Considering that you have your Dropbox installed head over to System Preferences> Security & Privacy>Accessibility tab. Now have you noticed the “lock” icon circled on the image, does this really mean that you have given permission for the app earlier to control the computer? The folks at applehelpwriter who tried this out say that Dropbox has never asked them for the access control yet somehow it has control over the computer.
As detailed out, in the next step just try revoking the permission and see if it really works. Go to the “padlock” symbol and uncheck the tick box. This is expected to revoke Dropbox permission to access your Mac. Now try logging out and logging in again, also try restarting the Dropbox app. Now go the System Preferences and behold, you will be surprised to see that Dropbox would have eventually appeared back in the list. The most intriguing part here is how could Dropbox gain access without going through the usual protocol of asking permission from the users and what exactly does the term “taking control” means in this context. By taking control the app will reportedly have complete access (via the accessibility) to your computer and can do any of the operations including click buttons, menus, launch apps and deleting files. By now you might have realized that this is a fatal threat that can be executed by attackers. That said, there have been no untoward incidents reported wherein Dropbox was at fault but again Dropbox still has the control over your machine and it also means that the app has overridden users and Apple’s security preferences without consent. The possibility of Dropbox storing your Admin password in its own caches or giving itself complete root privileges cannot be ruled out.
In order to deny the permissions for Dropbox, you need to re-install it and again when it asks you to enter computer admin password for Dropbox to work properly, hit cancel. Now it might be a pain canceling the dialog box every time it appears but it’s better than a root access to your Mac. The bottom line, don’t trust the apps blindly always be sure of what permissions you have granted for the app.
Update: Dropbox has finally responded to the accusation and completely rejected the claims of any wrongdoing. This is what a Dropbox spokesperson had to say:







