When I install an new app from the marketplace ( in this case https://miro.com/marketplace/undraw/ ) it once says something like “this app will have permission to read and write all your boards”.
is it normal for an app that “only” inserts clip art to a board to get these permissions? Shouldn’t it be the other way round: the app only provides the image and trusted Miro adds it to the board?
How can I see / compare permissions of the apps I installed / on the marketplace? ie. how does https://miro.com/marketplace/unsplash/ with similar functionality behave?
Hi Matthias, I can see how this can be unclear, so thank you for your questions!
The Undraw app indeed currently requires permission to read and write to boards in order to add content (stickers) to your boards.
Miro Platform team has in plans to make the permissions more granular, which will be probably something similar to your suggestions.
The team is also adding privacy policies to 3rd party app pages as we get them from developers. Please expect that all apps will have the privacy policy listed on the app pages: https://miro.com/marketplace/scrum-ball-game/
Thank you!
I had the roughly the same question so I hope it is okay if I post a follow-up?
if I understand correctly, all apps and integrations in the market place will have access to all content of our boards and there is no technical barrier to keep them from transmitting the information elsewhere?
I took a quick look at the developer documentation: it seems that Miro scans the apps before they are accepted into the market place. Does this include scanning for potential privacy issues?
Thank you for your help!
Thank you for the questions! Answering inline:
if I understand correctly, all apps and integrations in the market place will have access to all content of our boards and there is no technical barrier to keep them from transmitting the information elsewhere?
Not all apps on the Marketplace have the same permission requirements, but you are right that many of them need the access to your boards in order to function properly.
Note that no apps have access to your board content until you explicitly grant the permission. And this authorization process is enabled for each of the 3rd party apps.
I took a quick look at the developer documentation: it seems that Miro scans the apps before they are accepted into the market place. Does this include scanning for potential privacy issues?
We do initial review all apps before publishing them on the Marketplace and one of the review steps is about security of the app. At the same time, apps are managed and supported by 3rd party developers, so you should always refer to an app privacy policy on the app page.
Please let me know if you have any other questions!