What is Slack reviewing when a new app is submitted to the App Directory?
Apps submitted to be listed in the App Directory are reviewed with our guidelines in mind. During a review, our team installs each app to test whether it functions as described in the accompanying documentation. We also determine whether the scopes requested are required for the app to function as intended.
As part of the review, we test an app’s endpoints for TLS and request signing verification to validate requests coming from Slack. We do not perform code reviews during submission. In some instances, additional testing, including penetration testing, is performed at Slack’s discretion. Reports from that testing are only shared with the developer of the app.
If an app is updated, does the developer need to resubmit the app for approval?
Developers must resubmit apps for review whenever they make changes to their app’s Slack-side configuration, including adding scopes or new platform features. For new scopes to take effect, the app must be reinstalled. Developers are able to make updates and changes to their app’s functionality and API usage within the boundaries of their previously reviewed scopes and configuration without resubmitting for review. For this reason, when reviewing apps before installation or approving additional scopes, please ensure that you are comfortable with the level of access that the app’s requested scopes will grant the application.
Where can I find information about an app’s security and privacy practices?
Information about an app’s security and privacy practices is listed in the security and compliance tab on its App Directory listing page. Developers submit this information as part of their app review and self-certify that it is accurate and truthful. For further detail about an app’s security practices, we recommend getting in touch with the developers directly. You can find their contact information on their app listing page. In some cases, developers have pen test results available upon request, as shown in their app’s security and compliance tab.
How should I manage app approvals for my workspace?
One last thing
Please note that the review is a snapshot in time of the app functionality. If you encounter any apps listed in the App Directory that are not functioning as expected or which may be breaking our terms of service, please contact us at firstname.lastname@example.org.