←back to thread

How the Zoom macOS installer does its job without you clicking ‘install’

(twitter.com)
796 points _Microft | 1 comments | 31 Mar 20 11:41 UTC | HN request time: 0.212s | source
Show context
eyegor ◴[01 Apr 20 01:06 UTC] No.22744627[source]
Can someone explain to me what the problem is? If you run the installer, isn't that consent to install the software? That's the whole point of it. I guess this isn't the "Mac way" but this is exactly how I would write an install script if I was slapping together support for other platforms. In fact this is the same way most installers work: it unzips an archive somewhere, then creates the links for remove/launch/etc.

What is the typical install process for software on a Mac?

replies(1): >>22753552 #
notriddle ◴[01 Apr 20 21:09 UTC] No.22753552[source]
Zoom is using a hook in the macOS installer framework in a way that is not intended.

This is forming a troubling pattern [1]. Zoom will do anything to reduce the number of clicks to start a conference, even if results in a misleading installer prompt or security vulnerability.

[1]: https://www.zdnet.com/article/zoom-defends-use-of-local-web-...

replies(1): >>22782927 #
1. whateveracct ◴[05 Apr 20 01:12 UTC] No.22782927[source]
Many PMs are obsessed with click optimization. I've been told many times that a certain feature of security method is no-go due to it being "too many clicks" full-stop -.-