобы JavaScript и свойства стиля в WebView были полностью статическим содержимым.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Скачивание приложений
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-Магазин приложений GrapheneOS доступен на [GitHub](https://github.com/GrapheneOS/Apps/releases). Он поддерживается на Android 12 и выше и способен самостоятельно обновляться. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). Если вы ищете эти приложения, мы настоятельно рекомендуем вам приобрести их в магазине приложений GrapheneOS, а не в Play Store, так как приложения в их магазине подписаны собственной подписью проекта GrapheneOS, к которой Google не имеет доступа.
-
-### Aurora Store
-
-Для входа в Google Play Store требуется учетная запись Google, что не лучшим образом сказывается на конфиденциальности. Это можно обойти, используя альтернативный клиент, например, Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Логотип Aurora Store](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** - это клиент Google Play Store, которому для загрузки приложений не требуется учетная запись Google, службы Google Play Services или microG.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store не позволяет загружать платные приложения через анонимный аккаунт. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Вручную с помощью уведомлений RSS
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-На GitHub (используем в качестве примера [Secure Camera](#secure-camera)) нужно перейти на [страницу релизов](https://github.com/GrapheneOS/Camera/releases) и добавить `.atom` к URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-На GitLab (используем в качестве примера [Aurora Store](#aurora-store)) нужно открыть [репозиторий проекта](https://gitlab.com/AuroraOSS/AuroraStore) и добавить `/-/tags?format=atom` к URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Проверка цифровых отпечатков APK
-
-Если вы загружаете APK-файлы для установки вручную, вы можете проверить их подпись с помощью утилиты [`apksigner`](https://developer.android.com/studio/command-line/apksigner), которая является частью Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Скачайте [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Разархивируйте скачанный архив:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Запустите команду проверки подписи:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. Затем полученные хэши можно сравнить с другим источником. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![Логотип F-Droid](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. Возможность добавлять сторонние репозитории и не ограничиваться рамками Google стала причиной его популярности. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Из-за их процесса сборки приложений, приложения в официальном репозитории F-Droid часто не получают обновлений. Владельцы F-Droid повторно используют идентификаторы пакетов при подписании приложений собственными ключами, что не является идеальным, поскольку это дает команде F-Droid абсолютное доверие. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. Репозиторий IzzyOnDroid берет сборки непосредственно с GitHub и является аналогом собственных репозиториев разработчиков. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. Хотя в этом есть смысл (поскольку цель этого конкретного репозитория - размещение приложений до того, как они будут приняты в основной репозиторий F-Droid), это может оставить вас с установленными приложениями, которые больше не получают обновлений.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Критерии
-
-**Обрати внимание, что у нас нет связей ни с одним проектом, который мы рекомендуем.** В дополнение к [нашим стандартным критериям](about/criteria.md) мы разработали четкий набор требований, позволяющий давать объективные рекомендации. Перед тем, как вы решите выбрать какой-либо проект, мы рекомендуем вам ознакомиться со списком критериев и провести собственное исследование, чтобы убедиться в правильности своего выбора.
-
-### Операционные системы
-
-- Должны иметь открытый исходный код.
-- Должны поддерживать блокировку загрузчика с поддержкой кастомного ключа AVB.
-- Должны получать основные обновления Android в течение 1 месяца после релиза.
-- Должны получать обновления функций Android (минорные версии) в течение 14 дней после релиза.
-- Должен регулярно получать патчи безопасности в течение 5 дней после релиза.
-- По умолчанию root-доступ должен **выключен**.
-- По умолчанию Google Play Services должны быть **выключены**.
-- **Не** должны требоваться модификации системы для поддержки Google Play Services.
-
-### Девайсы
-
-- Должны поддерживать хотя бы одну из рекомендованных нами кастомных операционных систем.
-- Должны продаваться новыми в магазинах.
-- Должны получать обновления безопасности минимум 5 лет.
-- Должен быть отдельный аппаратный элемент безопасности.
-
-### Приложения
-
-- Приложения на этой странице не должны относиться к какой-либо другой категории программного обеспечения на сайте.
-- В целом приложения должны расширять или заменять основную функциональность системы.
-- Приложения должны регулярно обновляться и поддерживаться.
diff --git a/i18n/ru/android/distributions.md b/i18n/ru/android/distributions.md
new file mode 100644
index 00000000..b0bfa6b4
--- /dev/null
+++ b/i18n/ru/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Предупреждение</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Критерии
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Перед тем, как вы решите выбрать какой-либо проект, мы рекомендуем вам ознакомиться со списком критериев и провести собственное исследование, чтобы убедиться в правильности своего выбора.
+
+- Должно иметь открытый исходный код.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/ru/android/general-apps.md b/i18n/ru/android/general-apps.md
new file mode 100644
index 00000000..c374cad7
--- /dev/null
+++ b/i18n/ru/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Предупреждение</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Критерии
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Перед тем, как вы решите выбрать какой-либо проект, мы рекомендуем вам ознакомиться со списком критериев и провести собственное исследование, чтобы убедиться в правильности своего выбора.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/ru/android/index.md b/i18n/ru/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/ru/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/ru/android/obtaining-apps.md b/i18n/ru/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/ru/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/ru/basics/why-privacy-matters.md b/i18n/ru/basics/why-privacy-matters.md
index 26ac58f4..5ee4cb28 100644
--- a/i18n/ru/basics/why-privacy-matters.md
+++ b/i18n/ru/basics/why-privacy-matters.md
@@ -43,7 +43,7 @@ icon: 'material/shield-account'
 
 Распространенным контраргументом против движения за приватность является представление о том, что человеку не нужна приватность, если ему **"нечего скрывать".** Это опасное заблуждение, потому что оно создает ощущение, что люди, требующие приватности, являются девиантами, преступниками или неправильными.
 
-==Не стоит путать приватность и секретность.== Мы все знаем, что происходит в ванной, но вы все равно закрываете дверь. Это потому, что вы хотите приватности, а не секретности. Всегда есть определенные факты о нас, например информация о личном здоровье или сексуальном поведении, которыми мы бы не хотели делиться со всем миром, и это нормально. Потребность в приватности легитимна, и именно это делает нас людьми. Приватность - это ваши права на вашу собственную информацию, а не сокрытие секретов.
+==Не стоит путать приватность и секретность.== Мы все знаем, что происходит в ванной, но вы все равно закрываете дверь. That's because you want privacy, not secrecy. Всегда есть определенные факты о нас, например информация о личном здоровье или сексуальном поведении, которыми мы бы не хотели делиться со всем миром, и это нормально. Потребность в приватности легитимна, и именно это делает нас людьми. Приватность - это ваши права на вашу собственную информацию, а не сокрытие секретов.
 
 ## Приватность - это контроль?
 
diff --git a/i18n/ru/device-integrity.md b/i18n/ru/device-integrity.md
index 20916f5b..9cbbd9ba 100644
--- a/i18n/ru/device-integrity.md
+++ b/i18n/ru/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/ru/mobile-phones.md b/i18n/ru/mobile-phones.md
new file mode 100644
index 00000000..48bbcabf
--- /dev/null
+++ b/i18n/ru/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Предупреждение</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Критерии
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Перед тем, как вы решите выбрать какой-либо проект, мы рекомендуем вам ознакомиться со списком критериев и провести собственное исследование, чтобы убедиться в правильности своего выбора.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/ru/os/android-overview.md b/i18n/ru/os/android-overview.md
index 4be5d09d..6afbf457 100644
--- a/i18n/ru/os/android-overview.md
+++ b/i18n/ru/os/android-overview.md
@@ -18,7 +18,7 @@ When you buy an Android phone, the default operating system comes bundled with a
 
 В идеале, при выборе кастомного дистрибутива Android, вы должны убедиться, что он поддерживает модель безопасности Android. Как минимум, дистрибутив должен иметь production сборки, поддержку AVB, защиту rollback, своевременные обновления прошивки и операционной системы и SELinux в режиме [enforcing](https://source.android.com/security/selinux/concepts#enforcement_levels). Все рекомендованные нами дистрибутивы Android удовлетворяют этим критериям.
 
-[Наши рекомендации Android :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Наши рекомендации Android :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Избегайте рутинга
 
@@ -125,7 +125,7 @@ Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/
 
 [Рабочие профили](https://support.google.com/work/android/answer/6191949?hl=ru&sjid=10752136651864735274-EU) - это еще один способ изолировать отдельные приложения, который может быть более удобным, чем отдельные профили пользователей.
 
-Для создания рабочего профиля, не имея корпоративного MDM, требуется **приложение-контроллер устройства**, такое как [Shelter](../android.md#shelter). Кастомные Android могут содержать такую функцию по умолчанию.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 Функционирование рабочего профиля зависит от контроллера устройства. Такие функции, как *File Shuttle* и *блокировка поиска контактов* или любые другие функции изоляции должны быть реализованы контроллером. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/ru/os/index.md b/i18n/ru/os/index.md
index 80a5bf83..9a6c7672 100644
--- a/i18n/ru/os/index.md
+++ b/i18n/ru/os/index.md
@@ -4,7 +4,7 @@ title: Операционные системы
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/ru/os/ios-overview.md b/i18n/ru/os/ios-overview.md
index 2faac488..e38a6bb3 100644
--- a/i18n/ru/os/ios-overview.md
+++ b/i18n/ru/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
@@ -63,7 +63,7 @@ Your location data is not E2EE when your device is online and you use Find My iP
 
 At the top of the **Settings** app, you'll see your name and profile picture if you are signed in to an Apple ID. Select that, then select **Find My**. Here you can choose whether to enable or disable Find My location features.
 
-### Настройки
+### Settings
 
 Many other privacy-related settings can be found in the **Settings** app.
 
diff --git a/i18n/ru/os/windows/group-policies.md b/i18n/ru/os/windows/group-policies.md
index 0cfe8d01..cee41e77 100644
--- a/i18n/ru/os/windows/group-policies.md
+++ b/i18n/ru/os/windows/group-policies.md
@@ -14,7 +14,7 @@ You can find these settings by opening `gpedit.msc` and navigating to **Local Co
 
 To change any group policy, double click it and select Enabled or Disabled at the top of the window that appears depending on the recommendations below. Some group policies have additional settings that can be configured, and if that's the case the appropriate settings are noted below as well.
 
-### Система
+### System
 
 #### Device Guard
 
diff --git a/i18n/ru/pastebins.md b/i18n/ru/pastebins.md
new file mode 100644
index 00000000..13889870
--- /dev/null
+++ b/i18n/ru/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Данные шифруются/дешифруются в браузере с помощью 256-битного AES. Это улучшенная версия ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Критерии
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Перед тем, как вы решите выбрать какой-либо проект, мы рекомендуем вам ознакомиться со списком критериев и провести собственное исследование, чтобы убедиться в правильности своего выбора.
+
+### Минимальные требования к сервисам
+
+- Исходный код проекта должен быть открыт.
+- Должно быть реализовано сквозное шифрование "с нулевым доверием".
+- Должен поддерживать файлы, защищенные паролем.
+
+### В лучшем случае
+
+Эти критерии представляют собой то, что мы хотели бы видеть от идеального проекта в этой категории. Наши рекомендации могут не соответствовать всем или нескольким из этих критериев, но проекты, которые им соответствуют, расположены выше остальных.
+
+- Должен иметь опубликованный аудит от авторитетной, независимой третьей стороны.
diff --git a/i18n/ru/productivity.md b/i18n/ru/productivity.md
index 8f9d2706..56b61dcc 100644
--- a/i18n/ru/productivity.md
+++ b/i18n/ru/productivity.md
@@ -154,39 +154,6 @@ cover: productivity.webp
 - Должны поддерживать редактирование документов, таблиц и презентаций.
 - Должны экспортировать файлы в стандартные форматы документов.
 
