QR codes are your primary defense — every reputable wallet (Phoenix, Zeus, BlueWallet, Sparrow) has a built-in QR scanner. If you're copying an address from a browser, stop and ask why the counterparty didn't give you a QR. That friction alone eliminates most clipboard risk.

When you genuinely need the clipboard:

Verify before sending
Always compare the first 4 and last 6 characters of the pasted address against the original. Hijacked addresses are usually identical at neither end. Make it a reflex — paste, glance, send.

Android 13+ helps
Since Android 13, apps can only read the clipboard silently if they're in the foreground/active. Background clipboard sniffing is no longer silent — Android shows a toast notification. Keep your OS updated.

Restrict clipboard access per app
In Settings → Apps → [suspicious app] → Permissions, check if it has unnecessary access. Keyboards are a common vector; Fossify/OpenBoard are good choices and neither phones home.

Auto-clear the clipboard
On F-Droid there are apps like Clipper or simple Tasker profiles that wipe the clipboard after X seconds. Paste → send → cleared.

Test send first
For any significant amount, send a tiny amount first, confirm it arrived, then send the rest. Costs a few sats in fees but catches a hijacked address before real damage is done.

The QR habit costs you nothing and cuts the attack surface to near zero.