About a decade ago, I briefly worked for a company with the same business model. Since most Windows installers require Administrator privileges, the DLLs that they side-load will inherit these elevated privileges and can scan the user's machine for anything they are interested in.
The way this software worked (as far as I can recall): The installer bundled a DLL from which only a few minor functions were exposed to display offers within the host process. Usually, the only thing the client portion of this DLL needed was a HWND. During initialization, the DLL stored a copy of itself in the user's temp directory. The host application unknowingly then used rundll32 to load this copy as a separate (also elevated) process. This process would run at least as long as the calling process would. Once in place, the process would scan the user's computer for specific use patterns (geoinformation; MS Office presence; what language; etc.). In order to retrieve the latest advertising "offers", the DLL called home with this information over a secure pipe and checked for updates. This data was stored and referenced if the same user invoked the DLL again at some point. Only at this point would any actual targeted ads be displayed in the client application's window.
Things may have changed since then - these were the pre-Windows 10 days - but if it's anything like this, it's wise to avoid the Unity installer.
> About a decade ago, I briefly worked for a company with the same business model.
The best part is they likely had an EV code signing certificate with instant SmartScreen reputation while all the indie and open source developers are sitting around locked out of the system due to cost and the absolute clown show of security theatrics baked in to the the trust industry's identity verification processes.
They share similarity, but they are still seen as two separate categories of software. The malware discussed above is absolutely not the same as DRM / Anti-cheat that are bundled in most games today and bundling something that is definitely a "malware" will get you kicked off those platform whereas DRM / Anti-cheat is tolerated.
> They share similarity, but they are still seen as two separate categories of software
Malware isn't really a uniform category of software. They can be harmful in a lot of different ways. Something like a kernel level anti-cheat is malware in almost every sense of the name except the developer's promise that it's not doing anything nasty. And there's a long list of DRM that affects the performance, security, or stability of the system while most users aren't aware this is happening or why. They install a game, everything else that comes with it is realistically hidden just like any malware.
So while you could group them in different categories, many forms of DRM are malware in form and function.
The philosophical definition is what is being discussed because at the end of the day that is all we have. There is no hard-coded, software-defined definition for malware other than the loose, varying definitions baked into anti-malware programs and services, that are based on our philosophical definition and frequently experience false positives and negatives. Conversely, there are very precise definitions for things like a regular expression or a hash table, but malware isn't like that. To say it is "our" philosophical definition is also a bit farsical -- malware is defined by the corporations that own the anti-malware companies. We don't have much say in what that definition is, in practice.
But sticking with a philosophical defintion, malware is a very fuzzy category, and that line is so blurred as to essentially not be there in the case of anti-cheat programs and services, which effectively spy on the user (malware behavior) for financial gain (having a gaming platform that doesn't have a large number of cheaters) and often employ malware tactics like rootkits, VM detection, process inspection, etc.. Similairly Google Analytics definitely meets the criteria we generally use to define malware (spyware in that case) if you raise the bar a bit for things running in the browser.
I agree to a certain point but what I'm trying to say is that you can embed google analytics in your games and it won't get banned from steam, but if you add some kind of software that install popup ads whenever you boot your computer, you will get banned.
No matter how we define those at the end of the day there is a difference between them, so maybe "malware" is the wrong word here as this seems to irk many, but seeing all the replies that group DRM / anti-cheat / analytics / ads (interstitial) and malicious software that get sneakily installed to add toolbar / popups to a computer all being grouped together as one and the same is just wrong because in the practical world those companies makes a clear distinction between them.
So my question is, if the correct word is not "malware" to uniquely specify that subset of software that is clearly banned from those store and won't at large also includes stuff that are OK like analytics. What is it?
Personally, in the real world, I would never specify something like analytics or ads (interstitial) as "malware" (even if philosophically they are) because to me, the way I've seen it used was to identify software that get sneakily installed and add malicious stuff to the user's computer (popup / toolbar / crypto mining).
DRM / Anti-cheat, even tho they are "bad" (I get that), are not going to suddenly start showing ads popup (and if they did and they totally can, the stores would banned those games and would classify it as malware not just DRM).
Making a word too broad means we loose the meaning. There has to be a specific word that describes the exact type of software that I am desperately trying to specify. And I know you know what I'm referring to, and I'm sure everyone understood what I meant, and I get that it isn't "malware" but what is it?
> What matters here is the definition from those platform
I do not agree and I really don't see you being able to support this. They are just different categories of malware. Malware is defined by its characteristics, not the "platform's" (developer's?) definition.
