[Edit: The GitHub repos are called "syncthing-android". The Android apps are called "Syncthing-Fork" or "Syncthing-Fork Wrapper", which adds to the confusion.]

If I recall, there used to be a syncthing-android app on Google PlayStore. That was discontinued by @imsodin in Oct 2024 (https://forum.syncthing.net/t/discontinuing-syncthing-androi...).

There was a version of sycnthing-android on F-Droid. I don't remember who maintained that. I have version 1.30.0.4 installed. But I cannot find any information about that version anymore.

The current version on F-Droid is 2.0.12.1. That seems to be maintained by a fellow named @researchxxl. Apparently @researchxxl claims to have inherited the source code and signing keys from a person named @Catfriend1 (Not sure who that is, the maintainer of version 1.30.0.4?)

There is another fellow named @nel0x who seems to be maintaining a different version of synchthing-android? (Edit: Here it is, https://github.com/nel0x/syncthing-android, which says that it is a fork of the one maintained by @Catfriend1).

I’ve read through a number of the GitHub/Gitlab/Forum threads and while I’m not saying anything new:

You couldn’t script a more suspicious transfer [0]. That fact is maybe the most compelling reason to assume it’s actually above board, if there is malicious intent, it’s being poorly disguised. To make matters worse, both Catfriend1 and researchxxl appear to be very bad at communicating (both in language and speed). Yes, Catfriend1 has surfaced and says they did transfer the repo/signing keys. Why that couldn’t have been posted at the start of this is beyond me. Researchxxl seems to not be a native english speaker and I tried to take that into consideration but I’m increasingly finding it difficult to give them the benefit of the doubt. They seem… immature, that’s the best way I can put it. They certainly don’t seem trustworthy nor have they made any attempt to address raised concerns. I wouldn’t touch their releases based on what I’ve seen, way too much access and way too little trust.

[0] Repo redirected to brand new account/repo with no notice/announcement from original owner. Furthermore, evidence that the signing keys were transferred and users might be at risk of malicious updates (see the many examples of Chrome extensions that were quietly sold and turned malicious).

My use case was probably simpler than some peoples use of syncthing as I just use it for backing up photos/messages/settings and dont need it to be instant.

My only issue with FolderSync is that its proprietary but its the only option i found that worked well. The various rclone frontends that exist also didnt work nicely with the webdav server I use so I settled on it, its very polished so I dont mind too much.

[0]: https://github.com/syncthing/syncthing-android