It’s not per se, otherwise Terminal.app and iTerm2.app would be among the most sinister signed apps ever. Signatures only protect the app bundle itself, not user-supplied code or code fetched to locations outside the bundle.
However, it’s bafflingly weird to include such a thing just to skip a button press or two in the installer.
However, it’s bafflingly weird to include such a thing just to skip a button press or two in the installer.
Not at all. Generally every mouse click required to get an app running will slash your userbase in size by some staggering amount, like 20-50%. I can't quite recall the exact number or where I've seen this, but I've definitely heard this fact from multiple sources, including at Google. Try counting how many clicks are required to get Chrome on your system and you'll be surprised how optimised it is.
Companies measure this, they're very sensitive to it of course. They want as many conversions as possible, but they can see that the more complex the install process gets, the fewer users make it through the other end. It's entirely normal for Zoom to want to simplify as much as possible.
I wonder if it's just a case of an opinionated junior developer. I've been there. I've written a Windows NT console app once upon a time and there was something about the console that bugged me to no end, so I ended up rewriting it as a graphical app using my own fonts and terminal emulation. Probably wasted days doing this for some minor artifact of the UI, but it felt like a huge accomplishment at the time. Similarly here, guy or gal get it in their head that the extra click just won't do, and then find a hack around it.
I can see how skipping the installer flow might skeeve people out but this particular bit about some signed doodad in the installer being able to launch scripts seems like something between a nothingburger and mildly curious. Just wondering if I'm missing something here.
However, it’s bafflingly weird to include such a thing just to skip a button press or two in the installer.