macOS Sierra Addresses Dropbox Security Concerns by Explicitly Asking for Accessibility User Permission

Discussion in 'Mac Blog Discussion' started by MacRumors, Sep 20, 2016.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Following Dropbox-related security concerns that surfaced earlier this month, developer Phil Stokes has confirmed that macOS Sierra now explicitly requires apps to ask for user permission to access Accessibility (via Daring Fireball). Users can give access to an app, or click "not now" to deny the request.

    [​IMG]

    Concerns were raised after it was demonstrated that Dropbox appears in System Preferences > Security & Privacy under Accessibility, despite the fact that users were never prompted to grant access to the features. More details can be found in our previous coverage and in a Dropbox support document.
    At the time, Dropbox said it was working with Apple to reduce its dependence on elevated access in macOS Sierra, and would respect when people disable the app's Accessibility permissions, but now a much-needed safeguard exists regardless.

    In a new blog post, Dropbox still recommends that Mac users running macOS Sierra update their Accessibility permissions, if needed, to ensure smooth syncing and access to certain features of the cloud storage service.
    macOS Sierra was publicly released today as a free update on the Mac App Store.

    Article Link: macOS Sierra Addresses Dropbox Security Concerns by Explicitly Asking for Accessibility User Permission
     
  2. CrickettGrrrl macrumors 6502a

    CrickettGrrrl

    Joined:
    Feb 10, 2012
    Location:
    B'more or Less
    #2
    Thank you for this followup and particularly for addressing the issue of older versions of Mac OS. (Yeah, still on Mavericks.)
     
  3. sp3k0psv3t macrumors regular

    sp3k0psv3t

    Joined:
    Jun 3, 2013
    Location:
    Miami, FL
    #3
    Makes sense.

    ONLY permissions granted that an app NEEDS to do its job; nothing more, nothing less.
     
  4. canadianreader macrumors 6502a

    canadianreader

    Joined:
    Sep 24, 2014
    #4
    Box works well without asking for this kind of permissions thanks Apple
     
  5. beanbaguk macrumors 6502a

    beanbaguk

    Joined:
    Mar 19, 2014
    Location:
    Europe
    #5
    Drop-who?

    However in all seriousness, I abandoned Dropbox ages ago and migrated to Google Drive and have never looked back.

    Dropbox are "ok" no doubt but lack so many features and compared to Google are seriously slow. My file transfers since switching to Google Drive have more than tripled!
     
  6. Mac Fly (film), Sep 20, 2016
    Last edited: Sep 20, 2016

    Mac Fly (film) macrumors 65816

    Mac Fly (film)

    Joined:
    Feb 12, 2006
    Location:
    Ireland
    #6
    OK. I unlinked Dropbox from my Mac. I then AppZapper-Uninstalled it. I emptied trash. Re-downloaded the app. Denied System Preference access to Security and Privacy, and additionally chose "Not Now" in this new option.

    And yet, yes it remains unchecked, but how did it jump in here to the Security and Privacy pane in System Preference again? Am I missing something? As if they're default "enable finder integration" crap wasn't offensive enough. Is it that corporations are just inherently untrustworthy.

    [​IMG]
     
  7. Michaelgtrusa macrumors 604

    Joined:
    Oct 13, 2008
  8. Pakaku macrumors 68020

    Pakaku

    Joined:
    Aug 29, 2009
    #8
    Sounds like the OS itself just keeps a history of whatever has attempted to ask for permission, and anything the user denied permission for is just left there unticked.
     
  9. sesnir macrumors 6502

    Joined:
    Sep 21, 2008
    #9
    I came here to say the same thing. No matter which box you click: "Not Now", "Learn More", or obviously the third one, it puts itself in Accessibility.

    My response was to remove Dropbox from my computer.
     
  10. coolfactor macrumors 601

    Joined:
    Jul 29, 2002
    Location:
    Vancouver, BC CANADA
    #10
    You must be dealing with a small number of file types?

