Dropbox security fears surrounding its Mac app about the permissions it needs
Users now claim that Dropbox's Mac app asks for overly broad permissions, swipes your password and even hacks the operating system. The cloud storage service is trying to allay those fears, though. Desktop app team member Ben Newhouse has responded to concerns on Hacker News with both an explanation of design decisions and a promise to improve its transparency.
The app only asks for the permissions it needs, Newhouse says. It uses the Mac's accessibility kit for certain tie-ins (such as in Office), and demands elevated access to your OS when standard programming interfaces fall short. The permissions aren't as "granular" as Dropbox would like, the developer adds. He stresses that Dropbox can't see your system's administrator password, and a privilege check on startup is only to make sure the software works consistently, especially across OS versions.
As for what the company will do to turn things around? To start, it wants to do a "better job" explaining what its software is doing and why it needs the permissions it does. Also, it's teaming with Apple to reduce that dependence on elevated access in macOS Sierra, and will respect when people disable Dropbox's accessibility permissions -- currently, it turns the permissions back on.
The effort to come clean may assuage those worried Dropbox is running roughshod over your computer. However, it's not pleasing everyone. Hacker News users want the firm to more explicitly outline why it needs the permissions it does, and they're worried that the broad system-level control opens the door to malware that otherwise wouldn't be possible. It's important to stress that Dropbox's requests aren't unique -- apps like Chrome and Steam also demand accessibility permissions for features, such as Steam's screen overlay. However, that might not reassure customers who believe that Dropbox's existing approach is both unnecessary and risky.
source: Hacker News
The app only asks for the permissions it needs, Newhouse says. It uses the Mac's accessibility kit for certain tie-ins (such as in Office), and demands elevated access to your OS when standard programming interfaces fall short. The permissions aren't as "granular" as Dropbox would like, the developer adds. He stresses that Dropbox can't see your system's administrator password, and a privilege check on startup is only to make sure the software works consistently, especially across OS versions.
As for what the company will do to turn things around? To start, it wants to do a "better job" explaining what its software is doing and why it needs the permissions it does. Also, it's teaming with Apple to reduce that dependence on elevated access in macOS Sierra, and will respect when people disable Dropbox's accessibility permissions -- currently, it turns the permissions back on.
The effort to come clean may assuage those worried Dropbox is running roughshod over your computer. However, it's not pleasing everyone. Hacker News users want the firm to more explicitly outline why it needs the permissions it does, and they're worried that the broad system-level control opens the door to malware that otherwise wouldn't be possible. It's important to stress that Dropbox's requests aren't unique -- apps like Chrome and Steam also demand accessibility permissions for features, such as Steam's screen overlay. However, that might not reassure customers who believe that Dropbox's existing approach is both unnecessary and risky.
source: Hacker News
No comments
Post a Comment