I am so happy to see all the new apps on the marketplace and I would love to use many of them but no matter how many apps are added and how enticing and valuable they might be for my organization, powers that be will never accept 3rd party applications that have not been verified to be safe.
How do we know that there isn’t a hidden back-door into all of our data or a hidden keylogger when we install an app? There is no way to know and IMHO that sucks.
These are serious issues that I believe Monday.com has to address if the marketplace is going to live up to its potential. I understand that there are liability issues but we are paying good money to use this service and it’s heartbreaking to see all these potential improved work processes go to waste because Monday does not verify the apps.
I do agree there could be more strict security testing, however I don’t agree that nothing is done. The marketplace team does verify apps and do checks
I can agree with this for myself at least. I run my own company, and while I am sure there is a certain level of verification that Monday performs when listing 3rd party apps, I just have trouble justifying the scalability of including 3rd party apps that I give access to my boards and my clients’ information.
At this point, I’d much rather have apps developed by a subcontractor so I am able to know more about the app and who has access to board information. Although it’s more pricey to do so, I feel that it is important for me to be able to build a scalable and secure business model that my clients can trust.
That is an interesting approach @Bastouri. Most of out integration apps (now 7 and counting) started of as custom development for a monday user / partner. To keep the costs low we always discuss with the customer if we can generalize the app. The more generic an app is, the more user can benefit from it…at a low price point.
Another solution is to ask is the developer is willing to share the code so you can do your own inspection what type of call are made to the monday API.
And finally, ask the developer if the use seamless integration (ShortLivedTokens) so there is no need (and associated risk) in storing user access tokens at your developer’s site.
It’s important to note my level of experience on the matter as well. I’m 27 y/o, my industry experience comes mainly from high end furniture retail, and my education is in political theory. What my company does is use Monday to manage the purchasing and tracking of furniture from suppliers on behalf of the retailer (furniture showrooms/interior design firms).
What the above means is that my knowledge of the backend of Monday/3rd party apps is all from a user’s point of view as opposed to a developer’s point of view.
As of right now, I feel like adding 3rd party apps to my workflow may not be 100% scalable and secure. However, I can definitely see that this feeling is likely misplaced due to my lack of experience. I most definitely don’t want to accuse the apps marketplace of being insecure as I do not have enough experience to make such a claim.
As of right now, I just don’t have enough knowledge to help comfort my clients should they inquire about the security implications of 3rd party apps.
I hope that clarifies my perspective a little more, and thank you once again for your response!
