Just for completeness: The two points @chenxiaolong made in his last message outlining the difference between BasicSync and apps based on the original syncthing-android app also apply to Syncthing Tray on Android. So Syncthing Tray on Android also avoids launching Syncthing as external process (although that is theoretically possible, too). It also allows just pausing devices and discovery instead of stopping Syncthing completely on metered network connections.
3 Likes
Speaking for curious users from the internet who don’t have an account here: From reading most of the messages here, especially those with admin badge i cannot really verify, that the Catfriend1 and researchxxl are trusted users in this forum. Catfriend1’s Account details are hidden and researchxxl’s account is rather new since December 25 and the maintainers (imsodin) don’t really react to their posts, so i don’t see a chain of trust that their posts are legit. So if just someone with an admin badge, i.e. @imsodin could make a confirmation post, that these accounts are who they claim to be. This would be fine, thx very much (please post on the main thread)!
2 Likes
I agree with you regarding the communication, but… you say:
No hotfix, no explanation. You upgraded? Your problem, deal with it.
However, in the issues you linked, you can find the explanation and the reason why they can’t release a hotfix:
Because of an update in syncthing core 2.0.14, the app versions 2.0.14.0 and 2.0.14.1 has a bug that corrupts the paths and labels (and other user input strings) with non-ascii characters in the config. And we cannot recover original text deterministically due to the nature of the bug.
Those who had only labels with unicode characters and ascii for paths can just update the labels and avoid re-configuring everything. Though only if the strings are not exploded beyond the capacity of java or kotlin
Strings. In that case the app would probably crash.Those who has unicode in path also have to reconfigure the folders since folder path cannot be updated. So the only option is fresh installation and and configure again. (I guess if the app is not crashing and config export/import are working, then one can export config, update strings and import again to make it work and avoid full fresh install and configuration.)
Also, you say:
Basically on most issues, the dev answer is: figure it out yourself. Issue closed. Thread locked.
This isn’t true. The dev is saying to start fresh, and users have testified that it fixes the issue.
5 Likes
If I had a last wish … 
- Don’t fight
- Don’t lie
- Get together in one place
- Publish one App
Establish trust by contributing, for example, code, translations, build recipes, support for users.
Therefore, I did hand over all my stuff to my inheritant @researchxxl inluding the com.github.catfriend1* apps, digital signing material and wish them the best to fulfill the mission of carrying on the Syncthing-Fork app. 
We have met in online gaming and developing modding code together for a level that tells the story of a research station attacked by some alien-like monsters. Two players do have to cooperate on fixing electrical devices, a low power emitting nuclear reactor and avoiding a bath in acid. If you stumble upon the game, say hello to us during our test sessions. 
@researchxxl Thank you for your will to take a try on coding. Without your work, the app would die until revival for a while.
To the community:
I am sorry to see how things developed during my absence.
“What a mess they have created” (Source: 4PDA)
I did not expect this but never the learning curve is complete in my life. 
THANK YOU for all those great 7 years we were together.
THANK YOU for - currently - 82k for following a genuine, transparent and reproducible release of the app with all its cat purring friendliness.
I’ll authorize every attempt to clean up this mess.
I’ll review the progress from time to time and if I find anything malicious going on, I’ll let you know here.
Edit 1:
Regarding @nel0x , they did not have any history with the Syncthing (Android) project nor an expressive public profile when they applied to take over the Google Play Store entry in Feb 2025. I accepted this and transferred - believing in good will and we agreed on their task to be publishing what was on my repository to Google Play after their review. If they now desire to make their own app, there is, unfortunately no way to clean up the confusion caused if it is called the same other than kindly asking them to rename it. Please note: Google Play automatically renamed all of my answer posts to user feedback that existed before the handover to the author nel0x… this does not reflect reality.
Edit 2: I followed the events and releases on the researchxxl repo, and I am glad to see there is good work on the way. dbhavsar76 joined as a contributor and seems to work on the material3 design update to replace the old-fashioned looking UX design. nel0x announced to work on a proper root implementation when he finds time, that’s also great. researchxxl is reviewing the PR of both (and more) contributors. Until now, the code changes look trustworthy from my side and greatly improve the user friendlyness, even on TV where I did not care about for years to fully test the app UX 
. Download counts seem a little low to me, but was good. Because two technically broken releases were up for three days and then revoked: @researchxxl reported to me it just affected about 3000 out of 78000 “users” (users are GitHub downloads in reality due to lack of tracking 
).
So, please go on. You’re all doing a very good job! And myself, I am also taking part in the current RC. 
10 Likes
Excuse me.. but I see this note above Catfriend1’s (previous) reply:
This is the first time Catfriend1 has posted — let’s welcome them to our community!
Also the dejavu is very strong. Some part of the text in their reply (before the line “Edit 1”) has been posted a few weeks ago .. Verbatim .. in this very thread.
Yet, that earlier reply is no where to be found.
What’s going on?
