The desktop application Cryptomator has been peer-reviewed by the community. Its cryptographic libraries use only cryptographic primitives of well-known open source libraries like JCA, OpenSSL, and Common Crypto. Except SIV Mode, which is the only self-implemented cryptographic primitive.
All cryptographic libraries have been reviewed by Cure53. The pentesting report can be found here. The reported issues are commented in the corresponding GitHub respositories.
SIV-Mode has been reviewed by Tim McLean. The report on SIV Mode 1.0.8 can be found here and the issues found have been fixed with version 1.1.0.
Citing the first sentence over the pentest reports
Note that all those reports have been proudly published upon explicit request by the project maintainers, or the party that sponsored the penetration test in coordination with the project maintainer
may i ask why the audit report for cryptomator has not been explicitly requested by the project maintainers? wont the publication help enhancing the credibility of cryptomator app ?