My fear with this app (and any similar apps) is that by using it I am potentially giving my login details to an unknown person. This is too big a risk - what guarantees are there that this software does not capture all of this information for a future ransomware operation.
Even if the developer were to state that the login details were encrypted in a local container I have to take it on trust that is correct. I would just about trust Synology with potential access to this information, but some third party? No way.
Since I have personally created an iOS app for similar reasons, I do understand you. I have developed a replacement application for DS Get (DS Download Manager). The existing apps in the App Store didn’t look wel and very bloated.
Since I am a bit more technical, I inspected all network connections these apps make. A lot of these apps connect to a lot of other third party analytics libraries. My point is: you could find out fairly easy how legit an app is.
In the EU (where I am based), privacy is extremely important. There are huge fines for leaking data (even on accident). My application only logs potential crashes/problems within the apps. Without any of your login data obviously. Crash information contains the place in code where the application went wrong.
Btw, if you only use an internal IP to connect to your DSM, your login data is useless to begin with. So you would be pretty safe either way.