Dropbox’s MacOS Security Hack

Back in July, Phil Stokes at AppleHelpWriter documented some downright awful behavior on the part of Dropbox on MacOS: Dropbox prompts for your admin password, then misuses that authority to inject itself into the list of apps with permission to “control your computer” in System Preferences’s Security & Privacy panel. If you remove it from the list manually, Dropbox re-injects itself the next time it launches.

If you’re still on El Capitan, Stokes has simple instructions for removing Dropbox from this list for good.

Even better: on MacOS Sierra, Apple has closed the loophole Dropbox was abusing to circumvent this.

Tuesday, 20 September 2016