Tech sites have been buzzing about the file sharing and storage giant Dropbox, responding to accusations that it’s desktop client for Mac circumvents Apples authorization policy and may leave it vulnerable to hacks. This response came only days after news circulated across the internet on sites such as Hacker News, that the program may be trying to illegally phish for administration or user passwords. While this speculation was later proved to be false, it has caused a number of Mac users to question how safe the program is for their system.
From the misleading text in security dialog boxes to obtrusive permission requirements have been brought up to the company in several recent tech forums. While not all users have been answered, some new information was released by Dropbox.
In the statement addressing these security concerns, the VP of Engineering and Infrastructure for Dropbox, Ben Newhouse said the following;
“Clearly we need to do a better job communicating about Dropbox’s OS integration. We ask for permissions once but don’t describe what we’re doing or why. We’ll fix that.
We only ask for privileges we actively use — but unfortunately some of the permissions aren’t as granular as we would like. We use accessibility APIs for the Dropbox badge (Office integrations) and other integrations (finding windows & other UI interactions).
We use elevated access for where the built-in FS APIs come up short. We’ve been working with Apple to eliminate this dependency and we should have what we need soon.
We never see or store your admin password. The dialog box you see is a native OS X API (i.e. made by Apple).
We check and set privileges on startup — the intent was to make sure Dropbox is functioning properly, works across OS updates, etc. The intent was never to frustrate people or override their choices.
We’re all jumping on this. We’ll do a better job here and we’re sorry for any anger, frustration or confusion we’ve caused.”
While this statement gives some information into the problem, it still leaves many users in feeling in the dark. Their brief statement covered only some of people’s questions on why it needs such permissions to operate, and didn’t cover at all the questions of the security risks that may come with it. People are still concerned that the programs system level control may leave the door open for spyware and malware, that wouldn’t be possible otherwise.
While I’d like to believe that Dropbox does a valid technical reason to request the number of permissions that it does, their vague response and lack of technical transparency has made me concerned with using the software until they release more information.
If you are a Mac user and you are still concerned after Dropbox’s response, AppleHelpWriter has a simple guide on how to remove Dropbox from OS X’s accessibility preferences that you can find Here, or we would love if our loyal readers would tell us about their experiences with Dropbox.