-## Размещение текста
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![Логотип PrivateBin](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** - это минималистичный онлайновый сервис размещения текста с открытым исходным кодом, где сервер не знает о вставляемых данных. Данные шифруются/дешифруются в браузере с помощью 256-битного AES. Это улучшенная версия ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Критерии
-
-**Обрати внимание, что у нас нет связей ни с одним проектом, который мы рекомендуем.** В дополнение к [нашим стандартным критериям](about/criteria.md) мы разработали четкий набор требований, позволяющий давать объективные рекомендации. Мы рекомендуем тебе ознакомиться с этим списком, прежде чем выбрать продукт, и провести собственное исследование, чтобы убедиться в правильности своего выбора.
-
-#### Минимальные требования к сервисам
-
-- Исходный код проекта должен быть открыт.
-- Должно быть реализовано сквозное шифрование "с нулевым доверием".
-- Должен поддерживать файлы, защищенные паролем.
-
-#### В лучшем случае
-
-Эти критерии представляют собой то, что мы хотели бы видеть от идеального проекта в этой категории. Наши рекомендации могут не соответствовать всем или нескольким из этих критериев, но проекты, которые им соответствуют, расположены выше остальных.
-
-- Должен иметь опубликованный аудит от авторитетной, независимой третьей стороны.
-
 ## Language services
 
 ### LanguageTool
@@ -222,7 +189,7 @@ cover: productivity.webp
 
 ### Критерии
 
-**Обрати внимание, что у нас нет связей ни с одним проектом, который мы рекомендуем.** В дополнение к [нашим стандартным критериям](about/criteria.md) мы разработали четкий набор требований, позволяющий давать объективные рекомендации. Перед тем, как вы решите выбрать какой-либо проект, мы рекомендуем вам ознакомиться со списком критериев и провести собственное исследование, чтобы убедиться в правильности своего выбора.
+**Обрати внимание, что у нас нет связей ни с одним проектом, который мы рекомендуем.** В дополнение к [нашим стандартным критериям](about/criteria.md) мы разработали четкий набор требований, позволяющий давать объективные рекомендации. Мы рекомендуем тебе ознакомиться с этим списком, прежде чем выбрать продукт, и провести собственное исследование, чтобы убедиться в правильности своего выбора.
 
 - Исходный код проекта должен быть открыт.
 - Must be possible to self-host.
diff --git a/i18n/ru/tools.md b/i18n/ru/tools.md
index 0a393e6b..c757625b 100644
--- a/i18n/ru/tools.md
+++ b/i18n/ru/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Узнать больше :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Узнать больше :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Инструменты продуктивности
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Узнать больше :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Узнать больше :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Операционные системы
 
 ### Для телефонов
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Узнать больше :material-arrow-right-drop-circle:](android.md)
+[Узнать больше :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Приложения для Android
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Узнать больше :material-arrow-right-drop-circle:](android.md#general-apps)
+[Узнать больше :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Узнать больше :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Персональный компьютер
 
diff --git a/i18n/sv/android.md b/i18n/sv/android.md
deleted file mode 100644
index a27289f6..00000000
--- a/i18n/sv/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP Derivatives
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** is the best choice when it comes to privacy and security.
-
-GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Varning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Varning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Kriterier
-
-**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig.
-
-### Operativsystem
-
-- Måste vara programvara med öppen källkod.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/sv/android/distributions.md b/i18n/sv/android/distributions.md
new file mode 100644
index 00000000..0f69897b
--- /dev/null
+++ b/i18n/sv/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Varning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Kriterier
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig.
+
+- Måste vara programvara med öppen källkod.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/sv/android/general-apps.md b/i18n/sv/android/general-apps.md
new file mode 100644
index 00000000..ccd92d26
--- /dev/null
+++ b/i18n/sv/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Varning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Kriterier
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/sv/android/index.md b/i18n/sv/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/sv/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/sv/android/obtaining-apps.md b/i18n/sv/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/sv/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/sv/device-integrity.md b/i18n/sv/device-integrity.md
index cf58f839..56000fca 100644
--- a/i18n/sv/device-integrity.md
+++ b/i18n/sv/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/sv/mobile-phones.md b/i18n/sv/mobile-phones.md
new file mode 100644
index 00000000..96f8a55c
--- /dev/null
+++ b/i18n/sv/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Varning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Kriterier
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/sv/os/android-overview.md b/i18n/sv/os/android-overview.md
index b49f038a..d2f67035 100644
--- a/i18n/sv/os/android-overview.md
+++ b/i18n/sv/os/android-overview.md
@@ -18,7 +18,7 @@ This problem could be solved by using a custom Android distribution that does no
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Our Android System Recommendations :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Avoid Rooting
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/sv/os/index.md b/i18n/sv/os/index.md
index de800378..f589b761 100644
--- a/i18n/sv/os/index.md
+++ b/i18n/sv/os/index.md
@@ -4,7 +4,7 @@ title: Operativsystem
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/sv/os/ios-overview.md b/i18n/sv/os/ios-overview.md
index 6b283dc9..5b1e426f 100644
--- a/i18n/sv/os/ios-overview.md
+++ b/i18n/sv/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/sv/pastebins.md b/i18n/sv/pastebins.md
new file mode 100644
index 00000000..33ea3c98
--- /dev/null
+++ b/i18n/sv/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Kriterier
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig.
+
+### Minimikrav
+
+- Måste vara öppen källkod.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Bästa fall
+
+Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/sv/productivity.md b/i18n/sv/productivity.md
index b23ccc80..f4d69022 100644
--- a/i18n/sv/productivity.md
+++ b/i18n/sv/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Kriterier
-
-**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig.
-
-#### Minimikrav
-
-- Måste vara öppen källkod.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Bästa fall
-
-Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/sv/tools.md b/i18n/sv/tools.md
index ebac1bf4..97b168ec 100644
--- a/i18n/sv/tools.md
+++ b/i18n/sv/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Läs mer :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Läs mer :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Produktivitetsverktyg
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Läs mer :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Läs mer :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Operativsystem
 
 ### Mobil
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Läs mer :material-arrow-right-drop-circle:](android.md)
+[Läs mer :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android-app
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Läs mer :material-arrow-right-drop-circle:](android.md#general-apps)
+[Läs mer :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Läs mer :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Skrivbord
 
diff --git a/i18n/tr/android.md b/i18n/tr/android.md
deleted file mode 100644
index 32edc357..00000000
--- a/i18n/tr/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP Derivatives
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** is the best choice when it comes to privacy and security.
-
-GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Operating Systems
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/tr/android/distributions.md b/i18n/tr/android/distributions.md
new file mode 100644
index 00000000..b01bb172
--- /dev/null
+++ b/i18n/tr/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/tr/android/general-apps.md b/i18n/tr/android/general-apps.md
new file mode 100644
index 00000000..d13deac9
--- /dev/null
+++ b/i18n/tr/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/tr/android/index.md b/i18n/tr/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/tr/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/tr/android/obtaining-apps.md b/i18n/tr/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/tr/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/tr/basics/why-privacy-matters.md b/i18n/tr/basics/why-privacy-matters.md
index 160f53b1..2f3c288b 100644
--- a/i18n/tr/basics/why-privacy-matters.md
+++ b/i18n/tr/basics/why-privacy-matters.md
@@ -43,7 +43,7 @@ All of these concepts overlap, but it is possible to have any combination of the
 
 A common counter-argument to pro-privacy movements is the notion that one doesn't need privacy if they have **"nothing to hide."** This is a dangerous misconception, because it creates a sense that people who demand privacy must be deviant, criminal, or wrong.
 
-==You shouldn't confuse privacy with secrecy.== We know what happens in the bathroom, but you still close the door. Çünkü gizlilik değil, mahremiyet istiyorsunuz. There are always certain facts about us—say, personal health information, or sexual behavior—that we wouldn't want the whole world to know, and that's okay. The need for privacy is legitimate, and that's what makes us human. Privacy is about empowering your rights over your own information, not about hiding secrets.
+==You shouldn't confuse privacy with secrecy.== We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. There are always certain facts about us—say, personal health information, or sexual behavior—that we wouldn't want the whole world to know, and that's okay. The need for privacy is legitimate, and that's what makes us human. Privacy is about empowering your rights over your own information, not about hiding secrets.
 
 ## Gizlilik Kontrolle mi İlgili?
 
diff --git a/i18n/tr/device-integrity.md b/i18n/tr/device-integrity.md
index ca0ff5bb..706830d8 100644
--- a/i18n/tr/device-integrity.md
+++ b/i18n/tr/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor, bu sayfadaki diğer bazı araçlar gibi bir tarama/analiz aracı değildir; bunun yerine cihazınızın donanım destekli anahtar deposunu kullanarak cihazınızın kimliğini doğrulamanıza ve işletim sisteminin kendisinin doğrulanmış önyükleme yoluyla değiştirilmediğinden veya sürümünün düşürülmediğinden emin olmanıza olanak tanır. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). İmza veritabanı güncellemelerini indirmek için internete erişir, ancak dosyalarınızı veya herhangi bir meta veriyi buluta yüklemez. Taramalar tamamen yerel olarak gerçekleştirilir.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/tr/mobile-phones.md b/i18n/tr/mobile-phones.md
new file mode 100644
index 00000000..c4e2ccc1
--- /dev/null
+++ b/i18n/tr/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/tr/os/android-overview.md b/i18n/tr/os/android-overview.md
index fcf0130b..01e4d1de 100644
--- a/i18n/tr/os/android-overview.md
+++ b/i18n/tr/os/android-overview.md
@@ -18,7 +18,7 @@ Bu sorun, bu tür istilacı entegrasyonla gelmeyen özel bir Android dağıtım
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Our Android System Recommendations :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Avoid Rooting
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/tr/os/index.md b/i18n/tr/os/index.md
index 25f7d659..cb628588 100644
--- a/i18n/tr/os/index.md
+++ b/i18n/tr/os/index.md
@@ -4,7 +4,7 @@ title: Operating Systems
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/tr/os/ios-overview.md b/i18n/tr/os/ios-overview.md
index 840fabc0..c23dc5f4 100644
--- a/i18n/tr/os/ios-overview.md
+++ b/i18n/tr/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/tr/pastebins.md b/i18n/tr/pastebins.md
new file mode 100644
index 00000000..e0d4b33e
--- /dev/null
+++ b/i18n/tr/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Must be open source.
+- "Sıfır güven" uçtan uca şifreleme uygulamalıdır.
+- Parola korumalı dosyaları desteklemelidir.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/tr/productivity.md b/i18n/tr/productivity.md
index 10660da2..7a89de87 100644
--- a/i18n/tr/productivity.md
+++ b/i18n/tr/productivity.md
@@ -154,39 +154,6 @@ Genel olarak, ofis programlarını çoğu ihtiyaç için Microsoft Word'ün yeri
 - Belgeleri, elektronik tabloları ve slayt gösterilerini düzenlemeyi desteklemelidir.
 - Dosyaları standart belge formatlarına aktarabilmelidir.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Lütfen önerdiğimiz projelerin hiçbirine bağlı olmadığımızı unutmayın.** [standart kriterlerimize](about/criteria.md)ek olarak, objektif tavsiyelerde bulunabilmemiz için bir takım gereklilikler geliştirdik. Bir projeyi kullanmayı seçmeden önce bu listeye aşina olmanızı ve sizin için doğru seçim olduğundan emin olmak için kendi araştırmanızı yapmanızı öneririz.
-
-#### Minimum Requirements
-
-- Must be open source.
-- "Sıfır güven" uçtan uca şifreleme uygulamalıdır.
-- Parola korumalı dosyaları desteklemelidir.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
@@ -222,7 +189,7 @@ Our best-case criteria represents what we would like to see from the perfect pro
 
 ### Criteria
 
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+**Lütfen önerdiğimiz projelerin hiçbirine bağlı olmadığımızı unutmayın.** [standart kriterlerimize](about/criteria.md)ek olarak, objektif tavsiyelerde bulunabilmemiz için bir takım gereklilikler geliştirdik. Bir projeyi kullanmayı seçmeden önce bu listeye aşina olmanızı ve sizin için doğru seçim olduğundan emin olmak için kendi araştırmanızı yapmanızı öneririz.
 
 - Must be open source.
 - Must be possible to self-host.
diff --git a/i18n/tr/tools.md b/i18n/tr/tools.md
index 9d721f54..f08c6195 100644
--- a/i18n/tr/tools.md
+++ b/i18n/tr/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Productivity Tools
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Operating Systems
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md)
+[Learn more :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android Apps
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md#general-apps)
+[Learn more :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/uk/android.md b/i18n/uk/android.md
deleted file mode 100644
index 32edc357..00000000
--- a/i18n/uk/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP Derivatives
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** is the best choice when it comes to privacy and security.
-
-GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
-
-Not all of the supported devices have verified boot, and some perform it better than others.
-
-</div>
-
-## Android Devices
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## General Apps
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
-
-Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## Obtaining Applications
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Manually with RSS Notifications
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Operating Systems
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/uk/android/distributions.md b/i18n/uk/android/distributions.md
new file mode 100644
index 00000000..b01bb172
--- /dev/null
+++ b/i18n/uk/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/uk/android/general-apps.md b/i18n/uk/android/general-apps.md
new file mode 100644
index 00000000..d13deac9
--- /dev/null
+++ b/i18n/uk/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/uk/android/index.md b/i18n/uk/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/uk/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/uk/android/obtaining-apps.md b/i18n/uk/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/uk/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/uk/device-integrity.md b/i18n/uk/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/uk/device-integrity.md
+++ b/i18n/uk/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/uk/mobile-phones.md b/i18n/uk/mobile-phones.md
new file mode 100644
index 00000000..c4e2ccc1
--- /dev/null
+++ b/i18n/uk/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/uk/os/android-overview.md b/i18n/uk/os/android-overview.md
index 7cf3b819..a0f959f4 100644
--- a/i18n/uk/os/android-overview.md
+++ b/i18n/uk/os/android-overview.md
@@ -18,7 +18,7 @@ When you buy an Android phone, the default operating system comes bundled with a
 
 В ідеалі, вибираючи користувальницький дистрибутив Android, ви повинні переконатися, що він підтримує модель безпеки Android. Принаймні, дистрибутив повинен мати виробничі збірки, підтримку AVB, захист від відкату, своєчасне оновлення прошивки та операційної системи, а також SELinux в [примусовому режимі (enforcing mode)](https://source.android.com/security/selinux/concepts#enforcement_levels). Всі наші рекомендовані прошивки Android відповідають цим критеріям.
 
-[Наші рекомендації для системи Android :material-arrow-right:](../android.md ""){.md-button}
+[Наші рекомендації для системи Android :material-arrow-right:](../android/distributions.md ""){.md-button}
 
 ### Уникайте рутування
 
@@ -125,7 +125,7 @@ Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/
 
 [Робочі профілі](https://support.google.com/work/android/answer/6191949) - це ще один спосіб ізоляції програм, який може бути зручнішим, ніж окремі профілі користувачів.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 Робочий профіль залежить від функціонування контролера пристрою. Такі функції як *Файловий шатл* та *блокування пошуку контактів* або будь-які інші функції ізоляції повинні бути реалізовані контролером. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/uk/os/index.md b/i18n/uk/os/index.md
index 25f7d659..cb628588 100644
--- a/i18n/uk/os/index.md
+++ b/i18n/uk/os/index.md
@@ -4,7 +4,7 @@ title: Operating Systems
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/uk/os/ios-overview.md b/i18n/uk/os/ios-overview.md
index 4c8122ea..293a0554 100644
--- a/i18n/uk/os/ios-overview.md
+++ b/i18n/uk/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/uk/pastebins.md b/i18n/uk/pastebins.md
new file mode 100644
index 00000000..66d41268
--- /dev/null
+++ b/i18n/uk/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Must be open source.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/uk/productivity.md b/i18n/uk/productivity.md
index 4c275a95..c1f0e4c4 100644
--- a/i18n/uk/productivity.md
+++ b/i18n/uk/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
-- Must be open source.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/uk/tools.md b/i18n/uk/tools.md
index c78eebd3..5ade540a 100644
--- a/i18n/uk/tools.md
+++ b/i18n/uk/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Productivity Tools
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Operating Systems
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md)
+[Learn more :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android Apps
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md#general-apps)
+[Learn more :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/vi/android.md b/i18n/vi/android.md
deleted file mode 100644
index edf0cce2..00000000
--- a/i18n/vi/android.md
+++ /dev/null
@@ -1,453 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android logo](assets/img/android/android.svg){ align=right }
-
-The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. khuyến nghị
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP Derivatives
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. Những thiết bị này không thể được coi là hoàn toàn an toàn bất kể phần mềm được cài đặt.
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** là sự lựa chọn tốt nhất khi nói đến quyền riêng tư và bảo mật.
-
-GrapheneOS cung cấp thêm [tăng cường bảo mật](https://en.wikipedia.org/wiki/Hardening_(computing)) và các cải tiến về quyền riêng tư. Nó có [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), quyền mạng và cảm biến cũng như nhiều [tính năng bảo mật](https://grapheneos.org/features). GrapheneOS cũng đi kèm với các bản cập nhật chương trình cơ sở đầy đủ và các bản dựng đã ký, vì vậy khởi động đã xác minh được hỗ trợ đầy đủ.
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### CalyxOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. [Homepage](https://calyxos.org/){ .md-button .md-button--primary } [Chính Sách Bảo Mật](https://calyxinstitute.org/legal/privacy-policy){ .md-button }
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** là phần mềm fork của [LineageOS](https://lineageos.org/). DivestOS kế thừa nhiều [thiết bị được hỗ trợ](https://divestos.org/index.php?page=devices&amp;base=LineageOS) từ LineageOS. Nó có các bản dựng đã ký, nên có thể có [khởi động đã xác minh](https://source.android.com/security/verifiedboot) trên một số thiết bị không phải Pixel.
-
-[Homepage](https://divestos.org){ .md-button .md-button--primary } [Chính Sách Bảo Mật](https://divestos.org/index.php?page=privacy_policy){ .md-button }
-
-</div>
-
-## Thiết bị Android
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### DivestOS
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-Đối với các thiết bị khác, DivestOS là một lựa chọn thay thế tốt.
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## Ứng dụng chung
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-**Google Pixel** được biết là có bảo mật tốt và hỗ trợ đúng cách [Khởi động đã xác minh](https://source.android.com/security/verifiedboot), ngay cả khi cài đặt hệ điều hành tùy chỉnh.
-
-Bắt đầu với **Pixel 6** và **6 Pro**, các thiết bị Pixel nhận được bản cập nhật bảo mật được đảm bảo tối thiểu 5 năm, đảm bảo tuổi thọ dài hơn nhiều so với 2-4 năm mà các OEM cạnh tranh thường cung cấp.
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">Warning</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. [Homepage](https://orbot.app/){ .md-button .md-button--primary }
-
-???
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-Metadata is not currently deleted from video files but that is planned.
-
-The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## App Stores
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS App Store
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### Aurora Store
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-Vì CalyxOS bao gồm một bộ điều khiển thiết bị, chúng tôi khuyên bạn nên sử dụng hồ sơ công việc được tích hợp sẵn của chúng để thay thế.
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### Trình xem PDF an toàn
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### OnePlus
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### Fairphone
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
-
-3. Extract the downloaded archive:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. Run the signature verification command:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Framadate
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### Operating Systems
-
-- Must be open-source software.
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### Devices
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### Applications
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/vi/android/distributions.md b/i18n/vi/android/distributions.md
new file mode 100644
index 00000000..c9c40393
--- /dev/null
+++ b/i18n/vi/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Framadate
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must be open-source software.
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/vi/android/general-apps.md b/i18n/vi/android/general-apps.md
new file mode 100644
index 00000000..cdfdc9d4
--- /dev/null
+++ b/i18n/vi/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Framadate
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/vi/android/index.md b/i18n/vi/android/index.md
new file mode 100644
index 00000000..620efc1f
--- /dev/null
+++ b/i18n/vi/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/vi/android/obtaining-apps.md b/i18n/vi/android/obtaining-apps.md
new file mode 100644
index 00000000..9ef3c333
--- /dev/null
+++ b/i18n/vi/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### OnePlus
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/vi/device-integrity.md b/i18n/vi/device-integrity.md
index 56ef77af..fb19bab5 100644
--- a/i18n/vi/device-integrity.md
+++ b/i18n/vi/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/vi/mobile-phones.md b/i18n/vi/mobile-phones.md
new file mode 100644
index 00000000..e0b85724
--- /dev/null
+++ b/i18n/vi/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">Warning</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Framadate
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/vi/os/android-overview.md b/i18n/vi/os/android-overview.md
index 07ff0492..8f6d59de 100644
--- a/i18n/vi/os/android-overview.md
+++ b/i18n/vi/os/android-overview.md
@@ -18,7 +18,7 @@ This problem could be solved by using a custom Android distribution that does no
 
 Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
 
-[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Our Android System Recommendations :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### Avoid Rooting
 
@@ -125,7 +125,7 @@ With user profiles, you can impose restrictions on a specific profile, such as:
 
 [Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/vi/os/index.md b/i18n/vi/os/index.md
index 25f7d659..cb628588 100644
--- a/i18n/vi/os/index.md
+++ b/i18n/vi/os/index.md
@@ -4,7 +4,7 @@ title: Operating Systems
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/vi/os/ios-overview.md b/i18n/vi/os/ios-overview.md
index 4c8122ea..293a0554 100644
--- a/i18n/vi/os/ios-overview.md
+++ b/i18n/vi/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/vi/pastebins.md b/i18n/vi/pastebins.md
new file mode 100644
index 00000000..08ee8d0a
--- /dev/null
+++ b/i18n/vi/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Framadate
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Must be open source.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/vi/productivity.md b/i18n/vi/productivity.md
index d9976168..46d464a0 100644
--- a/i18n/vi/productivity.md
+++ b/i18n/vi/productivity.md
@@ -158,39 +158,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Framadate
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
-- Must be open source.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/vi/tools.md b/i18n/vi/tools.md
index 439b271e..b525de11 100644
--- a/i18n/vi/tools.md
+++ b/i18n/vi/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](pastebins.md)
+
 ### Productivity Tools
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [Learn more :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## Operating Systems
 
 ### Mobile
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md)
+[Learn more :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android Apps
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[Learn more :material-arrow-right-drop-circle:](android.md#general-apps)
+[Learn more :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### Desktop/PC
 
