have been looking at a few apps and installing on free trial basis. It seems that stock install allows the app to access your account information and order information. Is there a way to add an app without adding that access?
Shopify Apps are reviewed and approved by Shopify team. Apps should ask access only to the information essentials to support the extra features they provide.
If an app requires access to the account and order information it means that the app need that access, otherwise its features will not work.
This answer is not very satisfying for two reasons:
- How does shopify make sure an app developer does not sell the data to third parties?
Technically, it can’t. - Shopify has a conflict of interests: As you want app developers to provide maximum app performance to improve your shopify platform, you aren’t concerned about the privacy of our shop clients.
- Gathering client data, without requiring it, is against the European DSGVO / GDPR.
If a shop owner only uses some app features, the app developer must not get access to the data, that is not required.
Example: An app that can handle orders and sort products must not get access to the order data, if only the product sorting is used in the shop.
The actual shopify data-sharing concept violates the European GDPR, by providing access to apps just on the basis, that the apps might use that data for some sub-feature.
So far, I really liked shopify for its simplicity. However, as you are losing focus of the data protection of our clients, people will start looking for self-hosted alternatives like magento or else.