It looks like Dropbox still tries [1] to abuse [2] Accessibility services in order to gain increased access to things on your computer that applications typically shouldn't need access to. Accessibility services are for helping blind people use your software, not for your software to run roughshod all over my system. Jeez!
This isn't entirely accurate. The hack that they used (writing creds directly into the TCC db instead of using the official dialog) was closed by Apple in High Sierra I believe (might've been Mojave? I can't remember atm). Regardless, now they use the official prompt. Of course, while Apple went to the trouble of SIP protecting the TCC db, they didn't actually fix the API for getting Ax permissions, and it's still a massive pain to get it even remotely right.
As for what they're using accessibility for, I believe the official primary use case is tighter integration with the Office suite (e.g. showing users if anyone else has the doc open). So nothing exactly malicious.
This isn't anything new. Keep in mind that Dropbox was offering sync status icons for years before Apple finally created an official API for doing so. IIRC that was using an even dirtier hack, involving monkey patching Finder at runtime. I'd definitely count that as a useful feature as well, and one that Apple had no interest in supporting until it became a user expectation.
I've got no affiliation with Dropbox, and I can definitely see the concern over the TCC hack. But once you try to do any meaningful integration with macOS, you do begin to sympathize. The official APIs are limited, flaky, and prone to deprecation at a moment's notice (see Quicklook plugins in Catalina for a fresh example). And Apple, despite making it impossible for third parties to innovate in their ecosystem, gets to paint themselves as saints.
Security is paramount, of course, but needlessly restricting how users and developers can use the OS will either lead to even dirtier hacks, or only Apple apps being allowed to do new, interesting things. And I don't particularly like either option.
At least on Windows, I could with confidence say that Sysinternals Autoruns + Process Hacker would get you 99.9% of the way. I too went from Windows to macOS, and I tried countless tools (Lingon X, CleanMyMac, App Cleaner, App Cleaner & Uninstaller Pro, etc.) to no avail in my quest to kill Dropbox.
At least with Dropbox, they needed that access to modify menus and make changes to benefit the user. And they also made it clear that this is what they needed it for.
When Google does it, they are just elbowing their way into your computer.
I really wish there was a way I could revoke an App's ability to request access.
Back then it turned out the password dialog wasn't fake but was the standard OS dialog apps can request sudo access with. The text in the dialog is app-customizable.
Dropbox apparently also used to show you a fake system password dialog which saved your administrator password, and more:
https://hn.algolia.com/?q=dropbox