March 26, 2009
One thing I’ve noticed more and more of lately is news of trojans appearing for Mac OS X. Take this, or this for example. These stories aren’t the result of a security issue, but of users trusting applications they shouldn’t, and explicitly authorizing them to do whatever they want to the system.
The reason I’m bringing this up is because there’s a rule every OS X developer should follow, one that I think is more important now than ever: never, ever use an installer unless you absolutely need to. I’ve seen a lot of applications use an installer when they don’t need it (especially cross platform applications), and if trojans like these become well known to the public conscious, you’re going to have a lot of potential customers trashing your app before even trying it.
So when do you need to use an installer? Obviously there are exceptions, but it doesn’t seem to me like there are many cases where you do. Preference panes can be installed with a simple double-click, and users can drag application bundles wherever they want (frequently I run an app from the disk image before I decide if I want to keep it). Even if you have good reason to put support files or background applications elsewhere on the hard drive, you can check and do this the first time the user opens your application.