Dropbox in 2021

Apple's deprecation of kernel extensions forced Dropbox to rebuild its macOS sync on Apple's File Provider framework; macOS 12.3 (2022) removed the kext support Dropbox's online-only files relied on, changing behavior and temporarily breaking how third-party apps opened online-only files.

On 30 September 2021 Dropbox stopped issuing the never-expiring access tokens many integrations relied on, switching to short-lived tokens plus refresh tokens — backups, scripts, and self-hosted tools that hard-coded a static token broke unless rewritten.

Dropbox has published a biannual Transparency Report since 2012, and its own figures document a steady, long-run climb in government and law-enforcement demands for user data — including reporting periods where US legal-process requests jumped by roughly a third.

Dropbox encrypts files at rest, but the encryption keys belong to Dropbox, not the user. This server-side model — chosen to enable deduplication, previews, and search — means the company can read user files, the root cause critics return to again and again.

After spending about $165M on DocSend (2021) and $95M on FormSwift (2022), Dropbox discontinued DocSend's Send & Track analytics in March 2025 and began winding down FormSwift in 2025 — abandoning roughly $260M of acquisitions while citing the wind-down as a drag on its own paying-user numbers.

Dropbox shut down Dropbox Passwords, the password manager it had launched in 2020, in a phased 2025 wind-down ending 28 October 2025 — after which all stored credentials and payment cards were permanently deleted from its servers.

A persistent pattern of consumer complaints describes Dropbox auto-renewing annual subscriptions without clear advance notice, burying the downgrade option, and refusing refunds for unused time — practices now drawing legal scrutiny under state automatic-renewal laws.

Dropbox Paper, once promoted as the future of collaborative documents, was steadily de-emphasized: docs were migrated into the ordinary Dropbox filesystem from 2019, scattering folders and breaking the app's structure, and the Paper mobile app was discontinued in October 2025.

State-aligned hacking groups, including North Korea's Kimsuky and ScarCruft, have repeatedly used the Dropbox API as a command-and-control and data-exfiltration channel, exploiting the fact that Dropbox traffic is trusted and rarely blocked.

Since its 2018 IPO, Dropbox has steadily reoriented around higher-paying business customers and a 'Smart Workspace' strategy, layering price increases and feature-gating onto individual plans while shifting investment toward enterprise revenue.

Patent-assertion entity Motion Offense accused Dropbox's file-sharing and Smart Sync features of infringing four patents and sought roughly $35.7 million; a Waco, Texas jury returned a defense verdict in May 2023, finding no infringement and all four patents invalid.

Dropbox's Smart Sync depended on a macOS kernel extension to present space-saving 'online-only' placeholder files; when Apple deprecated third-party kexts in macOS 12.3, opening those online-only files could break until Dropbox re-engineered the feature.

Many third-party integrations request broad, full-Dropbox access rather than scoped, folder-limited permissions — so a single connected app, if compromised, can expose everything in an account.

Dropbox's own Transparency Report shows that a large share of the search warrants it receives arrive with indefinite non-disclosure orders, leaving the company unable to ever notify those users that the government took their data.

Dropbox replaced its coarse legacy access types with granular OAuth scopes, requiring every developer to revisit their app's permissions in the developer console and, in many cases, have existing users re-authorize before new functionality would work.

The DropSmack proof-of-concept warned that synced Dropbox folders could be a covert C2 and exfiltration channel; multiple real malware families — including BoxCaon, Crutch and tooling used by Kimsuky — went on to abuse Dropbox folders and the Dropbox API exactly that way.

Dropbox's API lets connected third-party apps request 'Full Dropbox' access to a user's entire account, and broad OAuth scopes mean an app users link for one task can often read far more than they expect.

Italy's competition and consumer authority opened proceedings against Dropbox in 2020 over its cloud-storage terms; in 2021 it closed one case after Dropbox committed to clearer disclosures and, in a second, found several contract clauses unfair and ordered their removal — in both cases without a fine on Dropbox.

In January 2021 Dropbox laid off about 315 employees — roughly 11% of its workforce — and announced the departure of its COO, framing the cuts as necessary to streamline the business even as the company was profitable and demand for remote tools was surging.

Dropbox went 'Virtual First' in 2020, making remote the default and converting offices to drop-in studios — but the shift, layered on a record 2017 San Francisco headquarters lease, drove hundreds of millions in real-estate impairment charges, including roughly $400M+ tied to subleasing its HQ.

Dropbox's OAuth model historically let third-party apps request full account access, and tokens persist until revoked — so a single over-permissioned or compromised integration can read, write or delete a user's entire Dropbox without any further prompt.

Investors who bought stock tied to Dropbox's March 2018 IPO alleged the registration statement concealed a slowdown in converting free users to paying ones; after an initial dismissal, the case settled for $1.38 million with no admission of wrongdoing.

The referral program that powered Dropbox's early viral growth — once worth substantial free storage — was steadily devalued, and some long-time users reported referral-earned space being clawed back to the bare 2GB minimum.

