I just installed the Cryptomator app to test it. Reviewing the Crytomator architecture, it seems that the AES-SIV is used for encryption, which is the AES encryption with a variant of the GCM mode for authentication (the SIV, to ensure that the nonce is not reused). The authenticated encryption means that if an adversary modifies the ciphertext, the change is detected and the program either produces an error or at least a warning notifying the user that the ciphertext has been modified (integrity check).
I deleted some files in the encrypted directory and modified some others, and the Cryptomator opens the vault without any unusual message. Comparing the directories, I see that both deleted and modified files are missing. The log files 0-9 appear normal as well (2 lines of standard info).
Is this how it’s supposed to work, or am I missing something?
(I also noticed there seems to be issues with symbolic links).