When Shopify merchants use apps from the Shopify ecosystem, they are entrusting developers with critical tasks to run their businesses. Maintaining a reliable and trustworthy app marketplace is a top priority. We need to make sure that every app and developer meets our high standards—and if they don’t, that sometimes means making the tough decision to remove the app from the app store and in some cases our platform.
Recently, there have been discussions in partner community groups expressing confusion about the methods we employ to keep our ecosystem safe for merchants. We’re listening to all of the feedback and want to share more about our enforcement process with you.
What happens when apps can’t meet our requirements
Making sure every app in the Shopify ecosystem is reliable starts with setting expectations. Developers must adhere to the terms of our Partner Program Agreement, and every app in the Shopify App Store has to meet a list of requirements before it can be listed and available for installation.
Some of these requirements are technical, like making sure merchants can easily install and use the app. Others are functional: does the app do what the developer says it does? Will it slow down a store? Is it secure? As a developer, you’re expected to be familiar with these standards and meet them in every step of building and maintaining your app
When a developer fails to meet our standards, our Partner Governance team will reach out to the developer to communicate the issue, sending to the developer's email associated with the account. The email will be from firstname.lastname@example.org and the subject line will include verbiage like “[IMPORTANT] Your app is under review” or “[IMPORTANT] Your account is under review.”
This communication can entail a request to update the app to meet requirements within a given timeframe or a temporary unpublish until issues are resolved. For repeated issues or more serious violations, like buying fake reviews, it might result in terminating a partner account.
Unpublishing an app is different from permanently removing the app from our platform—an unpublish removes the app’s visibility from the Shopify App Store and prevents new installs. Whenever possible, we give developers an opportunity to rectify the issue and send emails that outline the steps necessary to get re-listed on the Shopify App Store.
If it’s not possible to rectify the issue, if the developer hasn’t communicated back to Shopify, or if it’s a repeated offense, the app may be terminated from the Shopify App Store for good. If the risk is high enough, a partner account might also be terminated—and that means a developer would be unable to create future apps.
Deciding to terminate an app isn’t an easy decision, and we take it seriously because it often means disruptions for merchants. Shopify gives merchants notice if any of their apps are going to be terminated and offers alternatives for installation.
Shopify’s App Audit team reviews apps regularly and sometimes removes cohorts of apps at once as part of that review. We know developers often make updates to their apps and listings, and these changes can end up making their app non-compliant. Sometimes this is unintentional, and we can work with you to resolve these issues.
Now, let’s look at a few more of the tools we use to ensure the quality of the ecosystem.
We scan our app ecosystem regularly to ensure minimum requirements are being met. Some of these scans are automated, based on certain criteria that are easy to detect and take action on, like whether or not an app is failing an OAuth check and unable to be installed by merchant stores. When we detect something like this, we delist the app, which triggers an email to the developer alerting them to the issue and requesting they solve it.
Once the issue is resolved, the app will be listed on the Shopify App Store again. Automatic, immediate unpublishes like this are rare and used only in instances where an app isn’t functioning properly, or negatively impacting our merchants.
Fraud and abuse investigations
Like any online platform, Shopify has to confront bad actors attempting to abuse systems for profit or to commit fraud. The Partner Governance team has seen a number of scenarios over the years and works diligently to prevent as much of this abuse as possible.
Some of our detection methods are algorithmic, others are manual, and some are community sourced, such as submission to the Report a Partner Violation form.
Unfortunately, we often can’t share specific details of an infraction without compromising an investigation. We understand that this can be frustrating but we can’t risk the safety and security of merchants or our marketplaces.
Why this matters
Maintaining a reliable and trusted app marketplace that Shopify merchants can depend on to build a world-class tech stack is vital to making commerce better for everyone. When apps violate policies and standards, we risk losing trust in our marketplace and have to do what’s best for the entire ecosystem.
Developers are an essential part of Shopify’s long-term success, so we take all of your concerns seriously and want to provide as much transparency into our quality and review processes as possible. Thank you for helping us create the world’s safest app ecosystem for commerce.