Dropbox Sync Question

kohls

Do I need to keep the box checked for Dropbox in System Preferences >Security and Privacy>Privacy>Accessibility in order to sync 1Password across all my devices? Allowing Dropbox to control my computer sounds so ominous, but the sync doesn't seem to work if I leave the box unchecked.

---

1Password Version: 5.3.2
Extension Version: 4.4.3
OS Version: OSX 10.11
Sync Type: Dropbox
Referrer: forum-search:dropbox

Jacob

Hey @kohls! 1Password does not require this kind of additional permission in order to sync properly with Dropbox. All it needs is Dropbox to be installed and running, and access to the Dropbox folder that you're planning to sync to. Neither of those should be disrupted by disabling Dropbox's access in the Privacy pane of System Preferences. When I disabled it on my end, Dropbox sync continued working properly. Feel free to do this as well, and if there's an issue you can report back to us.

As for why Dropbox may need this access, here's an informative post on their forums related to this topic: https://www.dropboxforum.com/hc/en-us/community/posts/204505875

Let us know if you have any other questions. :)

kohls

Thanks. I'm getting some conflicting information. Dropbox Support told me It is strongly recommended for this box to stay checked in order for syncing to properly function but sync seems to work fine now that I've unchecked the box and turned Dropbox on (It seems I didn't have it running before).

Jacob

@kohls Thanks for checking into things a bit. At this point, I would recommend contacting Dropbox support directly and asking them specifically what they need this access for to get an official answer. Feel free to post the results of that here. We'd love to know what they say.

kohls

I did contact Dropbox support. This is what I got in reply:

Thank you for writing in regarding the security of your account information. I can certainly understand you wanting to ensure the security of data you have entrusted to Dropbox. I will be happy to explain the measures taken by Dropbox to ensure the security of everyone's account.

Permission to control the computer is just another way of saying that there are certain system permissions Dropbox needs to function, and many of those permissions are to establish secure connections in order to protect the data contained within your Dropbox folders.

Operating system permissions prevent files from being viewed or edited by unauthorized logins. Permissions can be set any number of ways and can be restored manually through a fairly simple process.

Another possible cause of issues with Dropbox arise when conflicts exist between your local network sharing or folder redirection preferences setup in folders or files within your Dropbox. Similar effects can also happen when your Dropbox folder or its system files are located in a mounted network drive or a remote location (like roaming profiles) since this could cause Dropbox to not have constant access or permissions to operate in those locations. This is especially an issue if other people in the network could be accessing the same data. For these reasons, I'd suggest that you ensure that your setup does not include any of the above scenarios.

Additional permissions my be required when syncing mobile devices, particularly when photos or photo albums are involved. Since there is a great deal of personally identifying information stored in the metadata for a photo file (yes, people can find you if they know how to decrypt this metadata), some of the additional permissions required for our Carousel app, for example, include:

iOS

-Contacts

-Photos

-Camera

-Notifications

-Background App Refresh

-Use Cellular Data

Android

-In-app purchases

-Device & app history

-Identity

-Contacts/Calendar

-Photos/Media/Files

-Camera/Microphone

-Wi-Fi connection information

-Device ID & call information

Facebook does not offer a large amount of granularity or retroactive permissions control, so we need to request all the permissions we need or even may need in the future.

I want to reiterate the point that all these steps are taken in order to prevent access to your data, not to facilitate access to your data. Dropbox takes great pride in being a company worth of the trust of our users, and we would never ask you to allow us access with the intent of violating that trust.

When I asked for clarification regarding whether or not the box should remain checked, I got this:

It is strongly recommended for this box to stay checked in order for syncing to properly function.

thightower

Hi @kohls

I am one of the forum moderator's over at the Dropbox forums. It is generally recommended that the box stay checked as part of that process, is allowing the sync indicators, and the context menus. At lot of it is bundled together. Portions of it appear in the extensions pane and the actual authority for Dropbox to add things like that are granted under the accessibility in my understanding. Accessibility is really a very broad determination much as you describe. I personally would like to see more fine tuned settings.

Notifications would cover being allowed to send you Notification Center banner messages etc. The Dropbox app receives the message from the server (shared link notifications) or generates one (x # of files have been changed) once the server says I have no more files for you. It attempts to pass that on to you. To do that it has to pass through a specific channel from Apple which needs authentication for it to succeed.

All Dropbox is doing is playing by Apple's rules. They are the ones whom specify the wording and yep it sounds rather ominous. If you recently preformed a clean install of OS X you may very well have seen it appear for the first time. The same goes if you updated or reinstalled the Dropbox client.