    I've had trouble getting Google Drive to sync Mac "packages". These behave like a regular file, but are actually special folders. OmniGraffle is an example of an app that I use frequently which defaults to saving package-based files. These do not sync into Google Drive, but work just fine with Dropbox, though. OmniGraffle does offer a "flat-file" format, too, for times when that's more desirable. However, I still things these would not work with Google Drive (correct me if I'm wrong). I think Google Drive can only sync file types that it's aware of, such as Word documents and raster images. Can it handle Photoshop and Illustrator files? Files from lesser-known apps?
     
  11. maxsix Suspended

    maxsix

    Joined:
    Jun 28, 2015
    Location:
    Western Hemisphere
    #11
    Google Drive and the free, highly effective suite of Google Apps are simply wonderful. They enhance my cross platform experience with Android, iOS, OSX and Windows immensely. No matter where I am, what I'm using, these tools make computing and communications a very pleasant experience.

    Thanks Google... :D
     
  12. KALLT, Sep 20, 2016
    Last edited: Sep 20, 2016

    KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #12
    So Apple puts System Integrity Protection to good use after all. :D
     
  13. jonnysods macrumors 603

    jonnysods

    Joined:
    Sep 20, 2006
    Location:
    There & Back Again
    #13
    I tried to use google drive and found it to be slow and cumbersome. I had to go back to Dropbox because GD couldn't handle the transfers and quantity. It would crash frequently etc.
     
  14. simonmet macrumors 68020

    simonmet

    Joined:
    Sep 9, 2012
    Location:
    Sydney
    #14
    This is an OS X behaviour and unrelated to Dropbox. OS X is putting it there and this I believe is nothing new. The problem before was that Dropbox seemingly exploited loopholes or weakness in OS X to enable those privileges without asking.

    It also replicates behaviour in iOS. If you deny an app permission to send you notifications or have access to your location the app still appears in the relevent settings so you can subsequently enable the permissions later if you so choose without having to delete and reinstall the app.

    So it's entirely appropriate and normal that OS X puts it there.
     
  15. alvindarkness macrumors 6502a

    Joined:
    Jul 11, 2009
    #15
    I know people are saying this is OS behaviour but I dont think so. I did the same as you, except removed dropbox by hand (following a guide on their site showing where all the extra files are stored), that I think AppZapper missed in your case. I keep denying Dropbox access when the permissions box comes up, and I no longer have Dropbox showing up under accessibility, after many reboots.

    I know that /Library/DropboxHelperTools was one folder I had to delete, along with ~/.dropbox. I'm guessing its the helper tools that werent deleted by AppZapper.
     
  16. smacrumon macrumors 68030

    smacrumon

    Joined:
    Jan 15, 2016
    #16
    And I guess you're happy for Google to peruse your files on a daily basis.
    --- Post Merged, Sep 20, 2016 ---
    This is really interesting. Who would have thought MacOS could be circumvented like this? I certainly didn't. Yep post those permission warnings just like iOS vigilantly does.
     
  17. dragje, Sep 20, 2016
    Last edited: Sep 21, 2016

    dragje macrumors 6502a

    dragje

    Joined:
    May 16, 2012
    Location:
    Amsterdam, The Netherlands
    #17

    I'll never move my documents to Google Drive which enables the company to look inside within each document for commercial exploitation usage. For the same very reason I rarely using Google as a search engine, simply because I truly hate the so called targeting adds, as if I'm considdered to be a f*beep*ing monkey that would be interested in camera's for weeks just because I was searching for one at one given day. Google makes sure that all the adds on websites, in one way or the other, has something to do with camera's.

    I'll regret the day that I might not care about this any longer, that I'm willingly stop using my brains and surrender myself entirely to commercial exploitation and accept that I've become a slave for a company by providing them personal information about myself and by agreeing that "to think yourself" is something one should not do. For the same reason I don't make use of facebook, delete apps that requires a facebook and/or a Google account and doesn't enable me to login besides these options.

