How the Zoom macOS installer does its job without you clicking ‘install’

1) If Zoom can do this then it's a MacOS security bug.

2) UX matters. Users don't care about the technical details, they want a smooth experience and that can be the difference between a billion-dollar business or a failed startup. And yes the desktop version is more stable than the web-based UI.

3) Malware is defined by what it does, not how it's installed.

I mean, it's not really a security bug. Installer.app displays a dialog box that says "Hey, this package wants to run arbitrary code to check if it's compatible with your system. Is that OK?" The user is explicitly opting into the code execution. Zoom's "compatibility check" installs the app and kills the installer window. That's certainly unexpected behavior, but I don't think it's an exploit in any real sense.

While normally I'd object to running arbitrary code with just an easily-skippable dialog as confirmation, but I think it's OK in this case where the expectation was that we're installing their software anyway.

As a user, I would not assume that checking compatibility means I'm executing arbitrary code. I mean it could just be macOS examining the binary to make sure it's compatible with my ISA, or checking some app metadata about recommended free resources like ram/disk space.