On the eve of Dropbox's 2018 IPO, CEO Drew Houston received a stock award reported at about $110 million for 2017 — a performance grant that could be worth up to roughly $930 million — even as the company would later cut thousands of jobs across 2021, 2023, and 2024.

A persistent class of complaints describes Dropbox files that sit indefinitely in a 'syncing' state and never finish, leaving users unsure whether their data was actually uploaded — in some reported cases for months, with support unable to resolve it.

Synchronoss Technologies accused Dropbox of infringing three data-synchronization patents; Dropbox won summary judgment of non-infringement and invalidity in 2019, and the Federal Circuit affirmed in 2021.

When Dropbox cannot reconcile two versions of a file, it preserves both — saving the loser as a duplicate stamped 'conflicted copy' — a data-safety mechanism that in practice creates lasting duplication and version confusion that users cannot turn off.

Because Dropbox mirrors a permissive server namespace onto stricter local filesystems, files with disallowed characters, over-long paths, or trailing periods can fail to sync or be silently renamed — sometimes without any clear warning to the user.

Dropbox has kept its free Basic plan at just 2GB since its early days, even as Google Drive offered 15GB, OneDrive 5GB, and rivals like Mega offered 20GB — leaving Dropbox with the stingiest free allowance among the major cloud providers.

Dropbox advertises Plus at $9.99 per month but charges $11.99 if you pay monthly instead of annually — a roughly 20% premium that pairs with non-refundable annual terms and auto-renewal to penalize the flexibility customers might want.

Dropbox publishes no list price for its Enterprise plan, requiring buyers to contact sales for a custom quote — an opacity that lets pricing vary by negotiation and obscures the true cost of moving an organization onto Dropbox.

When an account exceeds its quota, Dropbox can halt syncing — the core function users depend on — until they delete files or pay more, while the path to downgrade a plan or step back to free is comparatively buried, wrapped in loss warnings, and locked behind non-refundable annual terms.

After nearly four years of litigation, a Texas jury found Dropbox did not infringe four file-sharing patents asserted by Motion Offense LLC, defeating a roughly $35 million damages demand — part of a wider patent fight Dropbox largely won.

Dropbox spent $165 million on DocSend in 2021 and $95 million on FormSwift in 2022, promising to weave them into an 'end-to-end agreement workflow' — continuing its pattern of acquiring standalone tools whose long-term integration and survival under Dropbox is uncertain.

Dropbox Sign (formerly HelloSign) is sold as a wholly separate subscription — a free tier capped at three documents per month, then Essentials at about $15, Standard at about $25, and Premium at roughly $40 per user per month — so existing Dropbox storage customers must pay again, per seat, to sign documents.

Topia Technology sued Dropbox and other cloud-storage companies over two file-synchronization patents; rather than fight in court, Dropbox and Box challenged the patents at the Patent Trial and Appeal Board, which found the claims unpatentable — a result later affirmed by the Federal Circuit.

Users have long complained that Dropbox badgers them with upgrade prompts, full-page upsell interstitials, in-app badges, and marketing emails — pressure that hits not only free accounts but, by users' accounts, paying Professional customers too.

After Apple Silicon Macs shipped in late 2020, Dropbox went nearly a year without a native build, forcing its always-on sync daemon to run under Rosetta 2 emulation — to mounting user fury — before committing to a native release in 2022.

Dropbox laid off about 11% of its workforce — roughly 315 employees — in January 2021, citing the need to flatten the organization and invest in growth, and replaced the head of its HelloSign unit.

Express Mobile sued Dropbox along with eight other technology companies over website-builder patents in 2020; the suit against Dropbox was resolved by dismissal, consistent with a settlement, rather than a court ruling on the merits.

Dropbox launched 'Spaces' in 2019 as the new identity for its workspace app, relaunched it as 'Spaces 2.0' in a 2020 beta, and then quietly dropped the Spaces branding — the workspace ambitions folded back into the ordinary Dropbox app.

Dropbox Transfer lets users send files via a link, but its meaningful size limits are gated by tier: free Basic and entry plans are capped at 2 GB per transfer, with the headline 100 GB (and 250 GB with a Replay add-on) reserved for higher-priced business tiers.

Dropbox's 'Drop-ins' — the Chooser and Saver widgets that let any app use Dropbox as an open/save dialog — launched in 2013 with fanfare, but the iOS and Android Choosers were later deprecated and the program stagnated as Dropbox steered its platform away from third-party developers toward its own collaboration features.

Patent-assertion entity SynKloud Technologies sued Dropbox in the Western District of Texas over patents on wireless-device access to remote storage; Dropbox's bid to move the case to California was denied, while SynKloud's broader patent campaign unraveled at the patent office.

Names that are distinct on Dropbox's case-sensitive, Unicode-tolerant servers but identical on Windows or macOS collide on sync, and Dropbox resolves the clash by silently appending '(Case Conflict)' or '(Unicode Encoding Conflict)' to one of the files.