Following Dropbox-related security concerns that surfaced earlier this month, developer Phil Stokes has confirmed that macOS Sierra now explicitly requires apps to ask for user permission to access Accessibility (via Daring Fireball). Users can give access to an app, or click "not now" to deny the request.

dropbox-accessibility-permission
Concerns were raised after it was demonstrated that Dropbox appears in System Preferences > Security & Privacy under Accessibility, despite the fact that users were never prompted to grant access to the features. More details can be found in our previous coverage and in a Dropbox support document.

Let’s assume for the sake of argument that Dropbox never does any evil on your computer. It remains the fact that the Dropbox process has that ability. And that means, if Dropbox itself has a bug in it, it’s possible an attacker could take control of your computer by hijacking flaws in Dropbox’s code. Of course, that’s entirely theoretical, but all security risks are until someone exploits them. The essence of good computer security and indeed the very reason why OSX has these kinds of safeguards in place to begin with is that apps should not have permissions greater than those that they need to do their job.

At the time, Dropbox said it was working with Apple to reduce its dependence on elevated access in macOS Sierra, and would respect when people disable the app's Accessibility permissions, but now a much-needed safeguard exists regardless.

In a new blog post, Dropbox still recommends that Mac users running macOS Sierra update their Accessibility permissions, if needed, to ensure smooth syncing and access to certain features of the cloud storage service.

Advanced Dropbox collaboration features, such as the badge, require Accessibility permissions. You’ll be prompted to grant these permissions when you install the Dropbox desktop app on macOS Sierra. To do so, follow the instructions on screen. The same will apply for older versions of OS X in the coming weeks. For more information on Dropbox Mac permissions, visit our help center.

macOS Sierra was publicly released today as a free update on the Mac App Store.

Related Forum: macOS Sierra

Top Rated Comments

dragje Avatar
77 months ago
Drop-who?

However in all seriousness, I abandoned Dropbox ages ago and migrated to Google Drive and have never looked back.

Dropbox are "ok" no doubt but lack so many features and compared to Google are seriously slow. My file transfers since switching to Google Drive have more than tripled!
I'll never move my documents to Google Drive which enables the company to look inside within each document for commercial exploitation usage. For the same very reason I rarely using Google as a search engine, simply because I truly hate the so called targeting adds, as if I'm considdered to be a f*beep*ing monkey that would be interested in camera's for weeks just because I was searching for one at one given day. Google makes sure that all the adds on websites, in one way or the other, has something to do with camera's.

I'll regret the day that I might not care about this any longer, that I'm willingly stop using my brains and surrender myself entirely to commercial exploitation and accept that I've become a slave for a company by providing them personal information about myself and by agreeing that "to think yourself" is something one should not do. For the same reason I don't make use of facebook, delete apps that requires a facebook and/or a Google account and doesn't enable me to login besides these options.

I grew up in the world where the internet became big. And I'm really became fascinated with the phenomenon called the internet. And I should because it delivers also so much good. But I've never been able to understand why people willingly give away all of their private information, especially knowing that there is no such thing as: 'I've nothing to hide'
Score: 7 Votes (Like | Disagree)
simonmet Avatar
77 months ago
I came here to say the same thing. No matter which box you click: "Not Now", "Learn More", or obviously the third one, it puts itself in Accessibility.

My response was to remove Dropbox from my computer.
This is an OS X behaviour and unrelated to Dropbox. OS X is putting it there and this I believe is nothing new. The problem before was that Dropbox seemingly exploited loopholes or weakness in OS X to enable those privileges without asking.

It also replicates behaviour in iOS. If you deny an app permission to send you notifications or have access to your location the app still appears in the relevent settings so you can subsequently enable the permissions later if you so choose without having to delete and reinstall the app.

