@fdroidorg at this point is being used to push out an app with sensitive permissions that’s been taken over by an unknown individual who refuses to engage with its large community of users and developers.
I STRONGLY recommend disabling updates from Fdroid, if not uninstalling and manually installing 2.0.11.2, or installing the Google Play version which has a different maintainer.
this is extremely shady and it’s just looking worse as time goes on. I’ll link to the Syncthing forum thread from about where I left off last time in a subsequent post.
From my understanding the project Syncthing-fork changed owners. The original owners GitHub repo went down, and no announcement that it was changing hands. So it comes off as shady. Bit I may be missing some things here.
Okay, that plays as odd but how does it connect to the entire FDroid being under suspition?
Not the entirety of F-Droid being suspect, but the package available in the default repo on F-Droid is being updated by this dodgy person while the other versions are not. If they are uploading malware or making dodgy changes anyone who previously installed Syncthing-Fork could get this new version from the dodgy dev without notification.
If you open the versions drop down in F-Droid it has a ‘suggested’ tag next to the 2.0.12.1 version, so they’re aware of the issue, I’m not sure if that means if you just click install that’s what you get as I pinned it there when this all started and don’t want to uninstall reinstall just for this post, but I’m guessing it’ll just install the non suss version.