The 2016 macOS controversy: Dropbox granting itself system access
September 2016
Researchers revealed that Dropbox's Mac client used a user's admin password to directly edit macOS's protected TCC.db permissions database, inserting itself into the Accessibility list — a privacy/trust list that grants near-total control over the machine — without a clear, informed prompt.
What happened
In 2016 macOS developer Phil Stokes documented that Dropbox's Mac desktop client was appearing in the operating system's Accessibility permissions list without the user having knowingly granted it that access. Apps in the Accessibility list can observe and control the entire user interface — clicking menus and buttons, reading windows, and manipulating files — so it is one of the most powerful permissions on the system.
Further investigation showed how Dropbox got there: rather than going through Apple's intended permission flow, the client used the administrator password it requested at install time to directly modify the protected TCC.db database (located under /Library/Application Support/com.apple.TCC), the very file macOS uses to record which apps the user has authorized. By editing it directly, Dropbox effectively granted itself the access instead of asking for it through the proper, transparent mechanism. Even after a user manually removed Dropbox from the Accessibility list, it could reappear.
The behavior was characterized by critics as a 'dirty security hack' and a backdoor-like overreach, not because Dropbox was stealing data, but because it undermined the OS's own consent model and made the company's privileges opaque to the user. Apple subsequently tightened this area in macOS Sierra, requiring explicit per-app prompts for Accessibility access.
Impact
The episode struck at user trust in the most direct way: a service entrusted with users' files was quietly arrogating to itself the operating system's most sweeping permission, and doing so by subverting the very consent database meant to protect the user. It fueled a broader unease about how much control sync clients silently take over a machine, prompted security-conscious users to question and restrict Dropbox's footprint, and contributed to Apple hardening macOS permission prompts. While framed as integration convenience by Dropbox, it became a lasting reference point for cloud-client overreach.