Shopify apps are essential for the growth of Shopify stores. They are powerful tools that meet a wide range of needs, including functionality expansion, business efficiency, and customer experience improvement. However, there have always been concerns about the transparency and security of the permissions that apps have to access store data and the activities they perform.

With this in mind, Shopify has made an important update that gives merchants deeper visibility into app activity and permissions, significantly improving the auditability of Shopify apps and giving them even more peace of mind when running their stores.

In this article, we'll delve into what this new Shopify feature means specifically and how it benefits merchants and app developers. We'll explore the latest security measures and trust-building strategies, including Flagship's approach to secure store operations and development.

New Feature Summary: Visibility into App Activity and Permissions

With this update, you can now check the Admin API usage status of installed Shopify apps (which data areas the APIs are using and to what extent) and the change history of current permissions from the Shopify store admin screen . This allows you to judge the health of apps based on concrete data rather than vague concerns.

Specifically, the following information is provided:

• App Admin API Usage: How much the app uses the Admin API for each permission area (orders, customers, products, etc.)
• Permissions change history: A record of when and how the permissions requested by an app have changed.
• Data Privacy Information: Visualization of the scope of sensitive data, such as customer personal information, accessed by the app

Until now, merchants have agreed to a list of permissions when installing an app, but it has been difficult to track post-install activity and permissions that may change over time. This enhancement fills this gap and marks a groundbreaking step in turning "invisible risk" into "visible risk."

Reference: Merchants can now see more details about app activity and permissions

Why is this feature important?

This feature is more than just an additional admin feature. Shopify thrives on an extensive ecosystem, and keeping it safe and reliable is directly linked to the sustainability of the entire platform. This update demonstrates Shopify's strong commitment to further strengthening the security and transparency of its app ecosystem and prioritizing the protection of merchant data.

Tangible benefits for merchants

This new feature offers significant benefits to merchants who operate stores. We will explain its value from three perspectives: enhanced security, compliance, and improved operational efficiency .

1. Strengthening security and risk management

• Early detection of suspicious activity: Regularly checking logs for unintended app activity can help detect unauthorized access or data leakage early on. For example, if an attempt is made to export data at an unusual time, you can immediately detect any abnormalities.
• Respond based on detailed evidence: In the unlikely event of a security incident, detailed activity logs provide important evidence for identifying the cause and developing countermeasures.

2. Strengthening compliance

• Audit Trail: Data privacy regulations such as GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) require companies to keep detailed records of data processing. This new feature helps companies meet legal requirements by providing an audit trail of how their apps access and process data.
• Increased trust: Transparency about app activity involving customer data helps build customer trust.

3. Improving operational efficiency and strategic decision-making

• Quickly identify the cause of problems: When an issue occurs with your store, you can quickly determine whether the problem could be linked to a specific app or other factors by checking the app activity log.
• Tips for selecting an app: When installing a new app, checking in advance what permissions the developer requests and what updates they have made in the past can help you select a safer and more reliable app.

Implications for app developers

This new feature has a significant impact not only on merchants, but also on Shopify app developers: increased transparency presents an opportunity to improve app quality and credibility, contributing to long-term business growth.

1. Improved reliability and competitive advantage

• Building trust through transparency: With merchants now able to see every detail of an app's activity, developers will need to be more transparent about their development and operations. This will help establish a responsible developer brand and be a powerful differentiator from competitors.
• Increased security awareness: The development process fosters a culture of always requesting the least amount of permissions necessary and designing for security.

2. Streamlined debugging and support

• Faster problem resolution: When users contact us with inquiries or report bugs, developers can refer to the store's activity logs to better understand the situation and more efficiently debug and support the issue.
• Clearing misconceptions: Help clear up merchants' misconceptions and concerns about app behavior with concrete log data.

3. Implementing best practices

Developers should be aware of the following best practices:

• Set permissions as strictly as necessary: Set permissions only to the extent necessary for the app's functionality.
• Providing clear explanations when permissions change: If there are any changes to permissions in an app update, clearly communicate the reasons and details to merchants.
• Continuously strengthen security measures: In addition to addressing security vulnerabilities in the app itself, be sure to design it so that logs are properly recorded.

Strategies for getting the most out of new features

To get the most out of this new feature, there are strategies that both merchants and developers should be aware of. We recommend the following approach to take full advantage of this new transparency:

Summary

Shopify's visibility into app activity and permissions is an update that significantly improves security and transparency for Shopify stores, providing merchants with greater confidence in how apps are deployed and run, and strengthening data protection and compliance.

For app developers, this represents an opportunity to gain merchant trust through transparency and establish a competitive advantage. This feature is more than just a technical addition; it marks an important milestone in the evolution of the entire Shopify ecosystem into a more secure and reliable platform.

Flagship will continue to dig into the latest Shopify information and provide practical and strategic support to help our customers succeed in the ever-changing e-commerce environment.

If you have any questions about security or transparency for your store or the app you're developing, please contact us.

Related article (back to the front page) Shopify Security: Golden rules for preventing accidents