Thanks, yeah from what I understand, the encryption is solid but they did have an issue with their password generator at one point Rclone generating weak passwords - CVE-2020-28924 · Issue #4783 · rclone/rclone · GitHub
Are you manually exporting Joplin on Android and browsing to the RSAF crypt? What do you do for other files like PDF’s? It also does not seem RSAF can copy or sync between local and remote like Round Sync can (which I assume is why it needs file permissions).
Basically I am wondering if it still does not meet the requirements for recommendation. It seems the main issue is someone with physical access could plug in the phone and run a root process to get the unencrypted config from the Round Sync app files? I would only sync Cryptomator vaults, except for one rclone crypt mainly for automated Tasks.org export backups.
@Matvei
@matchboxbananasynergy this is rebranded extRact, updated in April and last week (September 2024).