While in older systems it was not always specified in the pane, now it is. In part Dropbox needed to play well with Apple and become a good citizen. Apple has been increasing controls and limitations for 3rd party apps on every new version of OS X IMHO. Its good from a security standpoint but also forces the app to place itself in designated areas where it can be disabled for troubleshooting etc.

It is true the apps listed there are just being good Apple fellows. My list includes the following to name a few.

Undercover provided remote tracking of stolen computer
Hyperdock - provides window previews and a few other functions.
Choosy - Browser chooser - shows up as System Preferences
Dropbox - Syncing tool
OnyX - System tweaking, cleanup etc.

As you can see most any app can appear there depending on what it is they are actually doing.

What a lot of folks don't recall is in earlier version of iOS, Dropbox had to request permission for this and that. When they were needing to access that information because the camera roll contained GPS coordinates etc of all your photos.

I highly suspect this same setting you are seeing is part of that same process on OS X. When you enable camera uploads, the Dropbox app on OS X is pulling those pictures off the phone. It therefore has access to your GPS, and photos in general. It is acting on your behalf to import those.

I would say next year we will see further refinements to the security pane on OS X to get more granular, no come to think of it. On average my thinking is a little optimistic. I would say within the next 2 years. No as next year will be a feature release and the following maybe a tidy up OS X release.

A lot of my post is conjecture and a lot is based upon my personal use. In short it all depends on if you trust the app,... that is a personal choice, one each and every one of us needs to determine.

For the record, I myself have asked for a better description from the staff. Specifically my forum contact. If they are able to provide me with better information, I will update the topic.

Jacob

@kohls It looks like thightower covered things quite extensively here. Sorry if Dropbox's answer wasn't the one you wanted to hear — hopefully they'll tell us all a bit more at one point. If 1Password continues to sync fine without the accessibility permission being enabled, feel free to continue using it that way. If it starts acting weird, let us know and we can re-evaluate things. :) Thanks again for pointing this out, and have a great weekend!

kohls

Sync seems to be working fine at the moment with the box unchecked. I'm not using Dropbox for anything other than 1Password syncing, so I'll leave it off for now. Thanks.

littlebobbytables

Hello @kohls,

I'm curious now too so I'll join you. If we start seeing any funky behaviour we know to see if that's a factor.

kohls

Sounds like a plan!

sjk

Sounds like a plan!

I'm not quite ready to join in on it with you and littlebobbytables. :)

kohls

I'm finding that after I turn off the computer, the box is checked again when I turn it back on.

sjk

Hi @kohls,

Thanks for the follow-up. It sounds like the Dropbox app is enabling the Dropbox setting under System Preferences > Security & Privacy > Privacy > Accessibility after you've disabled it. To test that without restarting your Mac:

• Quit the Dropbox app
• Disable the Dropbox accessibility setting
• Reopen the Dropbox app
• Check if the Dropbox accessibility settings is enabled again

We definitely know it's not 1Password that's doing it. :)

kohls

Yep! It's checked again! Is there any harm in leaving it that way? I have to use Dropbox because the 1Password on my Mac is not from the App Store, but the ones on my IOS devices are.

AGAlumB

@kohls: Indeed, there's no harm in allowing Dropbox access to your computer. After all, that's essentially what we're asking it to do in the first place. I think the main issue here is that the "description" in System Preferences is so vague as to be useless. I'll see if I can illustrate this a bit. From Dropbox Support (email):

Permission to control the computer is just another way of saying that there are certain system permissions Dropbox needs to function, and many of those permissions are to establish secure connections in order to protect the data contained within your Dropbox folders.

This is still not completely clear, but essentially Dropbox needs to have access to the filesystem to be able to do its job. Permissions can sometimes come into play with different user accounts and administrative rights, and in the case of Dropbox, this ensures that it can read and write anything in your Dropbox folder (and also update itself in system folders) without impairment.

I have a number of other apps in System Preferences > Security & Privacy > Privacy > Accessibility, and most of them happen to be games. In those cases, this is mainly necessary to allow for keyboard customization. But again, this can cause some trepidation, since they are under the same ominous heading of "Allow the apps below to control your computer".

So I guess I'll sum it up by saying that this setting allows many apps that we depend on to do some pretty useful stuff for us, but what this happens to be can really vary. I do hope that Apple can make this a bit clearer and perhaps more granular ("allow this app to ...") in the future as well. Cheers! :)

kohls

Thanks for your thorough explanation. I'll keep Dropbox running and keep that box checked.

AGAlumB

You're most welcome! I'm glad that helped. I'm glad that Apple offers so many controls for things that can affect our security and privacy. Hopefully they can make things a bit clearer going forward — for all our sakes! :eh: