Salesforce.com to impose massive fee hike for app store security review
Salesforce.com is raising the cost of an initial security review for paid applications in its AppExchange store from US$300 to $2,700, saying the hike will allow it to deliver the reviews much faster.
“At Salesforce.com, trust is our number one value,” Salesforce.com senior vice president Ron Huddleston wrote in an official blog post this week. “The high standards that we set for ourselves, and that our customers absolutely expect, extend to our thriving partner ecosystem through the mandatory enterprise-grade security review for all AppExchange apps.”
Beginning Sept. 1, the price hike will kick in for all new paid applications, Huddleston wrote. It will still cost $150 per year to list an application on the AppExchange and those offered free of charge won’t be affected by the price change, he added. The fee for applications already in the review queue will remain at $300.
In addition, “all of the revenue from the price change will be reinvested back into the review process,” Huddleston said.
Salesforce.com has seen an exponential rise in the number of applications submitted for review, according to Huddleston. “With these changes, we are able to dedicate more resources to the security review process, significantly reducing wait times for partners with apps in security review while also delivering the security and trust our customers expect.”
The vendor also plans to give partners “more education around the importance of security and trust, actively promoting security and trust throughout the technical design process, and increased operational support to prevent unnecessary delays during security review,” he added.
Apart from the security review fee, Salesforce.com also charges developers either 15 percent or 25 percent of net revenue derived from their applications, depending on the model they choose.
Huddleston’s blog post quickly drew replies from posters identifying themselves as Salesforce.com developers.
“As a developer on the cusp of pushing an application to security review, this is a bit disappointing,” one wrote. “I’m afraid the up front costs will drive a lot of imaginative people elsewhere. Maybe this is a knee jerk reaction but this is rough.”
But some level of fee increase makes sense, as “it would serve as a healthy filter,” another poster wrote. “It would seem sensible to have a modest increase of 2x or 3x for 100% native apps and perhaps the 9x increase for hybrid apps and those that connect to non-Salesforce systems.”
However, the cost of a security review “should be commensurate with the level of effort,” the poster added. “From what I can gather from logs, the security review of our most recent native app took about 3 hours.”
Salesforce.com will devote “every dime” collected through the increased fees to security testing resources, Huddleston wrote in a reply. “It’s not revenue generating. It’s about a better service. Full stop.”
The fee hike doesn’t seem like “a big deal,” given that $300 may not even cover the actual cost of a security review, said analyst Ray Wang, CEO of Constellation Research.
Rather, that level amounts to loss-leader pricing, with Salesforce.com taking a hit in exchange for increasing the volume of applications in the store, he said.
“With any ecosystem, you take two approaches,” Wang added. “One, open as much as possible: Invite everyone in and see who filters up to the top.”
“Option two, you go with exclusive, highly focused, very deep partnerships and the certification process is much more rigid,” Wang said. “Both approaches work depending on your objective.”
Moreover, at some point those pursuing an exclusive approach realize they may need to be more open, while those taking the open strategy start seeing the value of being more selective, he added.
There were 1,878 applications listed on the AppExchange website as of Friday, with 56 percent of them paid and the remaining 44 percent offered at no charge.
Forty-one percent were classified as related to sales, followed by 22 percent for IT and administration and smaller numbers for finance, marketing and collaboration.
Partners who build applications for the AppExchange gain access to APIs (application programming interfaces) they can use to connect their products with Salesforce.com’s software for CRM (customer relationship management) and other areas.
Updated at 8:48 a.m. PT with analyst comment.