The popular video conferencing company Zoom has been under scrutiny over the past few days for the method used to install the Mac version of its app, which essentially abused a "preflight" compatibility check to install the app without the user needing to explicitly grant installation permission, as highlighted by developer Felix Seele earlier this week.
/article-new/2020/04/zoom_preflight_install.jpg?lossy)
Zoom CEO Eric Yuan responded to Seele, noting that while the installation method was "implemented to balance the number of clicks given the limitations of the standard technology," he recognized the issue and promised to "continue to improve."
/article-new/2020/04/zoom_traditional_install.jpg?lossy)
Zoom has now updated its Mac app installer to no longer use the preflight installation method, instead using a traditional installation authorization process, as noted by The Verge.
“They completely removed the preinstall stuff, so you now need to click through the installer as it ought to be,” explains Seele in a message to The Verge. The fake prompt has also been removed so users have to specifically click through and install Zoom. “I must say that I am impressed,” says Seele. “I expected them to maybe change the dialog, but since the ‘zero-click’ aspect was so important to them, I thought they would stick with the preinstall-trick.”
The Mac app installation issue is hardly Zoom's first controversy, with the company seeing increased attention as its popularity has boomed amid self-isolation. Other recent controversies over just the past week have included its integration with a Facebook SDK that was sending Zoom user data to Facebook and misleading claims of end-to-end encryption.
Top Rated Comments
No, you only need to do the first stepDo I need to delete and reinstall Zoom for more security after this change?
Not a fan of Zoom since then. Nothing they have done since then has endeared me any more. I prefer FaceTime, Skype, or pretty much any other method to connect than Zoom.
A software bug is one thing, engineering a buggy web server to intentionally bypass a browser security measure, engineering an installer to get around user confirmation prompts, and being deceptive in your advertising and documentation are on a totally different level.Remember when a person could hear you before you picked up a FaceTime call? Bugs happen.
Let me know when they stop making bazillions auctioning users behavioural surplus on the data marketsIt seems like they made some bad choices, but it also seems like they are recognizing the fact they were bad choices and are quickly taking steps to address them.
It's easy to fault them but perhaps such quick acknowledgement and rapid changes are a good sign.