Thanks to their open source API, platforms like Shopify and BigCommerce have created entire marketplaces for ecommerce apps that help entrepreneurs increase the functionality of their stores and streamline processes. With over 1800 apps in the Shopify App Store, you can find an app for virtually anything; from email marketing to shipping and fulfillment.
But most ecommerce entrepreneurs don’t take into consideration the risks of integrating a 3rd party app to their store.
An app wrecking havoc in your online store is more common than you think.
In a recent interview on our blog, Ben Hyman from Revival Rugs told us about an integration with a fulfillment app that changed the inventory count on hundreds of their products just days before their launch.
Another example can be found in this interview with Fluff & Familia, whose prices were all wiped as a result of testing a new app integration.
The security of your online store, and your customers’ information, is only as strong as the weakest link. So while you can be sure that Shopify and BigCommerce have very high standards for data security and regularly update their software, you might still be vulnerable due to an app maintained by a single developer.
Luckily, by taking a few precautionary measures, you can continue using your favourite apps and testing new ones while keeping your online store running smoothly. Here’s what you need to know.
Understanding ecommerce app permissions
When you install an app to your store, you are asked to allow that app certain permissions, such as to view your products. The type of permissions the app requests will depend on the functionality of the app.
The most restricted permissions are ‘View’ or ‘See’ data. Permissions to ‘Manage’ or ‘Modify’ data provide the app with much more access and ability to modify your data.
It doesn’t mean that all apps that require permission to manage your data are bad apples. But it does mean that the apps with the most access to your store could modify your data in a way you did not intend.
Reading reviews and understanding the nature of the app’s request will reduce this risk. Always ask yourself if the app permissions makes sense for the functionality of the app.
For example, when you install the Instagram app to your smart phone, it will request access to your camera and photo album. This makes sense since taking photos and publishing them is a core functionality of Instagram.
If you aren’t sure or don’t understand the permissions the app is requesting, you should contact the app’s creators to request more information before installing.
Let’s look at an example with an ecommerce app.
MailChimp Email Marketing App
Let’s say you are installing the MailChimp app from the BigCommerce App Store.
From the image above, you can see that the MailChimp app is requesting the ability to ‘View’ your store information. All of the information it wants to view is relevant to email marketing campaigns so it makes sense for the app’s functionality. It also specifies that it will not be able to access your password. Lastly, the app has a significant number of positive reviews in the app store.
Verdict: Low risk. Safe to install.
Contrast this experience to that with installing the MailChimp app from the Shopify App store. You’ll notice below that the permissions are to “See” and “Manage” rather than just “View”.
“Manage” is Shopify’s way of saying the app may modify them, and when apps can modify them, that includes accidental deletion.
Verdict: Potential risk.
It’s for this reason that you need to be cautious about installing apps that can view and modify your store content – you are granting the app the permission to modify or delete items in your store. And if you don’t have a backup, then you may be recreating your store from scratch.
In this case, MailChimp is a trusted company and has hundreds of positive reviews in the Shopify app store, so we’ve deemed it safe to install and grant those permissions.
How to determine if an app is safe
Research, research, research to determine whether the risk of installing an app on your store is worth the benefit.
Here is a checklist to determine whether an app is trustworthy:
1. How many reviews do they have?
2. Do they have a rating between 4-5 stars?
3. Is the app developed by a company or a single developer?
4. Does the company have a 1-800 number that you can call?
5. Does the company publish their contact information?
6. Do the requested app permissions make sense?
MailChimp’s 750 reviews, 4.5-star rating, and past positive experience were all factored into the decision to go ahead and install the MailChimp app.
What to do if an app deletes your data
Most people are surprised to learn that Shopify, BigCommerce, or any other ecommerce platform cannot restore deleted data from your individual account. The disaster recovery backup that they maintain is only used to restore the entire platform in case of a disaster on their end, such as a server crashing. Neither you nor their support team can access this backup to recover data from an individual account.
In the case of Revival Rugs and Fluff & Familia, it took the founders hours of work to rewrite the data that was deleted. Not only was it a waste of time, but it also prevented them from processing new orders until the problem was fixed.
Not wanting to go through that experience again, they now both use Rewind to automate a daily backup of their online store. The backup allows them to instantly restore deleted items (such as products, blog posts, orders, images) or rewind their entire store to a previous point in time.
“Rewind has honestly been a godsend to us. It’s quick, but what’s even nicer is that it’s very easy to use. We’ve actually had to perform a rewind since installing the App into our store, and the difference it makes in resolving any and all issues that come our way is astounding.” – Ben Hyman, co-founder of Revival Rugs.
Using eCommerce Apps Safely
Almost every online store today uses ecommerce apps to grow their business. But no software is completely immune to bugs, mistakes, and malicious attacks. Taking a few extra minutes to research the apps and making sure you have a backup is a small investment that could end up saving you hours, if not days, of work.