Very interesting. I don't have any experience making .pkg installers nor with verifying code signing on macOS, but I agree in general, the `preinstall` script does a lot of work one would expect the installer itself to do. This is all supporting evidence for my personal preference to never run the Zoom installer, but rather to extract the application bundle by hand.[1]

Please consider writing up your findings in more detail.

[1]: https://news.ycombinator.com/item?id=20391828