style: Add title card background color

content/tools/os/android/distributions/index.md

@@ -25,6 +25,8 @@ We recommend installing GrapheneOS if you have a Google Pixel as it provides imp
 
 ## GrapheneOS
 
+{{< title-card >}}
+
 **GrapheneOS** is the best choice when it comes to privacy and security.
 
 GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
@@ -34,6 +36,8 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik
   {{< card link="https://grapheneos.org/faq#privacy-policy" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}
 
+{{< /title-card >}}
+
 GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../_index.md#work-profile) or [user profile](../_index.md#user-profiles) of your choice.
 
 [Google Pixel phones](../../../hardware/mobile-phones/index.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.

content/tools/os/android/general-apps/index.md

@@ -22,6 +22,8 @@ We recommend a wide variety of Android apps throughout this site. The apps liste
 
 If your device is on Android 15 or greater, we recommend using the native [Private Space](../_index.md#private-space) feature instead, which provides nearly the same functionality without needing to place trust in and grant powerful permissions to a third-party app.
 
+{{< title-card >}}
+
 **Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
 
 Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
@@ -31,6 +33,8 @@ Shelter supports blocking contact search cross profiles and sharing files across
   {{< card link="https://patreon.com/PeterCxy" title="Contribute" icon="heart" >}}
 {{< /cards >}}
 
+{{< /title-card >}}
+
 > [!WARNING]
 > When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
 
@@ -42,6 +46,8 @@ Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) a
 <small>Protects against the following threat(s):</small>
 [{{< badge content="Public Exposure" color="green" >}}](../../../../wiki/basics/common-threats/index.md#limiting-public-information)
 
+{{< title-card >}}
+
 **Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
 
 {{< cards >}}
@@ -49,6 +55,8 @@ Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) a
   {{< card link="https://grapheneos.org/usage#camera" title="Documentation" icon="document-text" >}}
 {{< /cards >}}
 
+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
 [{{< badge content="GitHub" >}}](https://github.com/GrapheneOS/Camera/releases)
 [{{< badge content="GrapheneOS App Store" >}}](https://github.com/GrapheneOS/Apps/releases)
@@ -70,6 +78,8 @@ Main privacy features include:
 <small>Protects against the following threat(s):</small>
 [{{< badge content="Targeted Attacks" color="red" >}}](../../../../wiki/basics/common-threats/index.md#attacks-against-specific-individuals)
 
+{{< title-card >}}
+
 **Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
 
 [Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
@@ -79,6 +89,8 @@ Main privacy features include:
   {{< card link="https://grapheneos.org/donate" title="Contribute" icon="heart" >}}
 {{< /cards >}}
 
+{{< /title-card >}}
+
 [{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
 [{{< badge content="GitHub" >}}](https://github.com/GrapheneOS/PdfViewer/releases)
 [{{< badge content="GrapheneOS App Store" >}}](https://github.com/GrapheneOS/Apps/releases)

content/tools/os/android/obtaining-apps/index.md

@@ -18,6 +18,8 @@ There are many ways to obtain Android apps privately, even from the Play Store,
 
 ## Obtainium
 
+{{< title-card >}}
+
 **Obtainium** is an app manager which allows you to install and update apps directly from the developer's own releases page (i.e. GitHub, GitLab, the developer's website, etc.), rather than a centralized app store/repository. It supports automatic background updates on Android 12 and higher.
 
 {{< cards >}}
@@ -25,6 +27,8 @@ There are many ways to obtain Android apps privately, even from the Play Store,
   {{< card link="https://github.com/ImranR98/Obtainium/wiki" title="Documentation" icon="document-text" >}}
 {{< /cards >}}
 
+{{< /title-card >}}
+
 [{{< badge content="GitHub" >}}](https://github.com/ImranR98/Obtainium/releases)
 
 Obtainium allows you to download APK installer files from a wide variety of sources, and it is up to you to ensure those sources and apps are legitimate. For example, using Obtainium to install Signal from [Signal's APK landing page](https://signal.org/android/apk) should be fine, but installing from third-party APK repositories like Aptoide or APKPure may pose additional risks. The risk of installing a malicious *update* is lower, because Android itself verifies that all app updates are signed by the same developer as the existing app on your phone before installing them.
@@ -37,6 +41,8 @@ GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Ap
 
 The Google Play Store requires a Google account to log in, which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
 
+{{< title-card >}}
+
 **Aurora Store** is a Google Play Store client which does not require a Google account, Google Play Services, or microG to download apps.
 
 {{< cards >}}
@@ -44,6 +50,8 @@ The Google Play Store requires a Google account to log in, which is not great fo
   {{< card link="https://gitlab.com/AuroraOSS/AuroraStore/-/blob/master/POLICY.md" title="Privacy Policy" icon="eye" >}}
 {{< /cards >}}
 
+{{< /title-card >}}
+
 [{{< badge content="GitLab" >}}](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
 
 Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google. However, you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.