contador web Saltar al contenido

Controversy: Dropbox guarantees control of your Mac even if you do not give permission for it [atualizado]

Have you ever wondered why some apps ask you for permission to use your Mac's Accessibility features? On this Apple page, read:

If you allow applications to access your Mac, you also grant them access to your contacts, calendar and other information, in addition to being subject to privacy policies and terms (those apps / services) instead of Apple's Privacy Policy.

The notice literally asks for permission to "control" your machine, which means exactly what was described above and a little more.

Now, what if there is no notice asking you for permission but an app / service still gets access? It would certainly be suspect, right? That's exactly what happened to the Dropbox.

Dropbox with access to control the Mac

At the end of July, some users discovered the app in the Accessibility panel under "Security and Privacy" (within System Preferences) and wondered how it got there without even asking for permission. In addition, a video demonstrates that it would not be possible to remove him from there because, "magically", soon he would appear again.

After a shower of comments about how this could open up immense security holes in the app's users, the company gave some statements to the TechCrunch.

We asked for permission once, but did not describe what we are doing or why. Let's fix this. We never view or store your administrator password. The warning that you see is native to the OS X API (that is, from Apple itself). We checked and set privileges at startup the intention was to make sure that Dropbox works correctly, even after operating system updates, etc. The intention was never to frustrate people or replace their choices.

Even so, users found the explanation too vague, claiming that it would make the machine an easy target for malware and many are already deleting the application from their computers.

If you would like to stay with the application but withdraw permission from it on your machine, you can follow the instructions below:

  1. Close the Dropbox app that is running on the menu bar;
  2. Delete the / DropboxHelperTools / folder that is inside the System Library; attention, the folder / Library / OS X (root), not that of your user;
  3. Comes System Preferences Security and Privacy Privacy Accessibility and remove Dropbox from the list;
  4. Log out of the system and log back into your account;
  5. After that, a new Dropbox alert window will be shown; choose the ?Cancel? option.

If you are interested in knowing the details of Dropbox access, access this link.

Update · 09/21/2016 s 10:45

The person responsible for discovering the loophole that allowed Dropbox to access Accessibility preferences has already made it a point to disclose that it was finally closed on macOS Sierra.

Now, when you install Dropbox, it asks for permission to use your Accessibility preferences (instead of ?entering without knocking?). Even so, the company insists on having access to these preferences, as it claims to be crucial to the functioning of the app.

Some advanced Dropbox collaboration features, such as badges, need Accessibility permission. A dialog box will appear asking for permission when you install Dropbox Desktop on macOS Sierra. To allow, follow the instructions on the screen. The same procedure will come to previous versions of OS X in the coming weeks. For more information on Dropbox for Mac permissions, visit our help center.

As you have warned, the gap has not yet been closed in previous versions of OS X; therefore, the recommendation to update your system or do the procedure that we published above to remove access from Dropbox, if you prefer.

(via MacRumors)