Android username/password settings are reset or changed after restart


We are using syncthing on a NAS, a few Linux machines, and 2 Android phones. This issue occurs on both our phones, and it did not happen in the past.

The Android app seems to reset/override the username/password for the webgui to some random value on restart, with “syncthing” as the username. The only way to get access to the webgui (from a computer) is to go to the webgui in the application, go to advanced settings, set the password to something trivial, don’t restart the application and log on immediately using the supplied password.

The phones are synchronizing their pictures to the computer “seed-only”. Sometimes I have to override changes to the set on the phone. This is what I use the webgui for (I can validate all phones at once).

The config file is root-protected, our phones are un-rooted (to avoid issues with other apps such as banking).

How should I proceed with this? I can log a bug on GitHub as well, but it seems this forum is the place to start?

It uses syncthing as username, api key as password. You cannot change this as otherwise the android wrapper would not know what credentials to use for the in-app UI.

1 Like

I never was aware of this, thank you!

It hasn’t been like that forever, right? I remember being able to set usernames and passwords.

Having problems setting up a new device I luckily found this topic, now everything works.

As murpledurple said, it hasn’t been like this forever. I used to change the username and password to conform with the rest of my Syncthing installs. It was nice to be able to do so, though if done wrong it would make the web GUI inaccessible from the app (though it would still be accessible via a browser). Would it be possible to bring this back?


As I wrote in my question, it certainly wasn’t like this in the past. Said this, I can live with the way it is now. I just didn’t get what happened.

That’s the origin of the change:

Finally found an answer !

Took me couple of hours tho

Update in FAQ should be useful

Thanks for great soft

What Characters can be used to overwrite existing API Key if one wishes, is this perfectly safe to overwrite it with new sequence?

On second thought it was pointed out that having custom password doesn’t bring any extra benefits, but API key can be read when someone can access device physically… isn’t it disadvantage ?

keywords: GUI Authentication User / password doesn’t work, not working, log in, android, Linux, syncthing