I understand and empathize with F-Droid's position in this. An account and key handover took place. It would be a dangerous precedent for F-Droid to unilaterally take the app down without any proof of anything nefarious based on something as nebulous as community rumblings, with no way to verify any of the ill motives ascribed to the actions of the original and new maintainer.
this post was submitted on 09 Dec 2025
123 points (98.4% liked)
Android
20879 readers
65 users here now
The new home of /r/Android on Lemmy and the Fediverse!
Android news, reviews, tips, and discussions about rooting, tutorials, and apps.
πUniversal Link: !android@lemdro.id
π‘Content Philosophy:
Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.
Support, technical, or app related questions belong in: !askandroid@lemdro.id
For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id
π¬Matrix Chat
π°Our communities below
Rules
-
Stay on topic: All posts should be related to the Android OS or ecosystem.
-
No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.
-
Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.
-
No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.
-
No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.
-
No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.
-
No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.
-
No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.
-
No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!
-
No affiliate links: Posting affiliate links is not allowed.
Quick Links
Our Communities
- !askandroid@lemdro.id
- !androidmemes@lemdro.id
- !techkit@lemdro.id
- !google@lemdro.id
- !nothing@lemdro.id
- !googlepixel@lemdro.id
- !xiaomi@lemdro.id
- !sony@lemdro.id
- !samsung@lemdro.id
- !galaxywatch@lemdro.id
- !oneplus@lemdro.id
- !motorola@lemdro.id
- !meta@lemdro.id
- !apple@lemdro.id
- !microsoft@lemdro.id
- !chatgpt@lemdro.id
- !bing@lemdro.id
- !reddit@lemdro.id
Lemmy App List
Chat and More
founded 2 years ago
MODERATORS
and now that the handover was confirmed, it's unlikely they'll do anything without hard evidence of malicious intent
π«© I just want to sync my music between my computer and phone and I really can't be arsed with this drama.
Yeah, I've considered setting up a scrappy rsync solution, because Syncthing felt like overkill for that use-case and like it might stop working one day.
There's the Syncopoli app on F-Droid, which hasn't been updated in three years, but it seems to just be a thin wrapper around rsync, which has been stable for decades, so I still kind of trust it more to continue working. Or at the very least, if I need to fix something or update the app myself, I feel like I'll be able to do it.
If only tech companies weren't assholes and actually developed desired features instead of the shit they have wasted our time with...
I don't think its open source, but ive had no issues with Resilio Sync in the past. Works on all major platforms.
It's not open source, but it works pretty well. Linux setup is a bit weird, but it does work
I've not used it myself, but I've heard good things about KDE Connect, which supposedly can do this and has no controversy of which I'm aware. (It does not require KDE, apparently.)
It can send back and forth, it won't auto-sync
Gotcha. I wish you luck with your quest.
In case someone wants to read the whole context given, just a warning, the first two links are pretty lenghty before getting to the point, and the third opens synthetizing it.
Also about the issue linked at https://mastodon.pirateparty.be/@surfhosting/115674311171581770, where I just gone through, likewise I can't see any indication of malicious code, only the code maintainer failing to show he himself is legitimate. Still rather suspicious.
Well, Jia Tan waited several years before pushing malicious code. How can we know it is not the same person?
But overall, feels a bit overblown.
Better safe than sorry.
Also, from what i just read, he seems to be playing dumb in some of his answers, while also repeatedly ignoring important questions and closing the issue because "too heated".
In one issue (from 3 days ago) he also asks, kinda angry, if people want to see the chat he had with the previous maintainer before receiving ownership of the repo, but in the next comments he says he didn't save that chat as screenshots.
Like... WUT??
I started reading thinking it was just people being too cautious, but now I'm sure the guy is full of shit and I would expect the worse to have happened here, honestly.
Even when well meaning sometimes malicious code can slip through like with smarttubenext due to a compromised machine.
So I think people forget that just because something is foss doesn't mean it is automatically safe and caution can be thrown to the wind. Skepticism and being overcautious is still good practice before installing things.
I like to wait a while before installing new updates just to see if anything is caught by the community to try to reduce potential risk.
When did smartube next have malicious code. Some news site said it not the maintainer. Maintainer changed keys to be cautious.
It always is. The thing with FOSS vs a private company is that internal debates are:
- Public
- Involving people working for free
Meaning we not only see the ""drama"", but that it can become more verbally intense. Buuuuut it almost never ends up mattering much to the average user, and when it does, the public certainly won't learn about it on github or the replies to a toot.
TIL I'm using an old version on my phone that maybe isn't in the play store anymore.
version 1.27.3
com.nutomic.syncthingandroid
TIL I'm using 1.28.1, didn't know it wasn't updating.
Same version I have. Free of all the drama.
Huh, I guess that's the same nutomic? Didn't know that.
I have not updated past the v1.30 version because I didn't want to mess with potential issues on my server side. Given all this, is there any reason to update to the 2.0.11.2 version?
This is just https://xkcd.com/2347/ but the person in Nebraska has been replaced with a new one and neither uses capital letters.
I've read through most of the drama, but it still isn't clear, or maybe I missed it: does this also impact the Google Play version of SyncThing from nel0x (https://github.com/nel0x/syncthing-android)?
As far as I can tell, no.