diff --git a/i18n/zh-Hant/android.md b/i18n/zh-Hant/android.md
deleted file mode 100644
index 0a69de0d..00000000
--- a/i18n/zh-Hant/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android 推薦: GrapheneOS 與 DivestOS - Privacy Guides"
-title: "Android"
-icon: 'simple/android'
-description: Android 手機可考慮使用這些更為安全與尊重隱私的作業系統。
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": 網頁
-    name: 私密 Android 作業系統
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Android
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": 網頁
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: Android
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: Android
----
-
-![Android 圖標](assets/img/android/android.svg){ align=right }
-
-**安卓開源項目** 是一個由谷歌領導的開源移動操作系統，為世界上大多數移動設備提供動力。 大多數 Android 系統的手機都經過修改，包括侵入性整合與應用程式，如 Google Play 服務，所以使用無這類侵入性功能的 Android 系統版本取代手機原本預設的安裝，可改善行動設備上的隱私。
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-這些是我們推薦 Android 作業系統、設備和應用程式，最大程度地提高行動設備的安全和隱私。 了解更多 Android 資訊：
-
-[安卓概况 :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP 衍生品
-
-根據設備與這些作業系統的兼容性，列出偏好順序以安裝我們推薦的某款定制 Android 作業系統。
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note "備註"</p>
-
-由於 OEM 停止支持，壽命終止的設備（如 GrapheneOS 或CalyxOS 的 "延長支授 "設備）沒有完整的安全補丁（軔體更新）。 這些設備無論安裝何種軟體，都不能視為完全安全。
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS** 是隱私與安全的最佳選擇。
-
-GrapheneOS 提供額外的 [安全加固](https://en.wikipedia.org/wiki/Hardening_(computing)) 與隱私改善。 它有 [加固的記憶體分配器](https://github.com/GrapheneOS/hardened_malloc)、網路、感應許可與各類[安全功能](https://grapheneos.org/features). GrapheneOS 還帶有完整的軔體更新與已簽名的建置版本，因此完全支援 verified boot。
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS 支援 [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), 它可以像其它普通應用一樣在沙盒中執行[Google Play 服務](https://en.wikipedia.org/wiki/Google_Play_Services) 。 這意味可利用大多數 Google Play 服務，如 [推送通知](https://firebase.google.com/docs/cloud-messaging)，完全控制其權限和訪問，同時將其包含所選的特定 [工作設定檔](os/android-overview.md#work-profile) 或 [用戶設定檔](os/android-overview.md#user-profiles)。
-
-Google Pixel 手機是目前唯一符合 GrapheneOS [硬體安全要求](https://grapheneos.org/faq#future-devices)的設備。
-
-[為何我們推薦 GrapheneOS 而非 CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** 是 [LineageOS](https://lineageos.org)的分支。
-DivestOS 從 LineageOS 繼承了許多[支援的設備](https://divestos.org/index.php?page=devices&base=LineageOS)。 它具有簽名的建置，因此可在某些非 Pixel 設備上執行 [verified boot](https://source.android.com/security/verifiedboot)。
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS 有自動內核弱點 ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [補丁](https://gitlab.com/divested-mobile/cve_checker)、更少的商業專用 blobs 與自定的 [hosts](https://divested.dev/index.php?page=dnsbl) 檔案。 其強化 WebView，[Mulch](https://gitlab.com/divested-mobile/mulch)，支援 適用於所有架構的[CFI](https://en.wikipedia.org/wiki/Control - flow_integrity)和[網路狀態分割](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning)，並接收外帶更新。 DivestOS 還包括來自GrapheneOS 內核補丁，並通過 [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758)，開啟所有可用的內核安全功能。 3.4 版之後更新的內核都包括全頁[淨化](https://lwn.net/Articles/334747) ，所有 ~22 Clang 編譯的內核都啟用了 [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471)。
-
-DivestOS 實現了一些最初為 GrapheneOS 開發的系統加固補丁。 DivestOS 16.0以上版本實現了 GrapheneOS [`網際網路`](https://developer.android.com/training/basics/network-ops/connecting) 和感應權限切換， [固化記憶體分配器](https://github.com/GrapheneOS/hardened_malloc)， [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening)， [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming))，以及部分 [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) 固化補丁集。 17.1 及更新版本具有GrapheneOS 的各個網路完整[MAC 隨機化](https://en.wikipedia.org/wiki/MAC_address#Randomization)選項，[`ptrace_scope`](https:/ /kernel. org/doc/html/latest/admin-guide/LSM/Yama.html) 控制，以及自動重新啟動/Wi-Fi/藍牙[逾時選項](https:// /grapheneos.org/features)。
-
-DivestOS 以 F-Droid 為預設的應用下載服務。 通常建議 [少用 F-Droid](#f-droid)，然而這對 DivestOS 卻不可行，開發者透過 ([DivestOS 官方](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) 與 [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2))的 F-Droid 存取庫來更新他們的應用程式。 建議禁用官方 F-Droid 應用，並使用 [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic)**一併啟用DivestOS 存取庫**，以保持這些組件為最新。 至於其它應用，我們建議的獲取方式仍適用。
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">警告</p>
-
-DivestOS 軔體更新 [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS)和品管依所支援的設備不同而異。 雖取決於設備的兼容性，我们仍推薦 GrapheneOS。 對其它設備，DivestOS 是不錯的選項。
-
-並非所有支援設備都可 verified boot，某些設備的表現較好。
-
-</div>
-
-## Android 設備
-
-選購設備時，建議儘可能挑選較新的設備。 行動設備的軟體和軔體只支持時間有期限，因此購買新上市的設備可以盡可能地延長其支援壽命。
-
-避免從電信行動營運商購置手機。 它們往往 **鎖定 bootloader** 也不支援 [OEM 解鎖](https://source.android.com/devices/bootloader/locking_unlocking)。 這類手機變體阻止安裝任何替代的 Android 發行版。
-
-從網路市集購買二手手機必須要非常**小心**。 請檢查賣家的信譽 如果設備被盜，它有可能被輸入到 [IMEI 資料庫](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database)。 前一位持有者的活動發生關係也將有風險。
-
-對於 Android 設備與作業系統相容有一些提示:
-
-- 不要購買已經達到或接近其支援壽命的設備，額外的軔體更新必須由製造商提供。
-- 不要購買預裝 LineageOS 或/e/OS 或是無適當 [Verified Boot](https://source.android.com/security/verifiedboot) 支持和軔體更新的 Android 手機。 這些設備沒辦檢查是否曾遭篡改。
-- 簡而言之，如果這裏沒列出某設備或 Android 發行版，都是有原因的。 請造訪[論壇](https://discuss.privacyguides.net)以了解詳細資訊！
-
-### Google Pixel
-
-Google Pixel 是**唯一** 推薦的手機。 由於對第三方作業系統的適當AVB 支持和 Google 定制的 [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) 安全晶片為安全元件，Pixel 硬體安全性比目前市場上其他 Android 設備強。
-
-<div class="admonition recommendation" markdown>
-
-![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-眾所周知，**Google Pixel** 設備具有良好安全性，支持 [Verified Boot](https://source.android.com/security/verifiedboot)，即使安裝自定義作業系統時也是如此。
-
-從 **Pixel 8**和 **8 Pro** 開始，Pixel 設備至少有 7年的安全更新保證，確保其使用壽命比其他競爭OEM 廠商 2-5年長得多。
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Titan M2 這類安全元件比大多數其他手機處理器的可信執行環境更為有限，因為Titan M2 只用於秘密存儲、硬體證明和速率限制，而不是用於運行 "可信" 程式。 沒有安全元件的手機必須使用 TEE *執行所有這些功能* ，從而導致更大的攻擊面。
-
-Google Pixel 手機使用名為Trusty 的 TEE 作業系統，它是 [開源](https://source.android.com/security/trusty#whyTrusty)，與其他許多手機不同。
-
-Pixel 手機很容易安裝 GrapheneOS 只需依其 [網頁安裝程式](https://grapheneos.org/install/web)即可。 如果不敢自行安裝願意多花一點錢，可以看看 [NitroPhone](https://shop.nitrokey.com/shop) ，它們預裝 GrapheneOS，來自著名的 [Nitrokey](https://nitrokey.com/about) 公司。
-
-購買 Google Pixel 的一些提醒:
-
-- 如果想買便宜的 Pixel 設備，建議購買"**a**"型號，其為旗艦機發布後的預算款。 通常會有折扣，因為 Google 會出清庫存。
-- 考慮在實體商店提供折扣與特價的商品。
-- 找找國內線上折扣社區的網站。 這些可提醒有好的商品。
-- Google 提供一份其設備 [支援週期](https://support.google.com/nexus/answer/4457705)的列表清單。 設備每天的價格可以計算如下： <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>成本</mtext> <mrow> <mtext>產品終期 日期</mtext> <mo>−</mo> <mtext>當前日期</mtext> </mrow> </mfrac> </math> ，意味著設備的使用時間越長，每日成本就越低。
-- 如果你的地區無法購得 Pixel ， [NitroPhone](https://shop.nitrokey.com/shop) 可提供全球配送。
-
-## 一般應用
-
-我們在網站上推薦了各種各樣的 Android 應用。 這裡列出的應用程式是 Android 專用、特別加強或取代重要系統功能。
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-**Shelter** 有助於利用 Android 工作設定檔功能隔離或複制設備上的應用程式。.
-
-Shelter 阻止聯繫人利用默認檔案管理器([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui))作跨設定檔搜尋與共享檔案 。
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">警告</p>
-
-推薦使用 Shelter 取代 [Insular](https://secure-system.gitlab.io/Insular)和 [Island](https://github.com/oasisfeng/island)，因為 Shelter 支持[聯繫人搜索屏蔽](https://secure-system.gitlab.io/Insular/faq.html)。
-
-當使用 Shelter 時，將信任置於其開發者，Shelter 作為[設備管理員](https://developer.android.com/guide/topics/admin/device-admin)來創建工作設定檔，它有大量權限訪問存儲在工作設定檔的資料。
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
-
-**Secure Camera** 專注於隱私和安全的相機應用，可以捕捉圖像、影片和二維碼。 CameraX 供應商擴展（肖像、HDR、夜視、面部修飾和自動）也支持可用設備。
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>下載 Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-主要隱私功能包括：
-
-- 自動移除 [Exif](https://en.wikipedia.org/wiki/Exif) 中繼資料 (設預啟用)
-- 使用新的 [媒介](https://developer.android.com/training/data-storage/shared/media) API，因此不需要 [儲存權限](https://developer.android.com/training/data-storage)。
-- 除非需錄制聲音，否則無需麥克風權限。
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note "備註"</p>
-
-目前影片沒有刪除中繼資料，未來計畫要刪除。
-
-圖片方向的中繼資料未刪除。 如果 (Secure Camera) 開啟定位， 也 **不會** 被不會偵測到。 如果之後想刪除，必須使用外部應用如[ExifEraser](data-redaction.md#exiferaser-android)。
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**Secure PDF Viewer** 是基於 [pdf.js](https://en.wikipedia.org/wiki/PDF.js)的PDF 瀏覽器，無需任何權限。 此 PDF 被送入 [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview)。 這意味著它不需要權限就能直接存取內容或檔案。
-
-[內容安全政策](https://en.wikipedia.org/wiki/Content_Security_Policy)用來強制要求 WebView 內的JavaScript 和造型屬性需全為靜態內容。
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary> 下載: Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## 獲取應用程式
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** 應用管理器可以直接透過開發者自己的發佈頁來安裝與更新應用。(例如 GitHub, GitLab 等等.), 取代集中式的應用商店或代碼儲存庫。  在 Android 12 以上版本，可支援自動背景更新。
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads "下載"</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium 可以從不同來源下載 APK  安裝檔，由使用者自行判斷其來源與應用是否可靠合法。 例如使用 Obtainium 從 [Signal APK 登錄頁 ](https://signal.org/android/apk) 來下載安裝 Signal 應該沒問題，但如果透過第三方 APK 儲放庫如 Aptoide o 或 APKPure 則可能有其它風險。 安裝惡意*更新*的風險較低，因為 Android 自身會在安裝之前驗證所有應用程式更新是否由與手機上現有應用程式為相同開發人員所簽署。
-
-### GrapheneOS App Store
-
-GrapheneOS 應用商店可在 [GitHub](https://github.com/GrapheneOS/Apps/releases)找到。 它支持Android 12 以上版本，並且能夠自行更新。 應用程式商店擁有由 GrapheneOS 專案建立的獨立應用程序，例如 [Auditor](https://attestation.app)、[相機](https://github.com/GrapheneOS/Camera)和[PDF 檢視器](https://github.com/GrapheneOS/PdfViewer)。 如果正在尋找這些應用程式，強烈建議從 GrapheneOS 應用程式商店而不是 Google Play 商店獲得，因為 GrapheneOS 會對自家商店的應用程式簽署 Google 無法訪問的簽名。
-
-### Aurora Store
-
-Google Play商店需要登錄 Google 帳戶，這對隱私來說不是很好。 可以使用替代客戶端，如 Aurora Store 來解決這個問題。
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
-
-**Aurora Store** 為 Google Play Store 客戶端，其無須 Google 帳戶 或 microG 即可下戴應用。
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads "下載"</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store不允許其匿名帳戶下載付費應用程式。 您可以選擇使用 Google 帳戶登錄 Aurora Store 來下載所購買的應用程式，這確實可以訪問您的 Google 安裝應用程式列表。 但仍可受益於裝置上不需要完整的 Google Play 用戶端和 Google Play 服務或 microG。
-
-### 手動使用 RSS 通知
-
-在GitHub和GitLab 等平台上發布的應用程式，也可在 [新聞聚合器](news-aggregators.md) 下添加 RSS 源，有助於追踪新版本消息。
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-在 GitHub，以 [Secure Camera](#secure-camera) 為例，可以導航到它的 [發布頁](https://github.com/GrapheneOS/Camera/releases) ，並在URL 最後加 `.atom`。
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-在GitLab ，以 [Aurora Store](#aurora-store) 為例，可以導航到其 [專案存取庫](https://gitlab.com/AuroraOSS/AuroraStore) ，並在URL 最後加 `/-/tags?format=atom`。
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### 查驗 APK 指紋碼
-
-如果想下載 APK 檔案進行手動安裝，可用 [`apksigner`](https://developer.android.com/studio/command-line/apksigner) 工具驗證其簽名，這是 Android [build-tools](https://developer.android.com/studio/releases/build-tools)的一部分。
-
-1. 安裝 [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. 下載 [Android Studio 命令列工具](https://developer.android.com/studio#command-tools).
-
-3. 解壓縮下載的存檔:
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. 執行簽名驗證指令:
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. 產生的雜湊結果可與另一個來源進行比對。 某些開發者例如 Signal 在會其官網顥示其[指紋碼](https://signal.org/android/apk)。
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid 圖標](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==我們只建議用 F-Droid 來獲取無法在上述管道取得的應用程式。== F-Droid 經常被推薦為 Google Play 替代品，特別是隱私社區。 可添加第三方資源庫的選項與不被局限在 Google 圍牆花園，導致了它的流行。 F-Droid 另外還有 [可複制建構](https://f-droid.org/en/docs/Reproducible_Builds) ，用於一些應用程式，並致力於自由和開源軟體。 不過F-Droid 建置、簽署和交付包的方式存在一些安全缺失：
-
-由於其構制應用程式的程序，F-Droid 官方資源庫中的應用程式經常在更新上落後。 F-Droid 維護者在用自己的密鑰簽署應用程式時也會重複使用套件 ID，此作法並不理想，因為這給予 F-Droid 團隊終極信任。 此外，應用程式納入官方 F-Droid 儲存庫中的要求不如 Google Play 等其他應用程式商店嚴格，這意味著 F-Droid 往往會託管更多較舊、未維護或不符合[現代安全標準](https://developer.android.com/google/play/requirements/target-sdk)的應用程式。
-
-其他流行的 F-Droid 第三方資源庫，如 [IzzyOnDroid](https://apt.izzysoft.de/fdroid) ，緩解一些擔憂。 IzzyOnDroid 存儲庫直接從 GitHub 拉取構建，是開發者自己存儲庫的下一個最好的東西。 然而，這不是我們所推薦的，當應用程式進入 F-droid 主倉庫時，通常 [就會從該倉庫刪除](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446)。 雖然可以理解（因為該特定倉庫的作用是應用程式在為 F-Droid 主倉庫接受之前託管工作），它可能會讓所安裝的應用程式不再收到更新。
-
-也就是說， [F-droid](https://f-droid.org/en/packages) 和 [IzzyOnDroid](https://apt.izzysoft.de/fdroid) 存取庫有無數應用程式，所以它們成為搜索和發現開源應用程式的有用工具，然後通過 Play Store、Aurora Store 或直接從開發者獲得 APK 下載。 透過此方法尋找新應用程式時，應該做出最佳判斷，並密切注意應用程式的更新頻率。 過時的應用程式可能依賴不支援的程式庫，從而帶來潛在的安全風險。
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-在某些罕見情況下，應用程式開發者將只通過 F-droid 發布（[Gadgetbridge](https://gadgetbridge.org)就是一例。) 如果真需要這樣的應用程式，建議使用 [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic/) ，而不是從官方的 F-droid 應用程式來獲得。 F-Droid Basic 可以進行無需特權或 root 的更新，且具降低的功能集（限制攻擊面）。
-
-</div>
-
-## 標準
-
-**請注意，我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外，我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表，並進行自己的研究，以確保它是您的正確選擇。
-
-### 作業系統
-
-- 必須是開源軟體。
-- 必須支援 bootloader 鎖定與自定 AVB 密鑰支援。
-- Android 主要系統發布後的 1個月內接受更新。
-- 必须在发布后0-14天内收到安卓功能更新（小版本）。
-- 必須在發布後 5 天內收到定期安全補丁。
-- 必須 **不可打破常規地** root 。
-- 必須**不要**預設啟用 Google Play 服務。
-- 必須 **不用** 系統調配以支援 Google Play 服務。
-
-### 裝置
-
-- 必須支援至少一個我們推薦的自訂作業系統。
-- 必須是目前可在商店買到的新品。
-- 至少可獲得 5年的安全更新。
-- 必須有專用的安全元件硬體。
-
-### 應用程式
-
-- 此頁面上的應用程式不得適用於網站上的任何其他軟體類別。
-- 一般應用程式應擴展或取代核心系統功能。
-- 應用程式應定期更新和維護。
diff --git a/i18n/zh-Hant/android/distributions.md b/i18n/zh-Hant/android/distributions.md
new file mode 100644
index 00000000..51bfba59
--- /dev/null
+++ b/i18n/zh-Hant/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": 網頁
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": 網頁
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": 網頁
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">警告</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## 標準
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. 我們建議您在選擇使用項目之前先熟悉此列表，並進行自己的研究，以確保它是您的正確選擇。
+
+- 必須是開源軟體。
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/zh-Hant/android/general-apps.md b/i18n/zh-Hant/android/general-apps.md
new file mode 100644
index 00000000..0bea9225
--- /dev/null
+++ b/i18n/zh-Hant/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": 網頁
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: Android
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: Android
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">警告</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>下載</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">備註</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>下載</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## 標準
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. 我們建議您在選擇使用項目之前先熟悉此列表，並進行自己的研究，以確保它是您的正確選擇。
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/zh-Hant/android/index.md b/i18n/zh-Hant/android/index.md
new file mode 100644
index 00000000..4377f26a
--- /dev/null
+++ b/i18n/zh-Hant/android/index.md
@@ -0,0 +1,34 @@
+---
+title: Android
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": 網頁
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Android
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/zh-Hant/android/obtaining-apps.md b/i18n/zh-Hant/android/obtaining-apps.md
new file mode 100644
index 00000000..e05cac38
--- /dev/null
+++ b/i18n/zh-Hant/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>下載</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>下載</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/zh-Hant/basics/why-privacy-matters.md b/i18n/zh-Hant/basics/why-privacy-matters.md
index ab5de612..1a1e8c10 100644
--- a/i18n/zh-Hant/basics/why-privacy-matters.md
+++ b/i18n/zh-Hant/basics/why-privacy-matters.md
@@ -43,7 +43,7 @@ icon: 'material/shield-account'
 
