TalosByron
As far as I know, there hasn't been an audit on it. Though I didn't search for one that deeply, so I might have missed one. If no audit is a deal breaker, I completely understand.
Personally I think the question comes down to your personal threat model. How much is at stake for you if the app turns out to be "not trustworthy?" The app itself doesn't require any sensitive permissions to work and is confined by the Android app sandbox. There's not that much it can do on my phone even if it contains malicious code or gets a malicious update in the future. And the chance of someone spending an Android app sandbox zero day on getting into my phone through this specific app is, to me, so small that it's a risk I'm willing to take.
My X account was also made for purpose to be disposable and doesn't contain any sensitive info. If the app ends up stealing my account, the only thing I end up losing is the time required to make a new one. This could be more of an issue if the account itself has more value (as yours might), but it isn't to me personally.
To each his own. I (believe I) gain more by using QuaX over the official X/Twitter client. Your calculations might be different from mine: an acceptable risk for me might be an unacceptable one for you, and that's okay. Do what you feel is right.
P.S. Didn't intend on making a rant but made one regardless.