This isn't entirely accurate. The hack that they used (writing creds directly into the TCC db instead of using the official dialog) was closed by Apple in High Sierra I believe (might've been Mojave? I can't remember atm). Regardless, now they use the official prompt. Of course, while Apple went to the trouble of SIP protecting the TCC db, they didn't actually fix the API for getting Ax permissions, and it's still a massive pain to get it even remotely right.
As for what they're using accessibility for, I believe the official primary use case is tighter integration with the Office suite (e.g. showing users if anyone else has the doc open). So nothing exactly malicious.
This isn't anything new. Keep in mind that Dropbox was offering sync status icons for years before Apple finally created an official API for doing so. IIRC that was using an even dirtier hack, involving monkey patching Finder at runtime. I'd definitely count that as a useful feature as well, and one that Apple had no interest in supporting until it became a user expectation.
I've got no affiliation with Dropbox, and I can definitely see the concern over the TCC hack. But once you try to do any meaningful integration with macOS, you do begin to sympathize. The official APIs are limited, flaky, and prone to deprecation at a moment's notice (see Quicklook plugins in Catalina for a fresh example). And Apple, despite making it impossible for third parties to innovate in their ecosystem, gets to paint themselves as saints.
Security is paramount, of course, but needlessly restricting how users and developers can use the OS will either lead to even dirtier hacks, or only Apple apps being allowed to do new, interesting things. And I don't particularly like either option.
As for what they're using accessibility for, I believe the official primary use case is tighter integration with the Office suite (e.g. showing users if anyone else has the doc open). So nothing exactly malicious.
This isn't anything new. Keep in mind that Dropbox was offering sync status icons for years before Apple finally created an official API for doing so. IIRC that was using an even dirtier hack, involving monkey patching Finder at runtime. I'd definitely count that as a useful feature as well, and one that Apple had no interest in supporting until it became a user expectation.
I've got no affiliation with Dropbox, and I can definitely see the concern over the TCC hack. But once you try to do any meaningful integration with macOS, you do begin to sympathize. The official APIs are limited, flaky, and prone to deprecation at a moment's notice (see Quicklook plugins in Catalina for a fresh example). And Apple, despite making it impossible for third parties to innovate in their ecosystem, gets to paint themselves as saints.
Security is paramount, of course, but needlessly restricting how users and developers can use the OS will either lead to even dirtier hacks, or only Apple apps being allowed to do new, interesting things. And I don't particularly like either option.