Shopify Apps - Major Privacy Concerns / Issues

Highlighted

I've developed an app and work with merchants on theme customization, installation, store development, etc, and can attest to two things:

  1. It's possible to ask for API scope to do just about anything in Shopify which Shopify can do itself
  2. All apps go through an app review process prior to publication in the app store and apps are usually scrutinised very closely; my own app was rejected because I had accidentally left on a scope (set of permission requests) which the app didn't need. The Shopify QA team identified that my app didn't need it and queried the scopes (correctly). I can only assume that this experience is the same for every app, though perhaps there are apps in the store which haven't been inspected as thoroughly.

To give this more context, my app was published late last year, so the QA process for this was recent and relevant. I can't speak for the process and app approval for earlier apps.

 

It should also be added that some scopes might seem odd to the merchant but for the developer are essential in order to be able to query something about, say, an order (an earlier example was for an 'order in the next 30 mins for next day shipping' app) - that app should have access to the orders api in order to know when an order was placed and therefore apply a shipping rule - however, in that comment it would appear that the app developer doesn't use that scope and this surprises me - given my own experience I have no clue how that managed to get through review and was accepted to the store.

 

I will echo the comment from earlier in closing - if you think an app is asking for too many permissions then:

  • Don't install it
  • Email the developer and ask why they need those scopes

That final point is also important; many (most?) app developers are honest people trying to make the Shopify experience better for merchants and, with any luck, generate some revenue in the process. If they fall into this category then developers will be more than happy to explain the scopes they request for the app, and why they need them. If the dev is reluctant to answer, don't install; if they answer and you don't like what they say, don't install.

 

If privacy is a major issue for you there's a final solution: hire a Shopify developer to create custom functionality for you. Much of what apps do can be done without the need for one, but apps offer convenience, ease of use, and repeatability. Apps which integrate with external software will be absolutely required, otherwise how do you bridge between Shopify and any other platform? Fall back to the comment above and use best judgement as to the app, and its developer's, credibility and honesty.

 

Finally, Shopify is a great platform. We've worked with lots of different e-commerce platforms and, hands down, I'd recommend Shopify to online retailers every day of the week for an online store.

 

Gary.

4 Likes
Highlighted
Tourist
6 0 5

Gary,

 

Thank you for that input. It is reassuring to hear and understand that side of it a bit more.  While I do understand what you say, the apps I was looking at were very simple such as a sticky top and one was a message on product page "added to cart" when added and one other small non essential.  These wanted customer info inclusive of their addresses, emails, phone, order amounts, items of order.  To realize this was unnerving.  

 

I agree Shopify is a great and safe platform and the vast majority of developers are amazing folks/companies.... but it just takes a few shady characters to cast a shadow on the good.

 

 

0 Likes
Highlighted
Tourist
3 0 0

I'm new to Shopify after previously using Joomla.  Came over Shopify as wanted a slick cart function rather than using VirtueMart in Joomla. Wondering now if I've made the right decsion to move away from Joomla.

Based in UK. Went to install a Cookie Bar app to be GDPR compliant. I want to raise this with Shopify, but as new, don't know how or where to.

Shocked to see the following and obviosuly removing the app:

App permissions

This app has access to the following personal information:

  • Blog commenter e-mail addresses, IP addresses, and browser user agents
  • Customer names, e-mail addresses, phone numbers, physical addresses, geolocations, IP addresses, and browser user agents

This app can access and modify your store‘s data:

  • Modify store content like articles, blogs, comments, pages, and redirects
  • Modify theme templates and theme assets
  • Read customer details and customer groups
  • Modify script tags in your store's theme template files
  • Read orders, transactions, and fulfillments
  • Read store content like articles, blogs, comments, pages, and redirects
  • Read theme templates and theme assets
  • Read script tags in your store's theme template files
0 Likes
Highlighted
New Member
1 0 1

I made a forum account (a rare move for me) just to agree with you.

 

If apps are asking for permissions they don't need it is because:

a) The permission system isn't granular enough

b) The permission system isn't partitioned correctly

c) They want your information illegitimately. 

 

I think everyone can agree, all 3 scenarios are Shopify's responsibility.

 

@Shopify care to comment?

1 Like
Highlighted
Shopify Partner
129 2 25

Before apps can be approved on the App Store, Shopify do check that they only require the minimum permissions for the purpose of the app.

That being said, once an app is approved it is technically possible to change the app to request further permissions without verification from Shopify.

When installing an app, it will show the permissions required before you accept it.

If you are suspicious that the app doesn't require a certain permission scope then you should report it to Shopify.

Requesting permission scopes that are not required for the app to function is a breach of the API License and Terms of Use.

