Dropbox mac accessibility mac#
I’ve deleted Dropbox from my Mac for now. “The reason for needing Accessibility API listed in your response is pretty vague, especially for those Mac users not having Microsoft products tainting their systems. Responding to Newhouse’s statement one Hacker News commenter, riobard, wrote: “At this point you need to follow up with convincing technical details of why Dropbox needs the circumvention to counter the accusation and rebuild the damaged trust.
However, the company’s justification for utilizing root access to put itself on the Accessibility list in order to gain system-wide, elevated privileges did little to impress some critics.
We’ll do a better job here and we’re sorry for any anger, frustration or confusion we’ve caused,” he added. It’s also using the permissions users grant via the OS dialog to edit a SQLite configuration file to put itself on the Accessibility list - although it’s certainly not making it plain that’s what users are granting when they respond to the prompt for their admin password. The intent was never to frustrate people or override their choices.” made by Apple),” he said.Īs to why Dropbox needs admin privileges in the first place, he said: “We check and set privileges on startup - the intent was to make sure Dropbox is functioning properly, works across OS updates, etc. The dialog box you see is a native OS X API (i.e. “We never see or store your admin password. Newhouse also asserted that Dropbox is not viewing or storing Mac users’ admin passwords. We’ve been working with Apple to eliminate this dependency and we should have what we need soon,” he added. “We use elevated access for where the built-in FS APIs come up short.
Dropbox mac accessibility windows#
“We use accessibility APIs for the Dropbox badge (Office integrations) and other integrations (finding windows & other UI interactions).” To clarify: It is a legitimate OS X dialog with misleading text + they hack around the OS security for accessibility Īddressing criticisms about the scope of the permissions the client requires, Newhouse said: “We only ask for privileges we actively use - but unfortunately some of the permissions aren’t as granular as we would like. We’ll fix that,” Dropbox’s Ben Newhouse, from its desktop client team, told TechCrunch.Ĭoncerns about Dropbox’s desktop client circulated on Hacker News and Twitter today, after two recent posts on an Apple help blog detailed what the writer dubbed OS X security “hacks” by Dropbox. In one of the AppleHelpWriter posts Dropbox is described as “using a sql attack on the tcc database to circumvent Apple’s authorization policy.”Īnd while allegations that Dropbox was creating a spoof dialogue box to phish users’ passwords proved to be incorrect, critics continued to slate its implementation of an official OS X security dialogue box that they said appeared designed to mislead users into handing over their admin passwords in order to grant Dropbox root access to the system via the Mac’s Accessibility permissions list. We ask for permissions once but don’t describe what we’re doing or why.
“Clearly we need to do a better job communicating about Dropbox’s OS integration. Dropbox has responded to concerns about how it implements the desktop client of its cloud storage service on Apple’s macOS platform, conceding it needs to do more to communicate how the integration functions and the permissions it’s requesting.
0 kommentar(er)
