26 comments

[ 3.6 ms ] story [ 60.8 ms ] thread
I installed Dropbox, fully knowing that it embedded itself into the OS. But I assumed that it was using a proper API to do so.

I need to rethink that soon. If macOS Sierra's (to be released next week?) similar replication features work properly, doesn't Dropbox become expendable for customers playing exclusively within Apple's ecosystem?

Seems it would be expendable in that use case, but "work properly" seems to be the catch. On MacBreak Weekly this week, Adam Engst was recommending listeners immediately disable that feature when Sierra launches, as he's been finding it buggy & running into data loss situations.
Wow, this is really impressively brazen. A faked authorization prompt, and silent reconfiguration of a security setting without authorization? I cannot fathom why DropBox thinks this is a good idea.
Bad as it is, Apple's unwillingness to deal with it is even worse.
tl;dr: When dropbox asks for your admin password it stores it in it's own cache to keep having access and perform admin-level tasks.

It's not a hack, it's you giving away your credentials on a screen that's designed to look like a system password prompt.

A Dark UI pattern at most, and a security leak whenever someone hacks the dropbox auth storage. Not a hack, just clickbait.

It could be a form of social hacking. They claim they need these permissions but actually don't. Who knows what they are actually doing in this case.

>The general function of social hacking is to gain access to restricted information or to a physical space without proper permission.

I am not going to call caching your admin password so it can continually re-enable the feature skirting official APIs just a dark UI pattern.
Wow, this is really bad. There is no need for it as Apple has an API for finding out which files have changed. I assume they do this simply to animate the little icon in the Finder (since I don't think anyone else does anything like it, and it was a famous question by Jobs to the DB founders). Although the author's follow on article suggest it's just for future use!

I guess that's it for Dropbox for me. Though as the author says, they're not going to care.

They actually use a public macOS API for those Finder icons. It seems like there's no reason at all they needed to do this. It's really shitty.
Even worse!

Fortunately their service is now a commodity (as Jobs told them when they demoed for him, they are simply a feature). I have always preferred Drobox just because it seemed the simplest (and they supported Linux). But switching just takes a short time to copy my files to one of their competitors.

I prepaid for a year's Dropbox service. I wonder how much luck I will have getting a refund on the unused amount.

I wonder why they chose to gratuitously be assholes?

I've been using iCloud Drive more ever since the Dropbox kernel extension. Dropbox had also started going wild with indexing, causing battery drain.

I guess with this, it's time to switch over for good.

I totally missed this post - but having read it am pretty shocked. Is that really what the app is doing? Storing the admin password so that it can override your OS settings?

Not happy about that at all...

What are the implications of not giving it your admin password?

If you read the entire article he's says what happens if you don't give it your admin password
Yeah I didn't think that there was a definitive answer in the article, kind of says that dropbox will just keep asking for it on boot. I was asking to see if anyone knew what APIs dropbox might be hooking into, but @szhu in a post above has kind of confirmed that nothing really happens. I took a look at this 2009 post. Interesting.

pretty disappointing really.

Looks like it doesn't retain the password, it just uses it to grant itself access to a config database which it can then modify at will later. Not that that is much better since accessibility permissions are kind of the keys to the kingdom and being able to modify the contents of that database is a highly restricted operation for a reason.
Dropbox has always been doing been forcing users to give it admin permissions for non-necessary reasons. I posted about this on the Dropbox forums back in 2009:

http://web.archive.org/web/20120127192749/http://forums.drop...

Seven years later and they're still at it? I doubt this article will make them change.

I noted that, curiously, if I denied it admin permissions, Dropbox would still work. I know for fact that it I never granted admin permissions because I did not have my own computer back then, and I was using Dropbox just fine.

What really baffles me is why they don't give users a choice of whether to make their system less secure when their product clearly works without those extra permissions.

Yikes!:

    $ ls -l /Library/DropboxHelperTools/
    total 1492
    -r-s--x--x   1 root  wheel  1523840 31 Aug 18:22 DropboxHelperInstaller*
    drwxr-xr-x  12 root  wheel      408 31 Aug 18:22 Dropbox_u501/
Oh no, not just on setuid root binary, no: several more too, plus a setgid procview one for good measure:

    $ ls -l /Library/DropboxHelperTools/Dropbox_u501
    total 328
    drwxr-xr-x  4 root  wheel        136  4 Apr 17:59 DropboxBundle.bundle/
    -r-s--x--x  1 root  wheel     139220 31 Aug 18:22 FinderLoadBundle*
    -rwxr-sr-x  1 root  procview   64368 23 May  2011 atos*
    -r-s--x--x  1 root  wheel       9632 31 Aug 18:22 dbaccessperm*
    -r-s--x--x  1 root  wheel     116668 31 Aug 18:22 dbfseventsd*
    drwxr-xr-x  4 root  wheel        136 31 Aug 18:22 mach_inject_bundle_stub.bundle/
FWIW, I only have dbaccessperm and dbfsevnentsd in my u501 folder.
Do anybody know why they are doing this? It seems like a lot of effort to go through, for no apparent reason.
Whoever made this decision probably doesn't realize how people like us tend to steer a lot of the decisions that drive Dropbox usage. I've had to ask 5 companies to install Dropbox this year. And I was already thinking to myself -- why Dropbox? Because it's popular? Now I'm going to be looking seriously at Box instead.
Now I have to wonder if this sort of nonsense goes on with their Windows and mobile (iOS/Android) implementations. Or are those OSes too different from how OSX works to be comparable?
BTW there actually is a legit case when DB would need your admin permissions: so you can save files with different ownership (or suid files) in your DB.

But they could handle this by asking for permission when they need to read/write those files.

None of this excuses them: since they use an underhanded dialog box I don't trust them at all. Unfortunately.