Assurances from a practically-anonymous account holding the name of a formerly trustworthy name, these assurances only increase my doubts.
If I had a chance to regain trust in the Syncthing Android project, this chance has just evaporated.
It’s deeply unfortunate that this feels very fishy.
13 Likes
It would appear that @Catfriend1 has deleted their account and then started anew. Much as that isn’t an action I’d have recommended under the circumstances for the purposes of building trust, it does seem somewhat in-character. For what it’s worth, from what I can glean as an admin, both the old and new account had 2FA enabled and come from the same region of the world. 
Oh the drama.
I guess a cool next step could be for researchxxl to rename their GitHub account, rebase the repo so all the hashes change, and refuse to say anything about it.
16 Likes
What if … @Catfriend1 and @researchxxl are one and the same?
just to quote. Glad to see you back
1 Like
As someone who was considering Syncthing, this thread makes it hard for me to feel comfortable trusting it right now. For me, Android is a crucial part of the whole setup, and this situation around the Android app is enough to make me step away for now, even if nothing malicious has been proven.
I understand the main project dropped official Android support before this, and I’m not trying to blame the main maintainers for how this happened. I’m writing this because I care about the project. Syncthing otherwise looks like exactly the kind of thing I would want to use, and maybe even contribute to later.
What makes this especially difficult for me is that trust in a community project is not only about the code, but also about continuity and accountability. When a long-maintained project is handed over to a completely new account, and the original identity disappears, a lot of that trust disappears with it. Forum posts alone are not enough to restore that for me.
From my point of view, the most meaningful step would be to bring the Android app back under the Syncthing umbrella, with ownership, build, signing, and release processes in hands that already have established trust within the project. And if that is not realistic, it would still help a lot to explain the current situation more clearly wherever this Android integration is linked from official Syncthing pages, so new users do not have to read this whole thread to understand the trust concerns around the handover.
3 Likes
It is important to make a distinction between Syncthing and the Android app. Syncthing is still the trusted part of the ecosystem, and it runs just fine in Termux, without any wrappers. If you are concerned about the wrapper, but want to use one, I recommend switching to BasicSync which is… yes, basic, but from a well respected Android developer intentionally kept simple, so it can be feasible in the long term. Source: Status of the project · Issue #1 · chenxiaolong/BasicSync · GitHub
2 Likes
Thanks @SanskritFritz, that’s a very useful pointer. I’ll definitely take a look at BasicSync - it looks promising.
And for @researchxxl, I’d really appreciate it if you could respond to a few concerns that still seem unresolved from the outside:
- the invitation to bring the repo under the Syncthing organisation
- why the handover/status issue was deleted: GitHub · Where software is built
- the identity continuity around Catfriend1
I’m not saying these points prove anything on their own. But they do affect trust, and I think addressing them clearly would help a lot for people who are trying to evaluate the situation in good faith.
1 Like
Running Syncthing in Termux is not useful for a user who wants a sync app and not a developer environment.
If I understood the explanation of BasicSync correct it does not allow root access what I need.
So I am dependent on Syncthing Fork.
AFAIK root was removed:
Thankfully @dbhavsar76 showed how to download a debug version with root access.
2 Likes
Wondering how you do that, tried, couldn’t find it.
Hello people,
After putting it off for a long time, I set up Syncthing on my new mobile phone (GrapheneOS) for the first time today, only to find out an hour later that there are such problems. After reading through the last 100 comments, I no longer have any confidence in the repository. In particular, the (sparse) comments by the new maintainer and by the new account of the ‘old maintainer’, who both also keep deleting their comments, leave me in no doubt that something is going on.
I have now invested the last few weeks in getting to grips with the GrapheneOS system, which is new to me. My gut feeling tells me to reinstall the system, but that would set me back weeks. Can we rule out the possibility that the account was taken over earlier, that malware was already present, and that the effects are only now becoming apparent? In other words, that the original maintainer actually had control over the repository and than until now no harmful steps were taken?
1 Like
Could someone just use AI to check the latest code changes, to check of anything evil was going on? Maybe also changes from before the repo takeover.
Of course you could do thar yourself. But that would generate a totally worthless report. How would you handle its false positives and negatives? Of the model says everyrhing is fine, then what? And vice versa of course. Even if you could review the source code flagged as nefarious yourself you can’t trust the AI answer is free of false negatives.
The author of cURL, Daniel Stenberg, wrote about the use of AI for bug reporting Death by a thousand slops | daniel.haxx.se . Not exactly analogous but I think an AI written report of syncthing-fork would be as useful as his bug reports.
2 Likes
I’m closing this topic, because I honestly believe it has run its course and nothing productive is likely going to come from it anymore, only more complaints or questions about what has already been discussed over and over again (which is understandable considering the fact that it’s just too long to follow for those who haven’t been here since the beginning).
If you have any other questions or issues regarding the Android app, please feel free to open a new topic to deal with that specific problem.
14 Likes