    I grew up in the world where the internet became big. And I'm really became fascinated with the phenomenon called the internet. And I should because it delivers also so much good. But I've never been able to understand why people willingly give away all of their private information, especially knowing that there is no such thing as: 'I've nothing to hide'
     
  18. mw360 macrumors 65816

    mw360

    Joined:
    Aug 15, 2010
    #18
    It seems to me the new dialog box is being thrown up by Dropbox - how would the OS know 'why' Dropbox is asking for those permissions? "collaboration features of" is quite specific to Dropbox.

    I suspect this is a new API provided by Apple, and Dropbox are using it instead of the deprecated password dialog which drew so much scorn before. This would be in line with DB's statement that they were working with Apple to get more fine-grained privileges.

    I haven't really understood the outrage though. I've given Dropbox permission to 'do stuff' and I don't feel betrayed in the least. I typed in my password so the app could work as intended, and subsequently it did. Despite the rage-bait headlines, they haven't done anything I find disturbing or surprising. If I give somebody my sudo password, I expect them to change some system files, otherwise they wouldn't have asked for it. Same situation here.

    Having to go via Accessibility might sound fishy, but in my experience its a very commonplace workaround for the restrictions Apple has placed on the OS. If anything I think it's time Apple rethought the Accessibility privileges, and gave them a name which better reflects what they're being used for. For example, some apps need Accessibility privileges just to move or resize application windows. This is just a silly situation. In the past we got a baffling pop-up asking us to manually enable Accessibility for the app, now we get a pop up to automate it, but in both situations its just strange for the end user.

    Incidentally, I've had many apps, small and large, place their on/off switch into the Accessibility panel (defaulting to off) and I don't see anything creepy or sinister about that at all, once you accept why everyone's going via Accessibility in particular to do what they need.
     
  19. cicuz macrumors member

    Joined:
    Mar 28, 2010
    #19
    Well isn't that the whole point? Having a list of apps that want access, but actually being able to deny it if will may be? I mean, what they were doing earlier was horrible, with the database injection and all, but complaining about the OS actually keeping track of apps that requested access is just silly..
     
  20. justperry macrumors G3

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #20

    The problem is that accessibility can do much more, as it says in the article above it can potentially be harmful if there is a bug in dropbox.
    I agree though that you don't need consent from the system to just move a window or similar simple things.
     
  21. beanbaguk macrumors 6502a

    beanbaguk

    Joined:
    Mar 19, 2014
    Location:
    Europe
    #21
    I appreciate what you are saying however Dropbox is not immune to privacy concerns:

    https://www.grahamcluley.com/2014/03/dropbox-privacy/

    While I also want to iterate this issue could be put up for debate, it does highlight all cloud storage providers do scan files and it would be mad to think Dropbox does not read content.

    However, having said that, the article also goes on to recommend a number of encryption tools that would also work with Google as well as Dropbox.

    At the end of the day, if you value your privacy so much, you need to encrypt your data client side and frankly, I can't be bothered with all that but I understand and respect your concerns.

    Also, regarding the speed and stability of Google, I've had no problems up to now. I used Multcloud to transfer my files and it took about 3 days to shift about 350GB of data across. I'm now in the process of uploading my photo library to Google and I have about 250,000 photos of varying quality to upload so I expect that to take a couple of months, bit by bit. (I have limited bandwidth on my ISP so I tend to bring my MacBook into work and leave it running all day with the screen off. The battery seems to hold up for about 9 hours).
     
  22. sirkkalap macrumors newbie

    Joined:
    Apr 22, 2014
    #22
    And guess what this high privilege for dropbox is for? I checked what the "badge" is. To me it looks like a Microsoft Office only feature to enable some collaboration. I do not even have that software, so why would I let Dropbox manage my computer?
     

Share This Page

21 September 20, 2016