Skip to content

Instantly share code, notes, and snippets.

@al45tair
Last active February 21, 2024 16:56
  • Star 35 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save al45tair/73be245ab87a66a885742b98be91ac14 to your computer and use it in GitHub Desktop.
Files installed by Zoom for mac OS

The Zoom install package for macOS is mad. Rather than actually using the installer to install things, it does everything in the preinstall script. That's bonkers, and also means that the system won't have a list of the files it installed, because it's doing it using shell script.

The script appears to install two items, namely:

/Applications/zoom.us.app
~/Library/Internet Plug-Ins/ZoomUsPlugIn.plugin

If the user opening the package isn't an administrator, it looks like it will install the app in the user's home folder instead. If they are an administrator, Zoom will delete the ZoomUsPlugIn.plugin from /Library if it's there, but it still installs to ~/Library.

It also adds Zoom to your Dock automatically, without asking.

Bizarrely, zoom.us.app is installed by unzipping a 7-zip archive, then unzipping another 7-zip archive containing graphics and copying that inside the Frameworks folder in the zoom.us.app bundle.

If run by an administrator, the script also executes a script as root to change the ownership of zoom.us.app to root:admin.

If you are on macOS 10.10 or above, the script will delete the file "ZoomAudioDevice.kext" from the zoom.us.app bundle. Perplexingly, this file doesn't actually seem to exist in the current zoom.us.app iteration (it looks like it has been replaced with a userland audio driver instead). On Mac OS X 10.9 and earlier, with the older zoom.us.app that presumably had the KEXT in it, the KEXT would be copied to the ~/Library/Application Support/zoom.us/Plugins, which it alarmingly makes writable by the "staff" group - so you'd have been loading a KEXT from a directory in your home folder that is writable to other people on the machine(!!)

That's all the installer does, but when the zoom.us.app application is first executed, it also creates the folder ~/Library/Application Support/zoom.us, which holds a database and also a copy of the retina version of the graphics bundle. The application also creates two plist files in ~/Library/Preferences, namely

us.zoom.xos.plist
ZoomChat.plist
@kylehotchkiss
Copy link

I don't have anything against Zoom but after this weeks news, I don't want it anywhere on my personal laptop, just want it on my work laptop. Here's the commands to just delete all the files listed above, thanks @al45tair for the cleanup guide above.

rm -r /Applications/zoom.us.app
rm -r ~/Library/Internet\ Plug-Ins/ZoomUsPlugIn.plugin 
rm -r ~/Library/Application\ Support/zoom.us/
rm -r ~/Library/Preferences/us.zoom.xos.plist
rm -r ~/Library/Preferences/ZoomChat.plist

@GJRobert
Copy link

GJRobert commented Apr 4, 2020

Thanks for sharing this info.

@mclow
Copy link

mclow commented Apr 7, 2020

If you want to remove all traces, you should also remove

~/Library/Logs/zoom.us
~/Library/Logs/zoominstall.log
~/Library/Caches/us.zoom.xos

The first and third one are probably created when you run the app.

@marcoburato
Copy link

Not sure if things have changed from a month ago, but in my installer package (Version: 5.0.2 (24030.0508)) the postinstall script will install ZoomUsPlugIn.plugin to /Library/Internet Plug-Ins (so, not to the user folder) when run as root. And, it will always run as root AFAIK, because the installer requires to escalate.

So, in my case I had to delete:

/Applications/zoom.us.app
/Library/Internet Plug-Ins/ZoomUsPlugIn.plugin
~/Library/Application Support/zoom.us

@flowmar
Copy link

flowmar commented May 16, 2020

There are also 2 separate packages that are downloaded from the Zoom website, I don't understand why.
I examined them with the Suspicious Package app and one of them installs about 80MB worth of stuff on the hard drive while the other one installs about 30MB worth of stuff on the hard drive. Very strange, as they both came from the same link on their website.
I downloaded it once, and got one package, turned on a VPN, reloaded the page, and got a different package.
One was called "Zoom.pkg" and the other is "zoomusInstallerFull.pkg". Very strange.

@fastrr
Copy link

fastrr commented Apr 19, 2022

I don't have anything against Zoom but after this weeks news, I don't want it anywhere on my personal laptop, just want it on my work laptop. Here's the commands to just delete all the files listed above, thanks @al45tair for the cleanup guide above.

rm -r /Applications/zoom.us.app
rm -r ~/Library/Internet\ Plug-Ins/ZoomUsPlugIn.plugin 
rm -r ~/Library/Application\ Support/zoom.us/
rm -r ~/Library/Preferences/us.zoom.xos.plist
rm -r ~/Library/Preferences/ZoomChat.plist

Thanks for the info, I am not fluent in the terminal mode beyond copy paste ;-( can you help shed some light on why I get this error? ~ % ~/Library/Caches/us.zoom.xos
zsh: permission denied: /Users/thundr/Library/Caches/us.zoom.xos

@pietrorea
Copy link

There's a much longer list of Zoom files listed here, in the brew uninstall script: https://github.com/Homebrew/homebrew-cask/blob/HEAD/Casks/zoom.rb

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment