Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Dropbox tackles security fears surrounding its Mac app

$
0
0

Dropbox tackles security fears surrounding its Mac app

The app only asks for the permissions it needs, Newhouse says. It uses the Mac's accessibility kit for certain tie-ins (such as in Office), and demands elevated access to your OS when standard programming interfaces fall short. The permissions aren't as "granular" as Dropbox would like, the developer adds. He stresses that Dropbox can't see your system's administrator password, and a privilege check on startup is only to make sure the software works consistently, especially across OS versions.

As for what the company will do to turn things around? To start, it wants to do a "better job" explaining what its software is doing and why it needs the permissions it does. Also, it's teaming with Apple to reduce that dependence on elevated access inmacOS Sierra, and will respect when people disable Dropbox's accessibility permissions -- currently, it turns the permissions back on.

The service reiterated its position in a statement that you can find below.

The effort to come clean may assuage those worried Dropbox is running roughshod over your computer. However, it's not pleasing everyone. Hacker News users want the firm to more explicitly outline why it needs the permissions it does, and they're worried that the broad system-level control opens the door to malware that otherwise wouldn't be possible. It's important to stress that Dropbox's requests aren't unique -- apps like Chrome and Steam also demand accessibility permissions for features, such as Steam's screen overlay. However, that might not reassure customers who believe that Dropbox's existing approach is both unnecessary and risky.

"Dropbox, like other apps, requires additional permissions to enable certain features and integrations. The operating system on a user's device may ask them to input their password to confirm. Dropbox never sees or receives these passwords. Reports of Dropbox spoofing interfaces, or capturing system passwords are absolutely false. We realize that we can do a better job communicating how these permissions are used, and we're working on improving this."


Viewing all articles
Browse latest Browse all 12749

Trending Articles