cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Create, upload, and share

Find help to solve issues with creating, uploading, and sharing files and folders in Dropbox. Get support and advice from the Dropbox Community.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: "Dropbox’s dirty little security hack"

Why does Dropbox ask for your computer password

Florian A.1
New member | Level 1

Hi, I just came across this blog post detailing some, shall we say, unorthodox ways Dropbox is circumventing OS X security features and tricking users into sharing their admin password:

http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/

I found the same happened on my system (OS X 10.11.6), Dropbox v9.v.49). Can you explain why you do this?

35 Replies 35

Leon N.
Helpful | Level 5

Tricking users into giving up their admin password is unethical hacking. Dropbox needs to respond and remove this hack.

Brandon A.2
New member | Level 1

+1

Kim V.4
New member | Level 1

You better have a really good [removed by moderator] explanation for doing this, Dropbox.. I don't pay you to steal my login password.

Rich
Super User II

Kim,

Please watch your language on these public forums or your posts could be removed or your account suspended. Your post has been edited. Thank you.

Rich
Super User II

John B.194
New member | Level 1

A person claiming to be a dropbox employee responded to this on the original post downplaying the thing. I think an official statement would be nice.

https://news.ycombinator.com/item?id=12463338

Leon N.
Helpful | Level 5

I don't believe the "employee" who responded. One of the things he said was accessibility is required for badges. I removed Dropbox's accessibility access, but the badges show up just fine. I've not noticed any functionality missing. 

Rich
Super User II

I removed Dropbox's accessibility access, but the badges show up just fine. I've not noticed any functionality missing. 

The badge appeared, but did you test its full functionality? If not, then it wasn't a valid test of the accessibility requirements.

I'm not arguing for or against either side. I'm only stating that simply seeing the badge show up is not a valid indicator that it's working properly.

Leon N.
Helpful | Level 5

Good point.  One feature is not a complete test. However, I continue to use Dropbox for syncing, app access (i.e. native API access from the app) and finder/pathfinder integration all seem to work fine. Anything else I should test?

BTW, it was stated by the person claiming to be a Dropbox employee that accessibility was needed for badges. It seems reasonable to expect Dropbox to explain what access is truly required, why and how this unusual authentication process works. 

Need more support?