amir
a0d759364e
Build & Release APK / build (push) Successful in 12m42s
WebDAV already sanitizes server-supplied names, but SFTP passed entry.name through unfiltered, and the engine had no central guard — a malicious or compromised remote could return '../../x' and (on the JavaFile backend) write outside the sync root. - SyncEngine: isUnsafeSyncPath() rejects empty, absolute, and any '..'-segment path; every file is checked before any read/write/delete (covers all providers). - SftpProvider.listFiles: drop '.'/'..' and names containing path separators. - PathSafetyTest covers traversal, backslash, absolute, and empty cases.
SyncFlow
Native Android file sync app — sync any folder to WebDAV, SFTP, Nextcloud, ownCloud, Google Drive, Dropbox, or OneDrive.
Features
- Multi-provider — WebDAV, SFTP, SFTPGo, Nextcloud, ownCloud, Google Drive, Dropbox, OneDrive
- Flexible sync — one-way upload, one-way download, or two-way mirror
- Auto-sync — schedule by interval or trigger on Wi-Fi connect / device charge
- Conflict resolution — keep local, keep remote, keep newer, or keep both
- Secure — credentials encrypted with Android Keystore; biometric app-lock option
- No cloud dependency — runs fully on-device, no third-party relay
Install
- Download
SyncFlow.apkfrom the latest release - On your Android phone: Settings → Apps → Install unknown apps → allow your browser/file manager
- Open the downloaded APK and tap Install
- Open SyncFlow, go to Accounts tab → Add Account, pick your provider and sign in
- Tap + on the Syncs tab to create your first sync pair
Supported Providers
| Provider | Auth |
|---|---|
| WebDAV | Username + password |
| SFTP | Password or private key |
| SFTPGo | Username + password |
| Nextcloud | Username + password |
| ownCloud | Username + password |
| Google Drive | OAuth 2.0 (PKCE) |
| Dropbox | OAuth 2.0 (PKCE) |
| OneDrive | OAuth 2.0 (PKCE) |
Requirements
- Android 8.0+ (API 26)
- Storage permission (or SAF picker) for local folder access