 對隱私運動常見一個反駁論點是，如果一個人**“沒有什麼可隱藏的”，就不需要隱私。**這是危險的誤解，讓人覺得要求隱私的人一定是越軌、犯罪或錯誤。
 
-==不應該混淆隱私和祕密。== 人人都知道浴室裡發生了什麼，但你還是會關上門。 這是因為您想要隱私，而不是保密。 總有一些關於我們的事實——比如，個人健康資訊或性行為——不想讓全世界都知道，這沒關係。 需要隱私是合理合法的，它讓人之所以為人。 隱私是賦予權利來決定自己的資訊，而不是為了隱藏祕密。
+==不應該混淆隱私和祕密。== 人人都知道浴室裡發生了什麼，但你還是會關上門。 That's because you want privacy, not secrecy. 總有一些關於我們的事實——比如，個人健康資訊或性行為——不想讓全世界都知道，這沒關係。 需要隱私是合理合法的，它讓人之所以為人。 隱私是賦予權利來決定自己的資訊，而不是為了隱藏祕密。
 
 ## 隱私關乎控制?
 
diff --git a/i18n/zh-Hant/device-integrity.md b/i18n/zh-Hant/device-integrity.md
index affae47e..9864a2f0 100644
--- a/i18n/zh-Hant/device-integrity.md
+++ b/i18n/zh-Hant/device-integrity.md
@@ -163,9 +163,9 @@ iMazing 會自動並以互動方式引導完成使用 [MVT](#mobile-verification
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. 這為裝置本身提供了非常強大的完整性檢查，但不一定檢查裝置上執行的使用者級應用程式是否是惡意的。
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. 這為裝置本身提供了非常強大的完整性檢查，但不一定檢查裝置上執行的使用者級應用程式是否是惡意的。
 
-審核員使用**兩個**設備執行證明和入侵檢測，即一個_被審核者_（正在驗證的設備）和一個_審核員_（執行驗證的設備）。 審核者可以是任何Android 10+ 裝置（或由[GrapheneOS](android.md#grapheneos) 運行的遠端Web 服務），而受審核者必須是專門的[支援的裝置](https://attestation.app /about #device-support）。 Auditor 適用於:
+審核員使用**兩個**設備執行證明和入侵檢測，即一個_被審核者_（正在驗證的設備）和一個_審核員_（執行驗證的設備）。 The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor 適用於:
 
 - 在_審核員_和_被審核者_之間使用 [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) 模式，雙方在兩人在[硬體支援的金鑰庫](https://source.android.com/security/keystore/)the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/)中建立 _審計員_私鑰。
 - _審核員_可以是審核員應用程式的另一個實例，也可以是[遠端憑證服務](https://attestation.app)。
@@ -197,7 +197,7 @@ Auditor is not a scanning/analysis tool like some other tools on this page; rath
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** 適用於 Android 的開源即時惡意軟體掃描程式，由 [DivestOS](android.md#divestos) 的人員開發。 It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/zh-Hant/mobile-phones.md b/i18n/zh-Hant/mobile-phones.md
new file mode 100644
index 00000000..4e27e1f2
--- /dev/null
+++ b/i18n/zh-Hant/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": 網頁
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">警告</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## 標準
+
+請注意，我們所推薦專案沒有任何瓜葛。 除[標準準則](about/criteria.md)外，我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表，並進行自己的研究，以確保它是您的正確選擇。
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/zh-Hant/os/android-overview.md b/i18n/zh-Hant/os/android-overview.md
index d7de2533..981ba097 100644
--- a/i18n/zh-Hant/os/android-overview.md
+++ b/i18n/zh-Hant/os/android-overview.md
@@ -18,7 +18,7 @@ description: Android是一個開源作業系統，具有強大的安全保護，
 
 理想情況下，在選擇客製 Android 發行版時，應該確保它符合Android 安全模型。 至少，該發行版應該具有生產構建，支持AVB ，回滾保護，及時韌體和操作系統更新，以及SELinux [開啟模式](https://source.android.com/security/selinux/concepts#enforcement_levels)。 我們推薦的 Android 發行版都符合這些標準。
 
-[Android 系統建議 :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[Android 系統建議 :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### 避免 Root
 
@@ -132,7 +132,7 @@ Android 13:
 
 [工作用設定檔](https://support.google.com/work/android/answer/6191949) 是另一個隔離個別應用的方法，也比單獨的用戶設定檔更為方便。
 
-**設備控制器**應用例如 [Shelter](../android.md#shelter) 需要建立不用企業 行動裝置管理(MDM) 工作設定檔，除非使用自定的Android 作業系統已包括。
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 工作配置檔需靠裝置控制器才能運作。 控制器必須實現 *File Shuttle* 和 *Contact Search Blocking* 等功能或任何類型的隔離功能。 您還必須完全信任設備控制器應用程序，因為它可以完全訪問工作配置文件中的數據。
 
diff --git a/i18n/zh-Hant/os/index.md b/i18n/zh-Hant/os/index.md
index b71cef8f..231731ce 100644
--- a/i18n/zh-Hant/os/index.md
+++ b/i18n/zh-Hant/os/index.md
@@ -4,7 +4,7 @@ title: 作業系統
 
 我們發布主要作業系統的配置指南，通常可以改善個人資料被收集的情況，特別是如使用[隱私工具](../tools.md)，例如我們推薦的網路瀏覽器在適當的地方設置原生工具。 不過某些作業系統本質上會更加尊重隱私，而在其他選擇上要實現同等隱私則較不易。
 
-如果是從零開始，強烈建議在桌面上使用 [Linux](../desktop.md)，在行動裝置上使用 [Android](../android.md)。 如已經使用其他東西並且對轉換沒興趣，我們仍希望這些指南有所幫助。
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. 如已經使用其他東西並且對轉換沒興趣，我們仍希望這些指南有所幫助。
 
