SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Dropbox Security Concerns Deepen with Extensive System Permissions Requests

Posted on September 21, 2016

Over the past few years, there has been an undeniable explosion in the popularity of using “the cloud” for services as diverse as music streaming, web hosting, and file storage. One of the earliest, biggest, and most continually influential players in cloud services is Dropbox. As the company that brought cloud storage and file syncing into widespread use, it’s easy to ascribe safety and security to the Dropbox brand based on popularity alone. In spite of its presence on many platforms including OS X and its everyday use in business applications, there are lingering concerns about the company’s handle on its security practices.

For example, the company suffered a huge password breach in 2012, which forced a massive reset of user login information earlier this year. Additional questions about the way the software accesses and uses user files have also made appearances at times. Now there are further issues, affecting the Dropbox app on Apple platforms.

Users reported with frustration that Dropbox displayed a dialog box through the system prompting for the system password. The software claims it requires the password to function properly. However, the software is hacking around system security to create and display this dialog box. If granted, the application gifts itself permissions beyond what the user might expect. Beyond the issue of demanding these unnecessarily extended permissions, asking you to provide something as crucial as your system level password to a third party is simply unreasonable.

As reports of these issues mounted and more users joined the conversation, Dropbox was quick to respond. The company insists that no storage of your system password occurs and that their permissions were merely to ensure functionality and compliance across changing OS versions. Dropbox additionally pledged to work harder to improve its implementation and tackle the issue in a better way. Nonetheless, the issue highlights a potential attack vector for malware and the need for scrutiny of all our software.

Even as Dropbox works to remedy its missteps and pledges to take its security practices more seriously, users should remember to be aware of what your software is doing. Taking care when granting permissions is an important part of overall system security. As we engage more and more with cloud computing in our daily lives, turning a wary eye towards these considerations is the best way to avoid a compromised system.

Join our mailing list for the latest security news and deals