So it's entirely appropriate and normal that OS X puts it there.
Score: 5 Votes (Like | Disagree)
Michaelgtrusa Avatar
77 months ago
Well done Apple.
Score: 2 Votes (Like | Disagree)
Pakaku Avatar
77 months ago
I chose "Not Now" and Dropbox still jumped into Accessibility—though unchecked. My question is, how does it get in there?
Sounds like the OS itself just keeps a history of whatever has attempted to ask for permission, and anything the user denied permission for is just left there unticked.
Score: 2 Votes (Like | Disagree)
sesnir Avatar
77 months ago
I chose "Not Now" and Dropbox still jumped into Accessibility—though unchecked. My question is, how does it get in there?
I came here to say the same thing. No matter which box you click: "Not Now", "Learn More", or obviously the third one, it puts itself in Accessibility.

My response was to remove Dropbox from my computer.
Score: 2 Votes (Like | Disagree)
smacrumon Avatar
77 months ago
Drop-who?

However in all seriousness, I abandoned Dropbox ages ago and migrated to Google Drive and have never looked back.

Dropbox are "ok" no doubt but lack so many features and compared to Google are seriously slow. My file transfers since switching to Google Drive have more than tripled!
And I guess you're happy for Google to peruse your files on a daily basis.
[doublepost=1474429813][/doublepost]This is really interesting. Who would have thought MacOS could be circumvented like this? I certainly didn't. Yep post those permission warnings just like iOS vigilantly does.
Score: 1 Votes (Like | Disagree)

Popular Stories

Apple Watch Series 7 Starlight Midnight

Standard Apple Watch Series 8 Rumored to Feature Same Design as Series 7

Friday August 5, 2022 7:46 am PDT by
The standard 41mm and 45mm models of the Apple Watch Series 8 will feature the same design as the Apple Watch Series 7, according to Twitter user @ShrimpApplePro, who was first to reveal that iPhone 14 Pro models would feature a new pill-and-hole display. Titanium will not be an option for the standard Apple Watch Series 8 models either, according to @ShrimpApplePro, but Bloomberg's Mark...
cook sept 2020 event

Gurman: Apple Preparing Pre-Recorded iPhone 14 and Apple Watch Series 8 Event

Sunday August 7, 2022 6:13 am PDT by
Apple has "started to record" its virtual September event, where it's expected to announce the upcoming iPhone 14 lineup, the Apple Watch Series 8, and a new "rugged" Apple Watch model, according to Bloomberg's Mark Gurman. Writing in his latest Power On newsletter, Gurman says the event, which is expected to take place in the early part of September, is already under production, implying...
iPhone 14 Pro Purple Front and Back MacRumors Exclusive

Five iPhone 14 Rumors You May Have Missed

Thursday August 4, 2022 6:05 am PDT by
With August upon us, the countdown is officially on. We're just weeks away from when we're expecting Apple to announce the iPhone 14 lineup. Rumors of the next iPhone start early in the year, and as a result, some details about the upcoming device sometimes get lost in the crowd. Exclusive MacRumors iPhone 14 Pro renders by graphic designer Ian Zelbo To help MacRumors readers, we've created a ...
banish safari app pop ups

New iOS App Blocks Those Annoying 'Open in App' Pop-Ups in Safari

Friday August 5, 2022 2:47 am PDT by
You've probably experienced visiting a website like Reddit or LinkedIn on your iPhone only to be greeted with an annoying, almost full-screen pop-up urging you to view the content in their app instead of on the website. It's a common practice for websites that have accompanying iOS apps to push users to open (if they already have the app installed) or download their app from the App Store to ...
top stories 7aug22

Top Stories: iPadOS 16 Delayed, iPhone 14 Pro Rumors, Studio Display Speaker Issues

Saturday August 6, 2022 6:00 am PDT by
The big Apple news this week was word that the upcoming iPadOS 16 update apparently won't be arriving alongside its counterpart update for the iPhone in September, largely due to a need to continue refining the new Stage Manager multitasking feature. Other popular stories this week included more hints about the iPhone 14 Pro's rumored always-on display, potential design leaks for the...