It's a closed source, proprietary app that has spyware disclosed in the TOS (section 6.4). The method of installation is mostly irrelevant in light of that.
In short, you need to be careful how you package and distribute software (including updates) for a couple reasons related to security. Many distributors doesn't do it properly, but thankfully companies such as Apple and Microsoft are starting to be more strict about what you can run on their operating systems, requiring the developer to notarize the application, or have to ask the user to by-pass the safety mechanism.