This is a very good question and I must say we cannot give you any guarantee that this cannot happen to you. But I can guarantee the following:
- We are following the advices of app developers to apply all the needed security fixes for example Nextcloud app has a set of automated checks and notification about new security updates.
- We keep source open so anyone can audit and we expect this to happen more often as we go more popular.
At the same time if you are concerned about your personal data not being properly protected there are few options to consider:
- Disable external access if you only use it from home.
- Disable external access but install OpenVPN app and have a secure channel to your device from outside on-demand.
- If you really need external access and VPN is not suitable (family members, clients) consider having two devices (public and private) and restrict the set of apps on the public one as more apps potentially means more security issues.
One of the ideas behind distributed personal devices versus a centralized cloud is that hacking one cloud server gives a hacker access to thousands of users where hacking a single device gives you one so probably more resources is concentrated at hacking the cloud. I understand if you are hacked you do not really care how many are there with you 0 or 1000.
Another feature we are relying on in Syncloud is that all apps are self-contained and do not depend on each other or operation system libs (thanks to Ubuntu Snap technology) allowing us to follow all app developer requirements easier and faster.
As you understand this approach of having personal data and apps independent from the controlled cloud is new to you the same was it is new to us. We learn and try to solve limitations of the current state of things but I hope more people will be involved on both user and development sides to bring this to a wider public.
As to backup we have this instruction: Backup · syncloud/platform Wiki · GitHub (feel free to start a separate thread about backup)