+ Start a Discussion
JeriMorrisJeriMorris 

Is a Security Policy necessary for native apps?

I'm developing a native application that I intend to offer via the AppExchange. It's purely on the Salesforce platform (no call-outs or call-ins), but does include Visualforce and Apex.

 

When my app is submitted for security review, do I have to provide the kind of documented Security Policy described on http://wiki.developerforce.com/index.php/Requirements_Checklist? That link describes the Security Policy in a section  titled "Client (Desktop) and Composite (Hosted) Applications" -- I'd like to confirm that it doesn't apply to native apps.

 

Thanks!

Client (Desktop) and Composite (Hosted) Applications

Best Answer chosen by Admin (Salesforce Developers) 
aalbertaalbert

I do not believe that is needed for a native app.

All Answers

aalbertaalbert

Yes, any application listed on the Appexchange must pass the Security Review. More information here: Link

JeriMorrisJeriMorris

Thanks, Andrew! I wasn't asking about the security review as a whole, but rather the part of the security review that includes providing a Security Policy document for Salesforce to review. It's not clear to me whether that Security Policy document is required for all security reviews, or only for reviews for apps that involve call-ins or call-outs from/to external systems.

 

aalbertaalbert

I do not believe that is needed for a native app.

This was selected as the best answer