Even if we don't have an absolutely clear, rock solid and immutable definition of what malware is, it's generally accepted that if a piece of software is affecting the stability, security, or performance of a system, while the owner may not even be aware of the presence, function, or impact of that software, then it's malware. More generally performing actions to the detriment of the owner and without the owner's knowledge.
White-hat software that infected routers to fix backdoors and eliminate black-hat malware (so to improve the security, stability, or performance of the system) was in practice still considered malware.
So keep in mind that an attacker punching you in the face doesn't get to decide whether it's assault or actually just percussive transmission of information. It's the characteristics of the action which define it.
True, it's still technically a possibility. I guess my point was more that everyone seems to buy in the tabloid reporting that unity games installer will now be filled with malware when this merging is clearly meant that they want to add more Ads into unity games. And showing interstitial Ads in a game is not the same as malware.
So you think it's unfounded to assume that them merging with a malware company means they will start installing malware somehow? I think there would be _no other reason_ to merge with a company that makes malware? Maybe it won't target devs, but the concern is no unfounded.
Absolutely, there's no shortage of reasons to hate on Unity or this merging, they have done so many things wrong it is infuriating but thinking that they would include malware as describe above forcibly, making any games made in Unity unpublishable on virtually all stores makes no sense.
Unity game dev will, willingly, include ads into their games, no need to sneakily force malware on users computer for that.
I get the fear, "unfounded" was perhaps the wrong word, most articles want to push the narrative this way, but despite their previous sketchy background, IronSource is one the leading mobile gaming ads company, they don't only make malware and clearly this merging is about "ads" and not installing malware.
No. I really don't see the concern. Unity's business model does not involve targeting users with ads by installing malware on their system. However, many games studios do choose to integrate ads into their game loop and as a game platform I can see exactly why Unit wants this type of talent in-house so they can make their platform more attractive for game devs that might be looking for this type of feature in a platform.
Ads are malware. The reason ad networks use the same techniques as other forms of malware is that they're both trying to make the computer behave in ways that its owner doesn't want.
A lot of anticheats used to work similarly back in the day. They’d set SeDebugPrivilege, and arbitrarily scan memory and files, then offload that data to some server. Truly behaving like malware.
Edit: Nowadays they take it a step further, like Vanguard. It’s a boot kit that injects a kernel mode driver right at the beginning of OS initialization,
All of this makes me ask the question of, "How does a company go public without losing themselves? Is that even possible?"
This type of going public and chasing shareholder, share selling, cash infusion (sorry for the word salad, I couldn't think of a better way to put it) - which is often needed for growth past a certain point - how does a company not compromise their vision and bow to the shareholders once they go public, when their directive then becomes "Maximize stock value for the shareholders"?
NOTE: I'm an engineer who graduated with an art degree, so this is way out of my wheel house. I've always built things, and have not been privy to the business side of the show. It's a bit foreign to me.
Answer: Ethical leadership, which many public companies have. Sometimes you hear people say that public companies have to value shareholder returns above all else. It's usually opinion columnists or maybe popular economists, but not lawyers. That's because it's not really true. Public corporations have always made choice that favor customers or employees over shareholders and always will. Example: Ben and Jerry's. Public corporations can be as ethical as any other type of business. But any business can be ethical or not.
CEOs use the excuse of "shareholders" because it sounds better than "I wanted to maximize my bonus." That isn't all bad-- seriously everyone wants to maximize their bonus, including me!
As as an aside, I really doubt Unity is planning on installing malware even if they could through the Steam or Apple stores (which they probably can't). They probably just want to do better ad tracking. Is this ethical? I don't know enough to say. But a mom and pop or private company could do the same thing.
This is a complete fantasy. I'm glad you paid attention in your ethics class, but Ben & Jerry's is now owned by Unilever.
Take a look at beloved Costco. Blackstone took over the board and has been putting the screws on their staff, and hard selling customers on Executive Memberships. Their hot dog is on the ropes and we'll see if it remains a loss leader.
As profit growth declines due to market saturation, drastic measures will be taken to keep profit growth high. Workers and customers will be squeezed for next quarter growth.
If you think I'm wrong then please take a look at your favourite fortune 500 company and tell me who is going to pay for this quarter's inflation, the shareholders or the customers?
How about when companies like Red Hat, VMWare and Twitter receive offers? I understand that in almost all cases the board feels legally compelled to accept a high enough offer.
So any company's "soul" will be lost through time by mergers and acquisitions. The company that played the game of make-the-most will end up with a treasury large enough to buy those companies who tried the path of ethics.
Can you clarify what you're asking here? When I read your comment it looks like you're suggesting it's highly ethical to punish people for not wanting to give you money.
I don't think it is unethical to offer a free game that contains advertising or "pay to win" content if the person downloading the game knows it is there and the app / program is honest about it's permissions and it's tracking. People choose to download apps like this all the time, knowing exactly what they are getting.
Games cost money to make. If people don't want to pay money up front for them, well then as they say: the user can be the product.
The point isn't that people don't want to pay money up front, it's a decision being made by developers to churn out endless f2p games over games that gamers would glady pay up front for, and since everyone else is doing it and one or two people make a lot of money in it, a bunch of people who chase shiny try to chase shiny, just like others chased after crypto and other gimmicks.
All the while, the already paying customer base is frustrated.
Offering free food that turns out to be poisoned is not ethical. I'm all for charging an honest price for honest work, but I don't think there's anything morally wrong with taking something offered as a free gift.
They had made previous ‘commitments’ to Wall St that they had a way to circumvent Apple Tracking Transparency by using ML to do the tracking without all the device information. It didn’t work, and their stock tanked when they announced it in quarterly results.
This _seems_ like an attempt to shore up that part of the business.
Speculation:
They know the returns from the game engine/vr-ar future will take a long time to arrive. So they need — given they’re a publicly traded company - to ‘show them the money’, and they fell down the ‘ads!’ hole, and I’m not sure they’ll get out of it.
> They had made previous ‘commitments’ to Wall St that they had a way to circumvent Apple Tracking Transparency by using ML to do the tracking without all the device information.
Those pesky consumers, who have explicitly chosen not to be tracked.
When Apple Tracking Transparency first came about, many of my clients had a hard time grasping the situation. They couldn't understand why we couldn't track them anyway, even though within the agreements between all parties it was clear that the consumer has not allowed you to track them. The attitude for some business owners is that their engagement with their consumers is not an agreement between two parties, consumers are just feedstock for their advertising apparatus.
And I bet the upper management liquidated a bunch of stock between that commitment and quarterly results. My last company was acquired by a company that did a similar pump and dump but used the pump to buy my company followed quickly by all our "new" upper management cashing out. My 14K in stock was worth <300 when I left the company. I still don't understand how no one sued or jailed for that fiasco.
Wait, for real? Do you have any links or anything about Unity working to circumvent Apple Tracking Transparency? That really puts the merger into perspective and shows their intent is even more reprehensible than it initially seemed...
Even if AR and VR becomes a thing that won’t buy that many more licenses from them. They already offer 10(?) platform targets. I would imagine the number of dev seats stays about the same as studios shift or expand to the new platform. It’ll be quite a low multiplier
Simple: Unity is bleeding money, is an inferior engine in pretty much all possible ways (sure, rendering quality is the one that UE is obviously better at, but that also includes ease of use, available tooling, stability, etc), has launched multiple projects in parallel leading to a half finished engine everywhere (Use default Unity! Unless you want to use DOTS ? It's still in alpha and kind of abandoned but also has features that we'll never put in default Unity. Also do the same for rendering! The default rendering pipeline is simple! But you can also use a Scriptable Render Pipeline! We even provide a default one, and you can customize it! No, it's missing a lot of features, yes, we know. How about you use HDRP for that ? It's our high definition pipeline! Just move to it already! Yes, it's missing a ton of features and performance is dogshit, but look, we made a nice video with humans that takes 5 weeks to render on any normal PC and took weeks of optimization. What's that? You don't like it ? You want to swap back to SRP ? Ah shit, we forgot to tell you, moving to HDRP is a one way process. Yes, all your assets are fucked now.), has a terrible reputation because every asset flip game will start with that logo, a complete mess of a pricing table (which one do you want, Student, Personal ? Oh wait, you're working on a game ? then you need Pro. Or Plus. Or maybe Industrial Collection. Or Enterprise ? Confused ? Contact us and we'll make the price stupid).
So, they're going where the money is. They're pivoting to mobile games, and to make bank in that, they partner with a spyware company that installs shit on your phone and is neck deep in helping with predatory pricing and abusive psychological manipulations.
Unity is a sinking ship, and the captain is a rat.
Unreal gets a 5% royalty on every game. Unity is a subscription model, they don't get more money out of wildly successful games like Hearthstone or Pokemon Go. Their solution to this is adding more over-the-top services like analytics and advertising.
