Free Security Tips

Get the knowledge you need to secure your online accounts
so you can rest easy - delivered straight to your inbox.

Are Ecommerce Apps Putting Your Business at Risk? Here's what you need to know

risks of ecommerce apps

Thanks to their open source API, platforms like Shopify and BigCommerce have created entire marketplaces for ecommerce apps that help entrepreneurs increase the functionality of their stores and streamline processes. With over 1800 apps in the Shopify App Store, you can find an app for virtually anything; from email marketing to shipping and fulfillment.

But most ecommerce entrepreneurs don't take into consideration the risks of integrating a 3rd party app to their store. 

An app wrecking havoc in your online store is more common than you think.

In a recent interview on our blog, Ben Hyman from Revival Rugs told us about an integration with a fulfillment app that changed the inventory count on hundreds of their products just days before their launch.

Another example can be found in this interview with Fluff & Familia, whose prices were all wiped as a result of testing a new app integration. 

The security of your online store, and your customers' information, is only as strong as the weakest link. So while you can be sure that Shopify and BigCommerce have very high standards for data security and regularly update their software, you might still be vulnerable due to an app maintained by a single developer.

Luckily, by taking a few precautionary measures, you can continue using your favourite apps and testing new ones while keeping your online store running smoothly. Here's what you need to know.

Understanding ecommerce app permissions

When you install an app to your store, you are asked to allow that app certain permissions, such as to view your products. The type of permissions the app requests will depend on the functionality of the app.

ecommerce app permissions

The most restricted permissions are ‘View’ or ‘See’ data. Permissions to 'Manage' or 'Modify' data provide the app with much more access and ability to modify your data. 

It doesn’t mean that all apps that require permission to manage your data are bad apples. But it does mean that the apps with the most access to your store could modify your data in a way you did not intend.  

Reading reviews and understanding the nature of the app’s request will reduce this risk. Always ask yourself if the app permissions makes sense for the functionality of the app.

For example, when you install the Instagram app to your smart phone, it will request access to your camera and photo album. This makes sense since taking photos and publishing them is a core functionality of Instagram.

If you aren't sure or don't understand the permissions the app is requesting, you should contact the app's creators to request more information before installing.

Let’s look at an example with an ecommerce app.

MailChimp Email Marketing App

Let's say you are installing the MailChimp app from the BigCommerce App Store.

MailChimp for BigCommerce App Permissions

From the image above, you can see that the MailChimp app is requesting the ability to 'View' your store information. All of the information it wants to view is relevant to email marketing campaigns so it makes sense for the app's functionality. It also specifies that it will not be able to access your password. Lastly, the app has a significant number of positive reviews in the app store.

Verdict: Low risk. Safe to install.

Contrast this experience to that with installing the MailChimp app from the Shopify App store. You’ll notice below that the permissions are to “See” and “Manage” rather than just “View”.

MailChimp for Shopify App Permissions

“Manage” is Shopify’s way of saying the app may modify them, and when apps can modify them, that includes accidental deletion.

Verdict: Potential risk. 

It’s for this reason that you need to be cautious about installing apps that can view and modify your store content - you are granting the app the permission to modify or delete items in your store. And if you don’t have a backup, then you may be recreating your store from scratch.

In this case, MailChimp is a trusted company and has hundreds of positive reviews in the Shopify app store, so we’ve deemed it safe to install and grant those permissions.

MailChimp for Shopify App Reviews

How to determine if an app is safe

Research, research, research to determine whether the risk of installing an app on your store is worth the benefit.

Here is a checklist to determine whether an app is trustworthy:

1. How many reviews do they have?

2. Do they have a rating between 4-5 stars?

3. Is the app developed by a company or a single developer?

4. Does the company have a 1-800 number that you can call?

5. Does the company publish their contact information? 

6. Do the requested app permissions make sense?

MailChimp’s 750 reviews, 4.5-star rating, and past positive experience were all factored into the decision to go ahead and install the MailChimp app. 

What to do if an app deletes your data

Most people are surprised to learn that Shopify, BigCommerce, or any other ecommerce platform cannot restore deleted data from your individual account. The disaster recovery backup that they maintain is only used to restore the entire platform in case of a disaster on their end, such as a server crashing. Neither you nor their support team can access this backup to recover data from an individual account.

That's why it's crucial to backup your online store yourself.

In the case of Revival Rugs and Fluff & Familia, it took the founders hours of work to rewrite the data that was deleted. Not only was it a waste of time, but it also prevented them from processing new orders until the problem was fixed.

Not wanting to go through that experience again, they now both use Rewind to automate a daily backup of their online store. The backup allows them to instantly restore deleted items (such as products, blog posts, orders, images) or rewind their entire store to a previous point in time. 

"Rewind has honestly been a godsend to us. It’s quick, but what’s even nicer is that it’s very easy to use. We’ve actually had to perform a rewind since installing the App into our store, and the difference it makes in resolving any and all issues that come our way is astounding." - Ben Hyman, co-founder of Revival Rugs.

Backup Shopify with Rewind Backup BigCommerce with Rewind

Using eCommerce Apps Safely

Almost every online store today uses ecommerce apps to grow their business. But no software is completely immune to bugs, mistakes, and malicious attacks. Taking a few extra minutes to research the apps and making sure you have a backup is a small investment that could end up saving you hours, if not days, of work. 

Rally Stanoeva

Written by Rally Stanoeva

Rally is a digital marketer specializing in eCommerce and SaaS. She’s the Head of Marketing at Rewind, the automatic backup solution for Shopify, BigCommerce, and QuickBooks Online.

Rewind securely backs up your online data helping you recovered deleted items and undo changes easily. Get peace of mind with Rewind. Available for:

Shopify

BigCommerce

QuickBooks

Popular Posts