Try the best recent order app for Shopify free for 7 days: https://apps.shopify.com/recently
0 Likes
Highlighted
Excursionist
17 0 7

>>Before apps can be approved on the App Store, Shopify do check that they only require the minimum permissions for the purpose of app<<

What you said is incorrect.  There is NO monitoring of this.  The app developer need is supposed to follow this by rule, but they are on the “honor” system.  Shopify “sometimes” checks later, probably after savvy users complain.  But an app developer frequently adds access to orders when they do not need it.  You can see proof of this when installing apps.  Only some apps that get Orders access say when installing “Shopify has checked and verified that this app needs access to the Orders Module”.  But most apps do not say this, meaning they have not been checked or reviewed.  It is a major vulnerability.

>>If you are suspicious that the app doesn't require a certain permission scope then you should report it to Shopify.<<

This is not an easy thing to do.  Shopify has not been vigilant on this.  If you contact support, they are not trained to handle this.  They don’t know where to direct you and they don’t have a solution.  You need to push and push and push until they agree to find the right department to complain to.  You also must ask for a response from the department that should handle this.  A few times in the past, I complained about a few apps where the apps ended up dropping the requirement for the unnecessary Orders access.  Another resolution which doesn’t work every time, is to continue installing the app, and then making 100% sure that their app doesnt need the access and then deleting the app and giving them a 1 star review saying “Beware - this app gets access to your orders and the functionality doesn’t need it.  Then they reply to you immediately and you can choose to delete the app, if they have a good answer.

0 Likes
Highlighted
Shopify Partner
129 2 25

@Leffrey wrote:

>>Before apps can be approved on the App Store, Shopify do check that they only require the minimum permissions for the purpose of app<<

What you said is incorrect.  There is NO monitoring of this.  The app developer need is supposed to follow this by rule, but they are on the “honor” system.  Shopify “sometimes” checks later, probably after savvy users complain. 

No you are incorrect. Our latest app was rejected on the first submission last month because we accidentally forgot to remove a scope from testing that wasn't required. I suppose it depends on the vigilance of the tester but they do check.


@Leffrey wrote:

>>If you are suspicious that the app doesn't require a certain permission scope then you should report it to Shopify.<<

This is not an easy thing to do.  Shopify has not been vigilant on this.  If you contact support, they are not trained to handle this.  They don’t know where to direct you and they don’t have a solution.  You need to push and push and push until they agree to find the right department to complain to.  You also must ask for a response from the department that should handle this.  A few times in the past, I complained about a few apps where the apps ended up dropping the requirement for the unnecessary Orders access.  Another resolution which doesn’t work every time, is to continue installing the app, and then making 100% sure that their app doesnt need the access and then deleting the app and giving them a 1 star review saying “Beware - this app gets access to your orders and the functionality doesn’t need it.  Then they reply to you immediately and you can choose to delete the app, if they have a good answer.


Your right in that Shopify Support are generally not very good. There will be a department for this I'm sure and submitting your concerns to the right people is definitely something they could improve upon.

I don't think not understanding how an app works warrants giving it a 1 star review. If you are not sure why an app requires a certain permission scope then contact the developer for an explanation. Apps can have hundreds of installs and uninstalls every day. Installing and uninstalling an app won't trigger any sort of notification to the developer but a review will. If you don't get a satisfactory response from the developer then you should definitely pursue it with Shopify support. 

Try the best recent order app for Shopify free for 7 days: https://apps.shopify.com/recently
0 Likes
Highlighted
Tourist
6 0 5

At the end of the day the end result is when I installed simple apps it gave me a message of what that app would have access to and my jaw dropped. What who is doing and not doing is just a bunch of hoop la.  These messages when downloading clearly were enough to have my jaw drop and cancel the install.  It is a joke and Shopify can spin out their words on it but again at end of day what these apps state they will access is crazy.  For example, why would a banner app need my customer data inclusive of their address and phone numbers?   Really?

1 Like
Highlighted
Shopify Partner
129 2 25

@RoadToSuccess What’s the banner app?

Try the best recent order app for Shopify free for 7 days: https://apps.shopify.com/recently
0 Likes
Highlighted
Excursionist
17 0 7

1. Then yours was random.  We have 12 apps that we developed and a new one last month.  None of them were ever rejected and we sometimes leave a scope in there for future use, while not being used today.  I remain on this point.  And over developers frequently admit that their app does not use that scope at the time.  If yours was really rejected, then it was random or you had some other red flag.

2. The 1-star and revealing rating is enough every time to prompt them to address this.  And like I said, if it is a warranted scope, then I remove the review.  But if it is not warranted, then in my opinion, it is deserved.  It is espionage.  I take this seriously.  That is why I am in this thread.  It is a low and dirty practice to spy on the customer for their own personal business reasons.  No app in the store should be spying on its users. It is unacceptable.  And people need to know when it is happening. If they choose to continue spying, then that review will warn others.  Even if the developer is crooked and wouldn’t normally fix their scope from messages without a review, many would change it just to get rid of that review. I would remove the review when they prove that they need it for functionality or when they remove the scope....it is simple. 

0 Likes