The Unity goal of democratizing game development specifically targeted game engine royalties which were a massive barrier to entry. 5% may seem small but before Unity stole their thunder, Epic used to charge upwards of 20% royalty plus a massive upfront cost in the six figures, which put a commercial engine out of reach for independent developers.
Yeah, except in the early days Unity wasn’t really a production ready game engine. Very few games would release on unity and fewer made money. Unity’s profit model had generally been users who wanted to make games enough to buy a license, but there were few incentives for Unity to make a game engine good for Shipping games.
Unity has always had a pretty predatory business model. And has basically never made money from successfully shipping games.
That's assuming Blizzard would've gone with Unity if there was a 5% royalty. Unreal isn't necessarily getting 5% out of bigger titles either, that's just the standard license.
The thing about game tools is that it's always a balancing act because for all the money that flows through the space, there isn't a lot of money to go around.
A game engine company cannot ask for much money at all without the people holding the purse strings turning around and asking "Why don't we just use an open source engine or build our own?" So Unity is stuck with a huge foot-in-the-door problem regarding their game engine business: their direct competition is their customers.
To their credit, I have been consistently impressed with their approach to addressing that challenge, but that challenge makes the whole space of game development support tooling hard to persevere in.
Very few new games use their own engine. Excluding legacy titles and AAA publishers who have their own tech developed across decades, I believe proprietary engines are less than 10% of the market today. The only exception is the Japanese market but even that has changed in recent years with Unity and Epic making inroads.
It’s very difficult to justify the expense of developing your own engine, especially if you intend to release for multiple platforms.
It’s very difficult to justify the expense of developing your own engine now. Those numbers are distorted by Unity having been on the market for seventeen years. In 2005 (the year Unity hit the market), there were thirty-nine new games on Steam. In 2021, there were over 10,000.
Now you have to ask how many of those games would have happened absent a Unity, and the answer is "Most would not." But it's a chicken-egg problem: without Unity, the games wouldn't have existed, but if Unity asks for too much money to publish the game with their engine, the game also doesn't exist.
It's a conundrum that caused Unity's predecessors to mostly try and fail (with a few exceptions that are still around), and I've been impressed by their ability to thread the needle on this market. But it's a delicate market... lacking a Unity out there, I doubt OnlyCans Team would have rolled their own engine, but I also doubt they'd have paid money to Unreal to execute on their novelty idea. They just... Wouldn't exist. Unity has to pull far, far less revenue from developers of a game project than Unreal does to maintain the existence of the ecosystem they grew around themselves.
> In 2005 (the year Unity hit the market), there were thirty-nine new games on Steam. In 2021, there were over 10,000.
While I think your point still holds, I think it should be noted that 2005 was 2 years after steam released. And still primarily a distribution platform for valve’s first party games. There were many more games available via other distribution channels.
It's also worth noting that Steam has partially opened up for independent developers in 2012 with Steam Greenlight (via manual curation), and fully opened up only in 2017 with Steam Direct. Before that, you had to be an approved partner to be able to publish on Steam.
It's unlikely for a small indie to roll a mobile game engine But if you are talking about companies with millions of dollars of income from gacha games like Hearthstone, most of them have already attempted to roll their own or even used in production already. (NeoX from NetEase, Cyllista from Cygames and Supercell’s unnamed engine…) For mobile game engines, they are not striving for crazy visual fidelity since mobile hardware is really limiting. Those who stick with Unity now because it’s cheaper, but if Unity tries to charge way more, they will definitely spend that markup to push their own tech onto production instead of surrendering money to Unity.
Unreal has technology moats like Lumen and Nanite to justify the royalty while Unity doesn't.
There's also a difference between rolling your own in-house engine like Frostbite or REDengine, and making a game on your own with no general-purpose engine using something like SDL. There's little point in doing the former nowadays, but there's plenty of titles that still successfully take the latter approach. General-purpose engines make this whole field obviously more approachable and for some kinds of projects are the only viable option, so the percentage share of no-engine games will likely continue going down, but I don't expect absolute numbers to drop significantly.
You don't have to follow through. You just make the case to the engine licensor that you will take that option if they don't reduce their price. Alternatives are bargaining chips, even if they are poor alternatives. Not every seller will make concessions when you do this. Some do, and some say "OK then let us know if you change your mind" and wait.
