Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/grokify/app-stores-guide

Information on various App Stores and Marketplaces.
https://github.com/grokify/app-stores-guide

Last synced: 5 months ago
JSON representation

Information on various App Stores and Marketplaces.

Awesome Lists containing this project

README 

          
# App Store Review Process



1. [Apple](#apple)

1. [Atlassian](#atlassian)

1. [HubSpot](#hubspot)

1. [Salesforce](#salesforce)

1. [Slack](#slack)

1. [Zendesk](#zendesk)

1. [Zoom](#zoom)



## Apple



1. [App Store Review Guidelines](https://developer.apple.com/app-store/review/guidelines/)

1. [Inside Apple’s team that greenlights iPhone apps for the App Store](https://www.cnbc.com/2019/06/21/how-apples-app-review-process-for-the-app-store-works.html)



## Atlassian



1. [App approval guidelines](https://developer.atlassian.com/platform/marketplace/app-approval-guidelines/)



### Security



> Publish a security statement: Cloud apps require a published security statement to be listed in the Marketplace. Here's the [Cloud Security Statement](https://www.atlassian.com/trust/security/security-practices#continually-improving) as an example.



https://developer.atlassian.com/platform/marketplace/app-approval-guidelines/



## HubSpot



1. [Getting certified in the App Marketplace](https://developers.hubspot.com/docs/api/certification-requirements)



### Security



> Asking users to copy and paste HubSpot OAuth authorization codes or account API keys is prohibited. Not only does this add friction to the setup process, it’s a security liability.



## Microsoft



1. [10 app store principles to promote choice, fairness and innovation](https://blogs.microsoft.com/on-the-issues/2020/10/08/app-store-fairness-caf-interoperability-principles/)

1. [Microsoft hits out at Apple with its new Windows app store policies](https://www.theverge.com/2020/10/8/21507682/microsoft-apple-app-store-policies-principles-list)



## Salesforce



1. [Security Review Overview](https://partners.salesforce.com/s/education/appinnovators/Security_Review)

1. [What this AppExchange Partner did to Pass Security Review the First Time](https://medium.com/inside-the-salesforce-ecosystem/what-this-appexchange-partner-did-to-pass-security-review-the-first-time-16a0a5cbd1ba)

1. [How To Pass Salesforce AppExchange Security Review](https://magicforce.co/blog/how-to-pass-salesforce-appexchange-security-review/)



### Security



> How to Prepare for Security Review

> 

> 1. Complete two Trailhead modules: 

> 

> * [Develop Secure Web Apps >](https://trailhead.salesforce.com/en/content/learn/trails/security_developer)

> * [AppExchange Security Review >](https://trailhead.salesforce.com/en/content/learn/modules/isv_security_review)

> 

> 2. Speak to a partner recruitment representative to confirm that your solution is fully enrolled and contracted into the [AppExchange Partner Program >](https://partners.salesforce.com/s/education/appinnovators/AppExchange_Partner_Program)

> 

> 3. Access the Partner Security Portal to:

> 

> * Run the static code analysis scanner, Checkmarx, on your Salesforce package components to check for any preliminary vulnerabilities.

> * Run web app scanners Chimera or ZAP (https://security.secure.force.com/security/tools/webapp/zapbrowsersetup) (a web app scanner if you do not own the external domain) on the external component of your solution. Please note that these scans do not catch everything. You must perform your due diligence in manual testing to ensure secure development.

> * Book submission-related or technical office hours for security review. 

> 

> 4. Watch the security review wizard walk-through demo below.

> 

> [Learn more about the security review process in the ISVforce Guide >](https://developer.salesforce.com/docs/atlas.en-us.packagingGuide.meta/packagingGuide/security_review_guidelines.htm)



[Security Review Overview](https://partners.salesforce.com/s/education/appinnovators/Security_Review)



## Slack



1. [Slack App Security Review](https://api.slack.com/security-review)



### Security



> We reserve the right to perform the following on the applicable parts of your application:

> 

> * Automated web application security scanning

> * Automated network security scanning

> * Manual verification of proper authentication scope requests to ensure least-privilege design

> * Manual testing of functionality for security vulnerabilities and misuse

> * Manual architecture review of your application

> * Ask you follow-up questions about functionality



## Zendesk



1. [Publish your app or theme](https://developer.zendesk.com/apps/docs/publish/submit_your_app)



## Zoom



1. [Submission review](https://marketplace.zoom.us/docs/guides/publishing/app-submission/submission-review)

1. [Security](https://marketplace.zoom.us/docs/guides/publishing/security)



### Security



> Security and compliance review

> 

> All Zoom Marketplace apps are subject to a security and compliance audit encompassing a multi-part review intended to maintain customer security, integrity and resilience of the ecosystem as a whole.

> 

> Once you have submitted your app for review, after a successful functional review and prior to the publication of your app on the Zoom App Marketplace, the App Security team at Zoom will conduct a security and compliance review of your app.

> 

> The App Security team may, in its discretion, communicate with you regarding changes that you might have to make in order for your app to pass the security review; provided, however, that the results of the security review are confidential and may not be shared with third parties without Zoom’s prior written consent. Your app will not be approved on the Zoom App Marketplace unless it passes the security and compliance review. Learn more about our security best practices [here](https://marketplace.zoom.us/docs/guides/publishing/security).

> 

> ...