Photolab 3 keylogger?

Hi,
I downloaded PL3 for Mac (Catalina) yesterday and I got a warning during installation that Photolab wants to log my keystrokes, including those in other apps. I did not give permission of course, but why does PL want to monitor my keystrokes? Does PL contain malware?

See the screenshot of the security settings which shows that PL has requested to monitor input from the keyboard (sorry it’s in Dutch)

We are running PL3 on both High Sierra and Mojave and don’t get this. It may be something Catalina has done automatically, but you can always simply, not only disable it by unticking it, you can also delete the item totally

Hi Joanna, thanks for your reply. I have deleted the item as you suggested. But that still leaves the question why PL wants to monitor keystrokes in the first place (which sounds malware-ish to me)

I just had a quick furtle around in my machine and couldn’t find anything untoward, even in the bowels of the PhotoLab executable package. I’m wondering if this was something to do with the installer that maybe didn’t get cleaned up? It would be interesting if someone else with Catalina could check this out.

I had PL3 installed before the Catalina upgrade and have no such entry in my system settings. If in doubt disable it, but remember it if you find anything not working about the software. I can’t imagine why PL3 should require this.

Sandboxing in Catalina got more controlled and this is new to us users and developers. I wouldn’t worry too much: In earlier versions of the systems the installed software could just do about anything without user consent. If you install something you don’t trust you are in trouble anyway.

PS: I just discovered that my installation of FP5 has “Accessibility” rights. When I start FP5 after I removed the access then it asks me again to add it.

Apple introduced a role based model of granting access rights for applications and devices in Catalina. That’s why you will be asked for granting access while installing software or using new devices.

I couldn’t find any more detailed explanation of the roles but that’s the reason why. :slight_smile:

I would uncheck the item but I can think of at least one good reason for them wanting a record of your keystrokes. It makes debugging issues a lot easier if they can capture a complete record of exactly what you did before the hang/crash/reboot/etc. I am not suggesting you should allow that, but it does make some sense if that is what they want to do.

Of course that is a guess, but being a retired software engineer that does make some sense to me. Still, you should keep your system secure and not allow it.

Happy to help! Thanks for leaving a comment.

Rest assured we have absolutely nothing that would request this in PhotoLab. It’s good that you denied it nonetheless, and it won’t impact your usage of PhotoLab in any way.

Do you have other software asking for this? I remember the case of one software (don’t remember the name unfortunately) that would bring dictionaries and specific auto-correction in other applications by injecting itself directly into the app, thus modifying their behaviour, so it could bring this kind of behavior.

It is better if you identify the cause of this problem and remove it as they affect reputation of the software. The only other app that I got this request is the one I piratedly downloaded (how shame, but I deleted that already). Getting this request made me check twice I downloaded from the correct website and not the phishing one.

We finally managed to reproduce that, as it was happening only in a single case: when dragging a palette around… We were using an API to watch for the mouse click release for the palette, which is also an API used to watch for all keystrokes across the system (which we didn’t realize back when it was written, some years ago).
We managed to remove that, so next versions shouldn’t prompt for that anymore, and if you deny it, it shouldn’t make much difference.

Thanks for reporting it, and thanks to Chayuth for taking some time to try and reproduce it for us!

4 Likes

Many thanks for this answer, this solves the problem! Also thanks to all the others for their useful suggestions.

@kettch and what about mixpanel.com ? Is this something related ? :smiley:

Not at all. We’re using mixpanel to track usage of the software, so it gives us information on what features are used the most and how they’re used. It’s not tracking any personal information, and you can disable it by unchecking the option under the license agreement at first startup, or later in preferences by disabling the “product improvement program”.
If you block it with Little Snitch, it will have the same effect as disabling it.

1 Like

Hi @kettch,
Thank you for your reply.

Somehow, this is not working on my MacOS Catalina 10.15.3 (clean install).
I still get LS popup for this connections. I start PL and do nothing, after a minute or so there is a LS popup.
My settings are:

I tried to reproduce that on my second mac with Mojave and it did not happen.

Today privacy is important and the more informations you give to explain what you do and how you do it (maybe even how it looks like), the more trust and results you will get. For example by doing this. Especially after the recent Wacom and Avast data harvesting news.
PS: the link “en savoir plus” in the settings point to this page and it needs to be updated for PL3 or you need several links or…

Thanks again and have a nice day.

Somehow, this is not working on my MacOS Catalina 10.15.3 (clean install).
I still get LS popup for this connections. I start PL and do nothing, after a minute or so there is a LS popup.

By “clean install”, do you mean the entire system was freshly installed? Or just PhotoLab?

In any case, adding a description for Little Snitch is certainly an interesting idea (I’m a user myself!).
I’m not sure I can show you the resulting data on our end, but you can certainly take a look at the cache of events that have not been sent yet. Those files are located in ~/Library/Application Support/DxO PhotoLab v3/.

As for the FAQ page you’re referring to, the info in there has not changed from version 2 to 3, even though it’s certainly a bit on the light side.

Hi @kettch sorry for the delay to respond.

The entire system.

Yes it’s a nice addition :slight_smile:

That description and the path is great . That way anybody that gets the info can look and decide to allow or not the connection.
I was talking in general terms not only for my information.

Sure. But it is still written DxO PhotoLab 2 while we are at 3. Maybe you can remove the version if things are the same. In case you want to be up-to-date on the page that is.