Hmm, I wonder if maybe the royalties model is better for the developer in addition to possibly making more money for the engine. I know I wouldn't shell out a ton of money on an ongoing basis for a project I don't know will ever go anywhere; most people presumably think similarly.
This would also help Unity's image of being an engine for bad games; currently, bad games use the free version of Unity, meaning they show the Unity logo splash screen, while all good games built on Unity use the paid version which allows customizing the splash screen.
If there was only one version of Unity, which was free up-front but took a 5% royalty, it seems like a lot of problems would be solved for both Unity and developers.
1. Unity only grabs the Indie especially the mobile market.
2. Unity cannot compete with UE without a huge investment.
So the only solution is to go down the ads road. Sorry I really don't see a second option. Only with ads can Unity makes more money to afford more editor development. Editor development needs very expensive people (those senior and staff engineers with large TC) and has no way to prove that it can be profitable so far.
They want to offer monetization features to Unity-based games.
> Unity already has Unity Ads, "our monetization solution for mobile games that enables game developers to monetize their entire player base", but obviously there are benefits to combining that with IronSource: "Unity and ironSource's complementary data and product capabilities will give creators access to better funding for user acquisition (UA) and monetization to successfully scale their games and accelerate their economic performance."
You're not the sort of investor that public companies are generally interested in pleasing. They're mainly concerned with institutional investors and fund managers, not retail investors.
Unity's stock dropped another 20% in response to the announcement and it prompted yet another shareholder lawsuit, so I wouldn't expect those people to be happy either.
One-day valuation changes like that on an already-somewhat-volatile-and-downtrending stock isn't necessarily an indicator of meaningful long-term impact, and nearly any major action a public company takes triggers shareholder lawsuit trolling.
"Acquiring" is a stretch, basically they're bringing ironsource public under their stock. The "valuation" of the deal is also a stretch, but honestly shows how little the market cares about ethics.
I'm quite surprised that nobody is talking about anti competition - ironsource's rise and unity ads are, together, a very large mobile advertising network. Two that are often vying for the same customer. App developers that depend on those two competing are now shit out of luck. I'm really surprised this deal snuck through anticompetition oversight and it doesn't seem like it would have if google wasn't at the same table.
Anyway, ironsource STILL runs this slippery desktop install network - it's not like this was way back in the past and they've moved on. Hit the download button on any streaming/torrent website or keygen installer and you'll find ironsource.
Article buries it deep in the article probably because it makes this merger a lot less concerning but apparently Unity is acquiring IronSource rather than vice versa.
I have a confession to make. I installed lots of adware back in the 2000s. It was good money, got paid around $4~6 USD per toolbar installs that I bundled with my free software I made.
It really felt like I was printing money. Whenever I needed to pay tuition I would just work for like 8~10 hours and the next month a check arrived that paid all of my costs as a student.
Looking back it wasn't the best but neither was being forced to pay a few thousand dollars every semester to buy the same textbook but with an updated cover and table of contents so they can call it the 18th edition.
For a corporation that is trading publicly to do this, I have to wonder who is running it and whether they have its best interest.
I see many indie developers starting to ditch Unity and opting for Godot or other game engines. This is unlikely to impact Unreal Engine, as it very much is aimed at a different demographic (namely studios with at least 5 FTE)
It's fair to compare what competitors baseline is here, at the risk of whataboutism. I find it surprising not a peep about the culpability Windows has in the equation.
> Q: Why don't you use the term Open Source when talking about the source code?
> A: The definition of the term Open Source is heavily debated. The Open Source Initiative has created a definition of the term Open Source where it must be possible to commercialise the source code. The Defold Foundation has made the decision to prevent commercialisation of the game engine and editor (the Game Engine Product). We want Defold to always be free to use! (You can of course still sell your games and plugins and you can modify the engine as much as you like).
Depending where your moral compass lies this is either even better than open source or worse.
No, the definition of the term isn't heavily debated; it just became a trendy term over years with enough positive connotations to make some people want to use it for marketing even when their projects don't actually match the definition.
When Defold made its source code public, they used the term "open source" across their marketing material and only stopped doing so after community backlash. Their license URL is still "/opensource/". They got a lot of media coverage from people who were mislead into believing that Defold went open source until this got corrected. You should read what they wrote with this context in your head. I find what you quoted to be borderline manipulative.