 ## 移動作業系統
 
diff --git a/i18n/zh-Hant/os/ios-overview.md b/i18n/zh-Hant/os/ios-overview.md
index c52c460e..9bb026e5 100644
--- a/i18n/zh-Hant/os/ios-overview.md
+++ b/i18n/zh-Hant/os/ios-overview.md
@@ -10,7 +10,7 @@ description: 蘋果公司使用 Unix 作業系統來開發macOS 支援自家的
 
 iOS 設備因其強大的資料保護和對現代最佳作法的遵守而受到安全專家的讚揚。 然而，Apple 生態系統的限制性——尤其是移動設備——仍然在很多方面阻礙了隱私。
 
-我們認為，與任何製造商的庫存 Android 設備相比，iOS 為大多數人提供了水平之上的隱私和安全保護。 不過，如希望或需要完全從 Apple 或 Google 雲獨立，您可以使用 GrapheneOS 等[自定義 Android 作業系統](../android.md#aosp-derivatives)來實現更高的隱私標準服務。
+我們認為，與任何製造商的庫存 Android 設備相比，iOS 為大多數人提供了水平之上的隱私和安全保護。 However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### 激活鎖
 
@@ -63,7 +63,7 @@ Apple 產品的大多數隱私和安全問題與其雲服務有關，而不是
 
 在「 **設定** 」應用程式的頂部，如果您已登入 Apple ID，便會看到您的姓名和個人資料相片。 選取這項然後再選 **尋找**。 此處您可以選擇是否啟用或禁用“查找設備”功能。
 
-### 設定
+### Settings
 
 許多其他與隱私相關的設置可以在**設置**應用中找到。
 
diff --git a/i18n/zh-Hant/os/windows/group-policies.md b/i18n/zh-Hant/os/windows/group-policies.md
index 3b482c9c..38301619 100644
--- a/i18n/zh-Hant/os/windows/group-policies.md
+++ b/i18n/zh-Hant/os/windows/group-policies.md
@@ -14,7 +14,7 @@ title: 群組原則設置
 
 若要變更任何群組政策，請雙擊它，然後根據下面的建議在出現的視窗頂部選擇「啟用」或「停用」。 某些群組原則可以配置的其他設置，如果是這種情況，下面也會註明相應的設置。
 
-### 系統
+### System
 
 #### Device Guard
 
diff --git a/i18n/zh-Hant/pastebins.md b/i18n/zh-Hant/pastebins.md
new file mode 100644
index 00000000..04c11387
--- /dev/null
+++ b/i18n/zh-Hant/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. 資料在瀏覽器中使用 256位元AES 來加密/解密。 它是 ZeroBin 的改進版本。
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## 標準
+
+請注意，我們所推薦專案沒有任何瓜葛。 除[標準準則](about/criteria.md)外，我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表，並進行自己的研究，以確保它是您的正確選擇。
+
+### 最低合格要求
+
+- 它必須是開源的。
+- 必須落實"零信任"端對端加密。
+- 必須支援密碼保護檔案。
+
+### 最佳案例
+
+最佳案例標準代表了我們希望從這個類別的完美項目應具備的功能。 推薦產品可能沒有此功能，但若有這些功能則會讓排名更為提高。
+
+- 應有來自聲譽良好、獨立的第三方公開審查報告。
diff --git a/i18n/zh-Hant/productivity.md b/i18n/zh-Hant/productivity.md
index be22ed41..f892fd9c 100644
--- a/i18n/zh-Hant/productivity.md
+++ b/i18n/zh-Hant/productivity.md
@@ -154,39 +154,6 @@ cover: productivity.webp
 - 必須支援編輯文件、電子表格和投影片製作投放。
 - 必須將檔案匯出為標準文件格式。
 
-## 網路黏貼服務
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** 是一個極簡主義的開源網路剪貼板 ，伺服器對黏貼的資料一無所知。 資料在瀏覽器中使用 256位元AES 來加密/解密。 它是 ZeroBin 的改進版本。
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### 標準
-
-**請注意，我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外，我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表，並進行自己的研究，以確保它是您的正確選擇。
-
-#### 最低合格要求
-
-- 它必須是開源的。
-- 必須落實"零信任"端對端加密。
-- 必須支援密碼保護檔案。
-
-#### 最佳案例
-
-最佳案例標準代表了我們希望從這個類別的完美項目應具備的功能。 推薦產品可能沒有此功能，但若有這些功能則會讓排名更為提高。
-
-- 應有來自聲譽良好、獨立的第三方公開審查報告。
-
 ## 語言服務
 
 ### LanguageTool
diff --git a/i18n/zh-Hant/tools.md b/i18n/zh-Hant/tools.md
index e4f07225..f5e17046 100644
--- a/i18n/zh-Hant/tools.md
+++ b/i18n/zh-Hant/tools.md
@@ -394,6 +394,16 @@ description: Privacy Guides 是最透明和可靠的網站，用於尋找保護
 
 [了解更多 :material-arrow-right-drop-circle:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[了解更多 :material-arrow-right-drop-circle:](pastebins.md)
+
 ### 工作效率工具
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ description: Privacy Guides 是最透明和可靠的網站，用於尋找保護
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ description: Privacy Guides 是最透明和可靠的網站，用於尋找保護
 
 [了解更多 :material-arrow-right-drop-circle:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[了解更多 :material-arrow-right-drop-circle:](mobile-phones.md)
+
 ## 作業系統
 
 ### 行動
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[了解更多 :material-arrow-right-drop-circle:](android.md)
+[了解更多 :material-arrow-right-drop-circle:](android/distributions.md)
 
 #### Android 應用程式
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[了解更多 :material-arrow-right-drop-circle:](android.md#general-apps)
+[了解更多 :material-arrow-right-drop-circle:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[了解更多 :material-arrow-right-drop-circle:](android/obtaining-apps.md)
 
