FROM CACHE - en_header
Promotion image

Is there a foolproof method to ensure Shopify apps are secure?

Solved

Is there a foolproof method to ensure Shopify apps are secure?

JohnFl
Visitor
1 0 0
‎05-19-2022 10:17 AM

I recently came across this Reddit post. It has some decent guidance but I am wondering about the part that calls out that Shopify can't make sure all the apps are secure. 

 

https://www.reddit.com/r/shopify/comments/urdw2x/i_run_a_cybersecurity_firm_and_have_some_really/

 

There is a caveat though. Third-Party Apps are just that, third party. While Shopify does strive to ensure that these apps don't introduce vulnerabilities to your store, they can't possibly provide the coverage necessary for a vast ecosystem of Shopify apps.

We don't expect you to perform security audits of Third-Party Apps, but there are a few things you can do to minimize the risk.

  1. Look for apps that have a strong following.

  2. Remove apps you no longer use.

 

Is this true and if so, is there a better way to make sure that the Shopify apps we use are "secure"?

2,025 Views
0 Likes
Report
Accepted Solution (1)

Shay
Shopify Staff (Retired)
3110 472 663
‎05-19-2022 12:10 PM

This is an accepted solution.

Hi @JohnFl,

 

Thank you for sharing your concerns about the security of 3rd party apps on the Shopify platform. Your online store security is immensely important and Shopify takes it very seriously. 

 

All apps that are listed in the app store go through a very rigorous review before being accepted. Our dedicated partner specialists review each app submission to ensure it meets our strict criteria. 

 

 A huge aspect of the Shopify platform is our integrity and the trust our merchants have in us for ensuring their data is safe at all times.  With that in mind, we absolutely do everything we possibly can to make sure all your data is protected and secured every step of the way. The suggestions you quoted about using highly rated apps and removing unneeded ones is great advice, and definitely something that can be applied to both your merchant account and other devices. 

 

Also, Shopify is always on the lookout for platform vulnerabilities and we offer a “Bug Bounty” up to $50,000 USD for anyone that finds a security issue on the platform. We run this through the website Hackerone.com. This service means that our system is always being tested for exploits or vulnerabilities. 

 

The resources I’ve linked below go more in depth on the steps we take and the agreements we have with both partners and merchants when it comes to security and your account. I recommend reviewing them to better understand what the app submission process looks like:

 

 

If you have more detailed questions or aren't finding the information you need, you can always contact our Legal team for assistance at legal@shopify.com.

Shay | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

View solution in original post

1,947 Views
2 Likes
Report
Replies 2 (2)

Shay
Shopify Staff (Retired)
3110 472 663
‎05-19-2022 12:10 PM

This is an accepted solution.

Hi @JohnFl,

 

Thank you for sharing your concerns about the security of 3rd party apps on the Shopify platform. Your online store security is immensely important and Shopify takes it very seriously. 

 

All apps that are listed in the app store go through a very rigorous review before being accepted. Our dedicated partner specialists review each app submission to ensure it meets our strict criteria. 

 

 A huge aspect of the Shopify platform is our integrity and the trust our merchants have in us for ensuring their data is safe at all times.  With that in mind, we absolutely do everything we possibly can to make sure all your data is protected and secured every step of the way. The suggestions you quoted about using highly rated apps and removing unneeded ones is great advice, and definitely something that can be applied to both your merchant account and other devices. 

 

Also, Shopify is always on the lookout for platform vulnerabilities and we offer a “Bug Bounty” up to $50,000 USD for anyone that finds a security issue on the platform. We run this through the website Hackerone.com. This service means that our system is always being tested for exploits or vulnerabilities. 

 

The resources I’ve linked below go more in depth on the steps we take and the agreements we have with both partners and merchants when it comes to security and your account. I recommend reviewing them to better understand what the app submission process looks like:

 

 

If you have more detailed questions or aren't finding the information you need, you can always contact our Legal team for assistance at legal@shopify.com.

Shay | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

1,948 Views
2 Likes
Report

JoshuaGordon
Visitor
1 0 1
‎10-14-2022 12:48 PM

I use https://www.observeid.com/ to secure my sites. Maybe it will help you too.

1,799 Views
1 Like
Report

Community Blog Articles

shopp-e-1741972742895593780274096851.png
Canadian merchants: Update account details by March 24, 2025 to continue us...

Shopify and our financial partners regularly review and update verification requiremen...

By Jacqui Mar 14, 2025
Shopify_0-1741780029041.png
New learning path from Shopify Academy: How to create a digital marketing s...

Unlock the potential of marketing on your business growth with Shopify Academy's late...

By Shopify Mar 12, 2025
CRO-Community-Promo.jpg
Expert insights on conversion rate optimization (CRO) from Shopify Academy ...

Learn how to increase conversion rates in every stage of the customer journey by enroll...

By Shopify Mar 5, 2025
Terms of Service Privacy Policy