I tried to install this app on my Mac today, out of necessity. I noticed two suspicious things:
a) The app is distributed as a .pkg installer, which is normally used only for stuff that requires special permissions or doesn't make sense as a runnable application, such as a user space filesystem or a kernel extension.
b) The installer warns me about the installer "inspecting whether the package can be installed on the system or not" and clicking OK, the installer doesn't run the normal steps any normal macOS installer would, it just quits. However, it does end up copying Zoom.app under /Applications.
This seems very suspicious for just a chat application. Such an application shouldn't need any of this to be distributed or installed.
1) Is there anything fishy going on with Zoom?
2) How can I be sure that even if there isn't anything fishy with the current version, the next version doesn't do anything more fishy? (= even if someone I trust says that it's OK, how should I continue trusting them?)
3) Why does it install like it does?
4) Should I boycott it? (My default stance at the moment is: yes, if I could.)
5) P.S. and TL;DR: How can I be sure that I'm not installing a piece of malware? I'm not asking about my privacy of communications while using the app, but just about the installer or the app doing malicious things in general.
This thread from Tuesday includes details of browser extensions and other strategies https://news.ycombinator.com/item?id=22659216