Or developers compile a static linux binary for the specific architectures (usual amd64) and just compile all of the dependencies into the app. You download the binary and run it. That used to be how Steam worked, for example, and I assume still does.

I think that what snaps and flatpaks want to do that is "better" than this, is to isolate your system from such applications if they are malicious.