ISVforce Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Submit a Mobile App for Security Review

Most of the requirements that apply to client apps will apply to mobile apps, and some that apply to web apps will apply depending on how the app is built. These are typical scenarios:
  • The mobile app has a Force.com component which sits on the customer's organization. The Force.com component should be a managed package and follow the security review process for a packaged app.
  • The mobile app only uses APIs for communicating with Salesforce. In this case, follow the process for an API-only app for security review.

For testing, we ask that you provision us an app for all the platforms you plan to distribute. We can accept a test flight or ad-hoc deployment for iOS, and for other platforms we can accept the app in a file (.APK, COR etc.) Similar to that for a composite app, if there are callouts to anything other than Salesforce, we ask for a Burp report. If the mobile app has a web component even optionally, a Burp report is required.

As with any other app:
  • A listing for your app should exist on the AppExchange.
  • The AppExchange listing should be linked to your APO.