SecureMac, Inc.

Dropbox Security Concerns Deepen with Extensive System Permissions Requests

September 21, 2016

Over the past few years, there has been an undeniable explosion in the popularity of using “the cloud” for services as diverse as music streaming, web hosting, and file storage. One of the earliest, biggest, and most continually influential players in cloud services is Dropbox. As the company that brought cloud storage and file syncing into widespread use, it’s easy to ascribe safety and security to the Dropbox brand based on popularity alone. In spite of its presence on many platforms including OS X and its everyday use in business …

Dropbox Security Concerns Deepen with Extensive System Permissions Requests

Over the past few years, there has been an undeniable explosion in the popularity of using “the cloud” for services as diverse as music streaming, web hosting, and file storage. One of the earliest, biggest, and most continually influential players in cloud services is Dropbox. As the company that brought cloud storage and file syncing into widespread use, it’s easy to ascribe safety and security to the Dropbox brand based on popularity alone. In spite of its presence on many platforms including OS X and its everyday use in business applications, there are lingering concerns about the company’s handle on its security practices.

For example, the company suffered a huge password breach in 2012, which forced a massive reset of user login information earlier this year. Additional questions about the way the software accesses and uses user files have also made appearances at times. Now there are further issues, affecting the Dropbox app on Apple platforms.

Users reported with frustration that Dropbox displayed a dialog box through the system prompting for the system password. The software claims it requires the password to function properly. However, the software is hacking around system security to create and display this dialog box. If granted, the application gifts itself permissions beyond what the user might expect. Beyond the issue of demanding these unnecessarily extended permissions, asking you to provide something as crucial as your system level password to a third party is simply unreasonable.

As reports of these issues mounted and more users joined the conversation, Dropbox was quick to respond. The company insists that no storage of your system password occurs and that their permissions were merely to ensure functionality and compliance across changing OS versions. Dropbox additionally pledged to work harder to improve its implementation and tackle the issue in a better way. Nonetheless, the issue highlights a potential attack vector for malware and the need for scrutiny of all our software.

Even as Dropbox works to remedy its missteps and pledges to take its security practices more seriously, users should remember to be aware of what your software is doing. Taking care when granting permissions is an important part of overall system security. As we engage more and more with cloud computing in our daily lives, turning a wary eye towards these considerations is the best way to avoid a compromised system.

Get the latest security news and deals