Also, I don't understand the purpose of non-commercial clauses on such projects. All they do is cause PITA. It makes your project non-free, so it cannot be included in distros that distribute FLOSS only or mixed with code on viral licenses. And nobody is going to buy something they can get for free unless you're adding some real value on your own with your fork. Furthermore, what exactly constitutes of "commercial usage" is often arguable. If you really care about your project staying free, use a viral FLOSS license, with a non-viral exception on the runtime part. Those technically don't prevent commercialization, but still require freedom, so everything stays free to use in practice. Stamping a non-commercial clause on a Apache-like license like Defold did is the worst of all worlds.
Since I worked for a german automotive brand as an interaction designer for 7 years and left with good reasons - having learned that the three pointed star (my ex-employer) and bmw now are turning to using unity as a foundation for the ui layer - how stable is that choice?
A company I have a friend at built their mobile app in Unity. It has no 3D or 2D "game" in the traditional sense. It's all just UI screens. But it's all Unity UI.
Apparently it has some non-native feel issues, but it works better than you'd expect. They had a bunch of custom UI components for recycling views and stuff too.
Ah, but they spun off the VFX teams to a separate entity.
> The VFX teams at Weta Digital aren’t included in the deal; instead, they will be part of a standalone entity called WetaFX that will still be majority owned by Jackson
Slightly on topic - has anybody here ever used Unity's WebGL export? Was it viable for your game or real-time 3D app? If not, can you provide reasons why?
I've never understood why browsers let web sites hijack any part of the browser UI. I'm not asking for an explanation, I'm sure there were "reasons" but it's still a bad idea.
There was an article here a couple months ago about the browser's "danger zone", i.e. the area that can be controlled by the website, and how it's changed over time. The context was around the encryption padlock to indicate valid certificates. What I took away is that nothing in a browser can be trusted now.
Indeed, in my experience, hijacking elements like right click, copy, and back/forward buttons is somewhat commonplace. Some browsers are better at avoiding this, but none I've used are immune to hijacking tricks, especially the back button.
When you make an application, it's often useful to create a static identifier of the application state and push it on the back button, so that if the user doesn't like where he is going, he can simply go back.
I don't agree that it's a bad idea. What is bad is the amount of user-hostile sites that get promoted on the web. Those should be silenced, not boosted into mainstream by search engines an social media.
Anyway, browsers can improve the feature by grouping the added links and making it easy for users to ignore them. But innovation on the web got it's last and fatal strike when Firefox killed its original extensions API.
>> When you make an application, it's often useful to create a static identifier of the application state and push it on the back button...
Like I said, I'm sure there are "reasons" for doing it. Put your own "back" button in the application then, don't take MY browser button and reconfigure it. The browser back button should go back in my browser history - including leaving an app, not where some web developer decides it should go. This is a giant security concern introduced for web developer convenience.
All the JS API provides is a way to give the user a savepoint on his history that he can go back to, correlate with others on the browser history, or do whatever he wants.
This is only a security issue because the browser developers want it to be. There's nothing on the standard saying that when you click back, it should go to the previous link inserted by JS, or that there must be a single button for everything, or that every site is treated the same way.
Anyway, removing the quite useful possibility of the browser remembering the history of the usage of an application won't solve the issue of browser innovation being destroyed or of malicious sites using any loophole available to get something out of you. For that we need browsers and basic web infrastructure that are focused on supporting your needs, what the current crop clearly isn't.
> InstallCore was also behind a fake installer for a Windows version of Snapchat, a program that's only ever been available on mobile. It would instead install Android emulator BlueStacks, as well as the usual injection of adware.
This was true in 2015 when the referenced blog post was written.
Nowadays Snapchat is not only available on mobile; there is a web client. Additionally, on Mac OS, there is an officially supported emulation (virtualization?) layer that allows you to run iOS apps (at least in theory; I’ve never tried it).
EDIT: this comment is almost entirely wrong, sorry! I’ll leave it up since people have replied to it. I don’t know why I thought there was a web client - maybe I was thinking of snap map. And I thought that you could run any iOS app on Apple M1, but apparently this is not true. (While I was searching this, I believe I also encountered articles promoting the same malware described in the OP!)
I would be surprised if the iOS emulator can run production Snapchat app. Their policy has been incredibly consistent on where Snapchat should be used (real device, with cameras). Anything else probably will fail the attestation phase.
> InstallCore was also behind a fake installer for a Windows version of Snapchat, a program that's only ever been available on mobile. It would instead install Android emulator BlueStacks
That actually sounds like a _real_ installer for a Windows version of snapchat. Just because they had to use some technical trick to make it work doesn’t mean diddly(if it actually works).