 ### 桌上型電腦
 
diff --git a/i18n/zh/android.md b/i18n/zh/android.md
deleted file mode 100644
index a0be8e2d..00000000
--- a/i18n/zh/android.md
+++ /dev/null
@@ -1,451 +0,0 @@
----
-meta_title: "Android Recommendations: GrapheneOS and DivestOS - Privacy Guides"
-title: "安卓"
-icon: 'simple/android'
-description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
-cover: android.webp
-schema:
-  - 
-    "@context": http://schema.org
-    "@type": WebPage
-    name: Private Android Operating Systems
-    url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: 安卓
-    image: /assets/img/android/android.svg
-    url: https://source.android.com/
-    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: GrapheneOS
-    image: /assets/img/android/grapheneos.svg
-    url: https://grapheneos.org/
-    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": CreativeWork
-    name: Divest
-    image: /assets/img/android/divestos.svg
-    url: https://divestos.org/
-    sameAs: https://en.wikipedia.org/wiki/DivestOS
-    subjectOf:
-      "@context": http://schema.org
-      "@type": WebPage
-      url: "./"
-  - 
-    "@context": http://schema.org
-    "@type": Product
-    name: Pixel
-    brand:
-      "@type": Brand
-      name: Google
-    image: /assets/img/android/google-pixel.png
-    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
-    review:
-      "@type": Review
-      author:
-        "@type": Organization
-        name: Privacy Guides
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Shelter
-    applicationCategory: Utilities
-    operatingSystem: 安卓
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Auditor
-    applicationCategory: Utilities
-    operatingSystem: 安卓
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure Camera
-    applicationCategory: Utilities
-    operatingSystem: 安卓
-  - 
-    "@context": http://schema.org
-    "@type": MobileApplication
-    name: Secure PDF Viewer
-    applicationCategory: Utilities
-    operatingSystem: 安卓
----
-
-![安卓徽标](assets/img/android/android.svg){ align=right }
-
-**安卓开源项目** 是一个由谷歌领导的开源移动操作系统，为世界上大多数移动设备提供动力。 大多数使用安卓系统销售的手机都经过修改，包括侵入性的集成和应用程序，如谷歌游戏服务，所以你可以通过用没有这些侵入性功能的安卓系统版本替换你的手机默认安装，来大大改善你在移动设备上的隐私。
-
-[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
-[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
-[:octicons-code-16:](https://cs.android.com/android/platform/superproject){ .card-link title="Source Code" }
-
-这些是我们推荐的安卓操作系统、设备和应用程序，以最大限度地提高你的移动设备的安全和隐私。 要了解更多关于安卓的信息。
-
-[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
-
-## AOSP 衍生品
-
-We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-End-of-life devices (such as GrapheneOS's or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. 无论安装何种软件，都不能认为这些设备是完全安全的。
-
-</div>
-
-### GrapheneOS
-
-<div class="admonition recommendation" markdown>
-
-![GrapheneOS标志](assets/img/android/grapheneos.svg#only-light){ align=right }
-![GrapheneOS标志](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
-
-**GrapheneOS**是涉及隐私和安全的最佳选择。
-
-GrapheneOS提供了额外的[安全加固](https://en.wikipedia.org/wiki/Hardening_(计算))和隐私改进。 它有一个[加固的内存分配器](https://github.com/GrapheneOS/hardened_malloc)、网络和传感器权限，以及其他各种[安全功能](https://grapheneos.org/features)。 GrapheneOS还带有完整的固件更新和签名构建，因此完全支持验证性启动。
-
-[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-</div>
-
-GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
-
-Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
-
-[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos ""){.md-button}
-
-### DivestOS
-
-<div class="admonition recommendation" markdown>
-
-![DivestOS logo](assets/img/android/divestos.svg){ align=right }
-
-**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
-DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. 它有签名的构建，使得在一些非Pixel设备上可以有[验证的启动](https://source.android.com/security/verifiedboot)。
-
-[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
-
-</div>
-
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
-
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
-
-DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">警告</p>
-
-DivestOS的固件更新 [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS)和质量控制在其支持的设备中各不相同。 我们仍然推荐GrapheneOS，这取决于你设备的兼容性。 对于其他设备，DivestOS是一个不错的选择。
-
-并非所有支持的设备都有验证启动，有些设备的验证启动性能比其他设备好。
-
-</div>
-
-## 安卓设备
-
-When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
-
-Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
-
-Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
-
-A few more tips regarding Android devices and operating system compatibility:
-
-- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
-- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
-- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
-
-### Google Pixel
-
-Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
-
-<div class="admonition recommendation" markdown>
-
-！[谷歌Pixel 6](assets/img/android/google-pixel.png){ align=right }
-
-众所周知，**谷歌Pixel**设备具有良好的安全性，并适当支持[验证启动](https://source.android.com/security/verifiedboot)，即使在安装自定义操作系统时也是如此。
-
-Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
-
-[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
-
-</div>
-
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
-
-Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
-
-A few more tips for purchasing a Google Pixel:
-
-- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
-- Consider price beating options and specials offered at physical stores.
-- Look at online community bargain sites in your country. These can alert you to good sales.
-- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math> , meaning that the longer use of the device the lower cost per day.
-- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
-
-## 常规应用程序
-
-We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
-
-### Shelter
-
-<div class="admonition recommendation" markdown>
-
-![Shelter logo](assets/img/android/shelter.svg){ align=right }
-
-* *Shelter* *是一款应用程序，可帮助您利用Android的工作配置文件功能隔离或复制设备上的应用程序。
-
-Shelter支持阻止联系人跨档案搜索，并通过默认文件管理器([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui))跨档案共享文件。
-
-[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
-[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
-
-</div>
-
-<div class="admonition warning" markdown>
-<p class="admonition-title">警告</p>
-
-Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
-
-当使用Shelter时，你完全信任它的开发者，因为Shelter作为一个[设备管理员](https://developer.android.com/guide/topics/admin/device-admin)来创建工作档案，它可以广泛地访问存储在工作档案中的数据。
-
-</div>
-
-### Secure Camera
-
-<div class="admonition recommendation" markdown>
-
-![Secure 摄像头标志](assets/img/android/secure_camera.svg#only-light){ align=right }
-![Secure 摄像头标志](assets/img/android/secure_camara-dark#only-dark){ aligh=right }
-
-**Secure Camera** 是一个专注于隐私和安全的相机应用，它可以捕捉图像、视频和二维码。 CameraX供应商扩展（肖像、HDR、夜视、面部修饰和自动）也在可用设备上得到支持。
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
-[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-Main privacy features include:
-
-- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
-- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
-- Microphone permission not required unless you want to record sound
-
-<div class="admonition note" markdown>
-<p class="admonition-title">Note</p>
-
-目前，元数据没有从视频文件中删除，但这是计划中的。
-
-图像方向元数据未被删除。 如果你启用位置（在安全相机中），**也不会被删除。 If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser-android).
-
-</div>
-
-### Secure PDF Viewer
-
-<div class="admonition recommendation" markdown>
-
-![安全PDF浏览器标志](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
-![安全PDF浏览器标志](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
-
-**安全PDF浏览器**是一个基于 [pdf.js]（https://en.wikipedia.org/wiki/PDF.js）的PDF浏览器，不需要任何权限。 该PDF被送入一个 [sandboxed]（https://en.wikipedia.org/wiki/Sandbox_(software_development)） [webview]（https://developer.android.com/guide/webapps/webview）。 这意味着它不需要权限就能直接访问内容或文件。
-
-[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy)是用来强制要求WebView内的JavaScript和造型属性完全是静态内容。
-
-[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
-- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
-- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-</details>
-
-</div>
-
-## 获取应用程序
-
-### Obtainium
-
-<div class="admonition recommendation" markdown>
-
-![Obtainium logo](assets/img/android/obtainium.svg){ align=right }
-
-**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
-
-[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
-[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
-
-</details>
-
-</div>
-
-Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
-
-### GrapheneOS应用商店
-
-GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
-
-### 奥罗拉商店（Aurora Store）
-
-The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
-
-<div class="admonition recommendation" markdown>
-
-![Aurora Store徽标](assets/img/android/aurora-store.webp){ align=right }
-
-* *Aurora Store* *是Google Play Store客户端，无需Google帐户、Google Play服务或microG即可下载应用程序。
-
-[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
-
-<details class="downloads" markdown>
-<summary>Downloads</summary>
-
-- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
-
-</details>
-
-</div>
-
-Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
-
-### 手动使用RSS通知
-
-For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](news-aggregators.md) that will help you keep track of new releases.
-
-![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
-
-#### GitHub
-
-On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
-
-`https://github.com/GrapheneOS/Camera/releases.atom`
-
-#### GitLab
-
-On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
-
-`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
-
-#### Verifying APK Fingerprints
-
-If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
-
-1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
-
-2. 下载 [Android Studio命令行工具](https://developer.android.com/studio#command-tools)。
-
-3. 解压缩下载的存档：
-
-    ```bash
-    unzip commandlinetools-*.zip
-    cd cmdline-tools
-    ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
-    ```
-
-4. 运行签名验证命令。
-
-    ```bash
-    ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
-    ```
-
-5. 然后，所产生的哈希值可以与另一个来源进行比较。 Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
-
-    ```bash
-    Signer #1 certificate DN: CN=GrapheneOS
-    Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
-    Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
-    Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
-    ```
-
-### F-Droid
-
-![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
-
-==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
-
-Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
-
-Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
-
-That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
-
-<div class="admonition note" markdown>
-<p class="admonition-title">F-Droid Basic</p>
-
-In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
-
-</div>
-
-## Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-### 服务供应商
-
-- 它必须是开源软件。
-- Must support bootloader locking with custom AVB key support.
-- Must receive major Android updates within 0-1 months of release.
-- Must receive Android feature updates (minor version) within 0-14 days of release.
-- Must receive regular security patches within 0-5 days of release.
-- Must **not** be "rooted" out of the box.
-- Must **not** enable Google Play Services by default.
-- Must **not** require system modification to support Google Play Services.
-
-### 设备
-
-- Must support at least one of our recommended custom operating systems.
-- Must be currently sold new in stores.
-- Must receive a minimum of 5 years of security updates.
-- Must have dedicated secure element hardware.
-
-### 应用程序
-
-- Applications on this page must not be applicable to any other software category on the site.
-- General applications should extend or replace core system functionality.
-- Applications should receive regular updates and maintenance.
diff --git a/i18n/zh/android/distributions.md b/i18n/zh/android/distributions.md
new file mode 100644
index 00000000..0dcc9052
--- /dev/null
+++ b/i18n/zh/android/distributions.md
@@ -0,0 +1,106 @@
+---
+meta_title: The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides
+title: Alternative Distributions
+description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Private Android Operating Systems
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: GrapheneOS
+    image: /assets/img/android/grapheneos.svg
+    url: https://grapheneos.org/
+    sameAs: https://en.wikipedia.org/wiki/GrapheneOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: Divest
+    image: /assets/img/android/divestos.svg
+    url: https://divestos.org/
+    sameAs: https://en.wikipedia.org/wiki/DivestOS
+    subjectOf:
+      "@context": http://schema.org
+      "@type": WebPage
+      url: ./
+---
+
+A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
+
+We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
+
+## AOSP Derivatives
+
+### GrapheneOS
+
+<div class="admonition recommendation" markdown>
+
+![GrapheneOS logo](../assets/img/android/grapheneos.svg#only-light){ align=right }
+![GrapheneOS logo](../assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
+
+**GrapheneOS** is the best choice when it comes to privacy and security.
+
+GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
+
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+</div>
+
+GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging), while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
+
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+
+### DivestOS
+
+<div class="admonition recommendation" markdown>
+
+![DivestOS logo](../assets/img/android/divestos.svg){ align=right }
+
+**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org).
+DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices\&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
+
+[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+
+</div>
+
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
+DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
+
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://grapheneos.org/usage#exec-spawning), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_\(computer_programming\)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_\(software\)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, [automatic reboot](https://grapheneos.org/features#auto-reboot), and Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features#attack-surface-reduction).
+
+DivestOS uses F-Droid as its default app store. We normally [recommend avoiding F-Droid](obtaining-apps.md#f-droid), but doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) **with the DivestOS repositories enabled** to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">警告</p>
+
+DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
+
+Not all of the supported devices have verified boot, and some perform it better than others.
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- 它必须是开源软件。
+- Must support bootloader locking with custom AVB key support.
+- Must receive major Android updates within 0-1 months of release.
+- Must receive Android feature updates (minor version) within 0-14 days of release.
+- Must receive regular security patches within 0-5 days of release.
+- Must **not** be "rooted" out of the box.
+- Must **not** enable Google Play Services by default.
+- Must **not** require system modification to support Google Play Services.
diff --git a/i18n/zh/android/general-apps.md b/i18n/zh/android/general-apps.md
new file mode 100644
index 00000000..536a11ed
--- /dev/null
+++ b/i18n/zh/android/general-apps.md
@@ -0,0 +1,124 @@
+---
+title: General Apps
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: General Android Apps
+    url: ./
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Shelter
+    applicationCategory: Utilities
+    operatingSystem: 安卓
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure Camera
+    applicationCategory: Utilities
+    operatingSystem: 安卓
+  - "@context": http://schema.org
+    "@type": MobileApplication
+    name: Secure PDF Viewer
+    applicationCategory: Utilities
+    operatingSystem: 安卓
+---
+
+We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
+
+### Shelter
+
+<div class="admonition recommendation" markdown>
+
+![Shelter logo](../assets/img/android/shelter.svg){ align=right }
+
+**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
+
+Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
+
+[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
+[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://patreon.com/PeterCxy){ .card-link title=Contribute }
+
+</div>
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">警告</p>
+
+Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
+
+When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
+
+</div>
+
+### Secure Camera
+
+<div class="admonition recommendation" markdown>
+
+![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
+![Secure camera logo](../assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
+
+**Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
+[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+Main privacy features include:
+
+- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
+- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
+- Microphone permission not required unless you want to record sound
+
+<div class="admonition note" markdown>
+<p class="admonition-title">Note</p>
+
+Metadata is not currently deleted from video files but that is planned.
+
+The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
+
+</div>
+
+### Secure PDF Viewer
+
+<div class="admonition recommendation" markdown>
+
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
+![Secure PDF Viewer logo](../assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
+
+**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_\(software_development\)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
+
+[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
+
+[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
+- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
+- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+</details>
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Applications on this page must not be applicable to any other software category on the site.
+- General applications should extend or replace core system functionality.
+- Applications should receive regular updates and maintenance.
diff --git a/i18n/zh/android/index.md b/i18n/zh/android/index.md
new file mode 100644
index 00000000..c4d1d2b2
--- /dev/null
+++ b/i18n/zh/android/index.md
@@ -0,0 +1,34 @@
+---
+title: 安卓
+icon: simple/android
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Android Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": CreativeWork
+    name: 安卓
+    image: /assets/img/android/android.svg
+    url: https://source.android.com/
+    sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
+---
+
+![Android logo](../assets/img/android/android.svg){ align=right }
+
+The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
+
+[:octicons-home-16:](https://source.android.com){ .card-link title=Homepage }
+[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
+[:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" }
+
+We recommend the following Android-specific tools to maximize your mobile device's security and privacy.
+
+- [Alternative Distributions](distributions.md)
+- [General Apps](general-apps.md)
+- [Obtaining Applications](obtaining-apps.md)
+
+To learn more about Android:
+
+[General Android Overview :material-arrow-right-drop-circle:](../os/android-overview.md){ .md-button }
diff --git a/i18n/zh/android/obtaining-apps.md b/i18n/zh/android/obtaining-apps.md
new file mode 100644
index 00000000..ffa70e67
--- /dev/null
+++ b/i18n/zh/android/obtaining-apps.md
@@ -0,0 +1,126 @@
+---
+title: Obtaining Applications
+---
+
+There are many ways to obtain Android apps privately, even from the Play Store, without interacting with Google Play Services. We recommend the following methods of obtaining applications on Android, listed in order of preference.
+
+## Obtainium
+
+<div class="admonition recommendation" markdown>
+
+![Obtainium logo](../assets/img/android/obtainium.svg){ align=right }
+
+**Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
+
+[:octicons-repo-16: Repository](https://github.com/ImranR98/Obtainium#readme){ .md-button .md-button--primary }
+[:octicons-info-16:](https://github.com/ImranR98/Obtainium/wiki){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/ImranR98/Obtainium){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://github.com/sponsors/ImranR98){ .card-link title=Contribute }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-github: GitHub](https://github.com/ImranR98/Obtainium/releases)
+
+</details>
+
+</div>
+
+Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious _update_ is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
+
+## GrapheneOS App Store
+
+GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../device-integrity.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
+
+## Aurora Store
+
+The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
+
+<div class="admonition recommendation" markdown>
+
+![Aurora Store logo](../assets/img/android/aurora-store.webp){ align=right }
+
+**Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
+
+[:octicons-home-16: Homepage](https://auroraoss.com){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md){ .card-link title="Privacy Policy" }
+[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
+
+<details class="downloads" markdown>
+<summary>Downloads</summary>
+
+- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
+
+</details>
+
+</div>
+
+Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
+
+## Manually with RSS Notifications
+
+For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../news-aggregators.md) that will help you keep track of new releases.
+
+![RSS APK](../assets/img/android/rss-apk-light.png#only-light) ![RSS APK](../assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](../assets/img/android/rss-changes-light.png#only-light) ![APK Changes](../assets/img/android/rss-changes-dark.png#only-dark)
+
+### GitHub
+
+On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
+
+`https://github.com/GrapheneOS/Camera/releases.atom`
+
+### GitLab
+
+On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
+
+`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
+
+### Verifying APK Fingerprints
+
+If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
+
+1. Install [Java JDK](https://oracle.com/java/technologies/downloads).
+
+2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
+
+3. Extract the downloaded archive:
+
+   ```bash
+   unzip commandlinetools-*.zip
+   cd cmdline-tools
+   ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
+   ```
+
+4. Run the signature verification command:
+
+   ```bash
+   ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
+   ```
+
+5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk) on their website.
+
+   ```bash
+   Signer #1 certificate DN: CN=GrapheneOS
+   Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
+   Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
+   Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
+   ```
+
+## F-Droid
+
+![F-Droid logo](../assets/img/android/f-droid.svg){ align=right width=120px }
+
+\==We only recommend F-Droid as a way to obtain apps which cannot be obtained via the means above.== F-Droid is often recommended as an alternative to Google Play, particularly within the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds) for some applications and is dedicated to free and open-source software. However, there are some security-related downsides to how F-Droid builds, signs, and delivers packages:
+
+Due to their process of building apps, apps in the _official_ F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. Additionally, the requirements for an app to be included in the official F-Droid repo are less strict than other app stores like Google Play, meaning that F-Droid tends to host a lot more apps which are older, unmaintained, or otherwise no longer meet [modern security standards](https://developer.android.com/google/play/requirements/target-sdk).
+
+Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can fully recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
+
+That said, the [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgement when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
+
+<div class="admonition note" markdown>
+<p class="admonition-title">F-Droid Basic</p>
+
+In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
+
+</div>
diff --git a/i18n/zh/device-integrity.md b/i18n/zh/device-integrity.md
index afdc230c..c4a19a01 100644
--- a/i18n/zh/device-integrity.md
+++ b/i18n/zh/device-integrity.md
@@ -163,9 +163,9 @@ Using these apps is insufficient to determine that a device is "clean", and not
 
