Here is how to create a safe new nostr key pair where the nsec is not entered into the nostr client, but stays secure on an Android device, using #Amber and #Amethyst over tor.
Download Amber apk (I use the 'free' version)
Open Amethyst Tap add new account Tap log in with Amber Amber app will open Tap adjust and set your permissions (I reject generic draft events) Hit save Hit grant permissions
Amethyst will open Tap profile in upper corner Select use tor/orbot
You now have a nostr profile where the nsec is not entered into the app. You can switch between multiple nostr profiles set up the same way.
I advocate for nostr clients to add NIP46 for sign in.
"The goal of Amber is to have your smartphone act as a NIP-46 signing device without any need for servers or additional hardware...
In addition to native apps, Amber aims to support all current nostr web applications without requiring any extensions or web servers."