(applehelpwriter.com)

1037 points 8bitben | 2 comments | 09 Sep 16 15:52 UTC | HN request time: 0s | source

Show context

tomku ◴[09 Sep 16 16:25 UTC] No.12463685[source]▶

Non-clickbait title: "How Dropbox uses the root access that you give it during installation to give itself Accessibility authorization without triggering the usual popup".

replies(7): >>12463788 #>>12463995 #>>12464020 #>>12464453 #>>12464504 #>>12466157 #>>12468163 #

hyh1048576 ◴[09 Sep 16 16:35 UTC] No.12463788[source]▶

>>12463685 #

Great summary. But it's still some kind of hack.

If every app I installed did this then my mac is closer to getting hacked.

Anyway, Apps that asks for root password on installation always makes me cringe, e.g. they could turn on SSH and put a pubkey into authorized_keys, or they could upload SSH identity files. But I still proceed to enter my password.

replies(2): >>12463814 #>>12463870 #

gruez ◴[09 Sep 16 16:38 UTC] No.12463814[source]▶

>>12463788 #

How's that any different compared to Linux? AFAIK apt packages can run arbitrary scripts as root.

replies(4): >>12463950 #>>12463964 #>>12463969 #>>12464438 #

1. new299 ◴[09 Sep 16 16:52 UTC] No.12463964[source]▶

>>12463814 #

It's slightly different, because Dropbox board members support warrantless surveillance: http://www.drop-dropbox.com/

replies(2): >>12464011 #>>12466317 #

2. amenod ◴[09 Sep 16 16:57 UTC] No.12464011[source]▶

>>12463964 (TP) #

This is not the main difference (which is that apt packages are checked by package maintainers), but thanks for sharing the link, didn't know that. It makes this hack even more serious.

↑

How Dropbox Hacks Your Mac