 </div>
 
-Auditor is not a scanning/analysis tool like some other tools on this page; rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
 
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
 
 - Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the _Auditor_.
 - The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -197,7 +197,7 @@ Using these apps is insufficient to determine that a device is "clean", and not
 ![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
 ![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
 
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud. Scans are performed entirely locally.
+**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android/distributions.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
 
 [:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
 [:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
diff --git a/i18n/zh/mobile-phones.md b/i18n/zh/mobile-phones.md
new file mode 100644
index 00000000..2e9a4662
--- /dev/null
+++ b/i18n/zh/mobile-phones.md
@@ -0,0 +1,91 @@
+---
+title: Mobile Phones
+icon: material/cellphone-check
+description: These mobile devices have proper Android Verified Boot support for custom operating systems.
+cover: android.webp
+schema:
+  - "@context": http://schema.org
+    "@type": WebPage
+    name: Mobile Phone Recommendations
+    url: ./
+  - "@context": http://schema.org
+    "@type": Product
+    name: Pixel
+    brand:
+      "@type": Brand
+      name: Google
+    image: /assets/img/android/google-pixel.png
+    sameAs: https://en.wikipedia.org/wiki/Google_Pixel
+    review:
+      "@type": Review
+      author:
+        "@type": Organization
+        name: Privacy Guides
+---
+
+Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
+
+The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
+
+[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
+
+<div class="admonition warning" markdown>
+<p class="admonition-title">警告</p>
+
+End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
+
+</div>
+
+## Purchasing Advice
+
+When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
+
+Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
+
+Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
+
+A few more tips regarding Android devices and operating system compatibility:
+
+- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
+- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
+- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
+
+## Google Pixel
+
+Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
+
+<div class="admonition recommendation" markdown>
+
+![Google Pixel 6](../assets/img/android/google-pixel.png){ align=right }
+
+**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
+
+Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
+
+[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
+
+</div>
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+
+Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
+
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
+A few more tips for purchasing a Google Pixel:
+
+- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
+- Consider price beating options and specials offered at physical stores.
+- Look at online community bargain sites in your country. These can alert you to good sales.
+- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;"> <mfrac> <mtext>Cost</mtext> <mrow> <mtext>End of Life Date</mtext> <mo>−</mo> <mtext>Current Date</mtext> </mrow> </mfrac> </math>
+  , meaning that the longer use of the device the lower cost per day.
+- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+- Must support at least one of our recommended custom operating systems.
+- Must be currently sold new in stores.
+- Must receive a minimum of 5 years of security updates.
+- Must have dedicated secure element hardware.
diff --git a/i18n/zh/os/android-overview.md b/i18n/zh/os/android-overview.md
index f16d410b..4cacd8d3 100644
--- a/i18n/zh/os/android-overview.md
+++ b/i18n/zh/os/android-overview.md
@@ -18,7 +18,7 @@ When you buy an Android phone, the default operating system comes bundled with a
 
 在挑选安卓 ROM 时，理想的情况，是能找到坚持安卓安全模型的 ROM。 最起码的是，你选用的 ROM 应该提供生产版本（而非 `userdebug`版本）的构建，能支持 AVB、回滚保护、按时推送系统更新、把 SELinux 设为[强制模式](https://source.android.com/security/selinux/concepts#enforcement_levels)。 我们推荐的所有安卓 ROM 都满足上述标准。
 
-[我们推荐的安卓 ROM :material-arrow-right-drop-circle:](../android.md ""){.md-button}
+[我们推荐的安卓 ROM :material-arrow-right-drop-circle:](../android/distributions.md ""){.md-button}
 
 ### 避免 Root
 
@@ -125,7 +125,7 @@ Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/
 
 [工作配置文件](https://support.google.com/work/android/answer/6191949) 是隔离单个应用程序的另一种方式，可能比单独的用户配置文件更方便。
 
-A **device controller** app such as [Shelter](../android.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
+A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
 
 该工作档案依赖于设备控制器来运作。 诸如 *文件穿梭* 和 *接触搜索封锁* 或任何种类的隔离功能必须由控制器实现。 You must also fully trust the device controller app, as it has full access to your data inside the work profile.
 
diff --git a/i18n/zh/os/index.md b/i18n/zh/os/index.md
index af781e51..2f908830 100644
--- a/i18n/zh/os/index.md
+++ b/i18n/zh/os/index.md
@@ -4,7 +4,7 @@ title: 服务供应商
 
 We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use [privacy tools](../tools.md) like our recommended web browsers in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices.
 
-If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
+If you're starting from scratch, we strongly recommend [Linux](../desktop.md) on desktop and [Android](../android/index.md) on mobile. If you already use something else and aren't interested in switching, we hope you'll find these guides useful.
 
 ## Mobile Operating Systems
 
diff --git a/i18n/zh/os/ios-overview.md b/i18n/zh/os/ios-overview.md
index 3513870e..06b06572 100644
--- a/i18n/zh/os/ios-overview.md
+++ b/i18n/zh/os/ios-overview.md
@@ -10,7 +10,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone.
 
 iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways.
 
-We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
+We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md#aosp-derivatives) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services.
 
 ### Activation Lock
 
diff --git a/i18n/zh/os/windows/group-policies.md b/i18n/zh/os/windows/group-policies.md
index dac85ab8..37ed393e 100644
--- a/i18n/zh/os/windows/group-policies.md
+++ b/i18n/zh/os/windows/group-policies.md
@@ -14,7 +14,7 @@ You can find these settings by opening `gpedit.msc` and navigating to **Local Co
 
 To change any group policy, double click it and select Enabled or Disabled at the top of the window that appears depending on the recommendations below. Some group policies have additional settings that can be configured, and if that's the case the appropriate settings are noted below as well.
 
-### 系统
+### System
 
 #### Device Guard
 
diff --git a/i18n/zh/pastebins.md b/i18n/zh/pastebins.md
new file mode 100644
index 00000000..66d41268
--- /dev/null
+++ b/i18n/zh/pastebins.md
@@ -0,0 +1,39 @@
+---
+title: Pastebins
+icon: material/content-paste
+description: These tools allow you to have full control of any pasted data you share to other parties.
+cover: pastebins.webp
+---
+
+[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
+
+## PrivateBin
+
+<div class="admonition recommendation" markdown>
+
+![PrivateBin logo](assets/img/pastebins/privatebin.svg){ align=right }
+
+**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+
+[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
+[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
+[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
+[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
+
+</div>
+
+## Criteria
+
+**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
+
+### Minimum Requirements
+
+- Must be open source.
+- Must implement "zero-trust" end-to-end encryption.
+- Must support password-protected files.
+
+### Best-Case
+
+Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
+
+- Should have a published audit from a reputable, independent third-party.
diff --git a/i18n/zh/productivity.md b/i18n/zh/productivity.md
index cca68c8e..fd1e8cc7 100644
--- a/i18n/zh/productivity.md
+++ b/i18n/zh/productivity.md
@@ -154,39 +154,6 @@ In general, we define office suites as applications which could reasonably act a
 - Must support editing documents, spreadsheets, and slideshows.
 - Must export files to standard document formats.
 
-## Paste services
-
-### PrivateBin
-
-<div class="admonition recommendation" markdown>
-
-![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
-
-**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
-
-[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
-[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
-[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }
-
-</div>
-
-### Criteria
-
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
-
-#### Minimum Requirements
-
-- Must be open source.
-- Must implement "zero-trust" end-to-end encryption.
-- Must support password-protected files.
-
-#### Best-Case
-
-Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-
-- Should have a published audit from a reputable, independent third-party.
-
 ## Language services
 
 ### LanguageTool
diff --git a/i18n/zh/tools.md b/i18n/zh/tools.md
index 22392562..9b87034a 100644
--- a/i18n/zh/tools.md
+++ b/i18n/zh/tools.md
@@ -394,6 +394,16 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [了解更多 :hero-arrow-circle-right-fill:](passwords.md)
 
+### Pastebins
+
+<div class="grid cards" markdown>
+
+- ![PrivateBin logo](assets/img/pastebins/privatebin.svg){ .twemoji loading=lazy } [PrivateBin](pastebins.md#privatebin)
+
+</div>
+
+[了解更多 :hero-arrow-circle-right-fill:](pastebins.md)
+
 ### 实时通讯
 
 <div class="grid cards" markdown>
@@ -402,7 +412,6 @@ For encrypting your operating system drive, we typically recommend using whichev
 - ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji loading=lazy } [LibreOffice](productivity.md#libreoffice)
 - ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji loading=lazy } [OnlyOffice](productivity.md#onlyoffice)
 - ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji loading=lazy } [CryptPad](productivity.md#cryptpad)
-- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji loading=lazy } [PrivateBin (Pastebin)](productivity.md#privatebin)
 - ![LanguageTool logo](assets/img/productivity/languagetool.svg#only-light){ .twemoji loading=lazy }![LanguageTool logo](assets/img/productivity/languagetool-dark.svg#only-dark){ .twemoji loading=lazy } [LanguageTool](productivity.md#languagetool)
 
 </div>
@@ -437,32 +446,53 @@ For encrypting your operating system drive, we typically recommend using whichev
 
 [了解更多 :hero-arrow-circle-right-fill:](security-keys.md)
 
+### Mobile Phones
+
+<div class="grid cards" markdown>
+
+- ![Google Pixel 6](../assets/img/android/google-pixel.png){ .twemoji loading=lazy } [Google Pixel](mobile-phones.md#google-pixel)
+
+</div>
+
+[了解更多 :hero-arrow-circle-right-fill:](mobile-phones.md)
+
 ## 服务供应商
 
 ### Android
 
+#### Custom Android Operating Systems
+
 <div class="grid cards" markdown>
 
-- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android.md#grapheneos)
-- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android.md#divestos)
+- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji loading=lazy }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji loading=lazy } [GrapheneOS](android/distributions.md#grapheneos)
+- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji loading=lazy } [DivestOS](android/distributions.md#divestos)
 
 </div>
 
-[了解更多 :hero-arrow-circle-right-fill:](android.md)
+[了解更多 :hero-arrow-circle-right-fill:](android/distributions.md)
 
 #### DNS 供应商
 
 <div class="grid cards" markdown>
 
-- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android.md#obtainium)
-- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android.md#aurora-store)
-- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android.md#shelter)
-- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android.md#secure-camera)
-- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android.md#secure-pdf-viewer)
+- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji loading=lazy } [Shelter (Work Profiles)](android/general-apps.md#shelter)
+- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji loading=lazy }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji loading=lazy } [Secure Camera](android/general-apps.md#secure-camera)
+- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji loading=lazy }![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji loading=lazy } [Secure PDF Viewer](android/general-apps.md#secure-pdf-viewer)
 
 </div>
 
-[了解更多 :hero-arrow-circle-right-fill:](android.md#general-apps)
+[了解更多 :hero-arrow-circle-right-fill:](android/general-apps.md)
+
+#### Ways to Obtain Android Apps
+
+<div class="grid cards" markdown>
+
+- ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji loading=lazy } [Obtainium (App Manager)](android/obtaining-apps.md#obtainium)
+- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji loading=lazy } [Aurora Store (Google Play Client)](android/obtaining-apps.md#aurora-store)
+
+</div>
+
+[了解更多 :hero-arrow-circle-right-fill:](android/obtaining-apps.md)
 
 ### Android 应用