GemPages is one of the most popular landing page builders for Shopify. The app has over 30 000 merchants, 2 000 reviews with average rating of 4.9 stars. So it's definitely one of the largest app on the app store – or was to be precise.
Why was GemPages app delisted and what happened?
Unfortunately, during May 2021, the popular app disappeared from the app store. We have found a statement from GemPages team on their Facebook page saying:
Although, it's not clear what exactly happened it sounds pretty serious. The more detailed post on the GemPages community group mentions some "Mailchimp API incident" and "security breach". There is also a dedicated page Mailchimp API Exposure in the company's help center providing more details. Having the app delisted for almost 6 months is a major hit for any app developer.
If you try to visit the original app store URL, you will only see this message: "GemPages Page Builder is not currently published on the Shopify App Store. If you have support questions, contact GemPages Page Builder directly."
Interview with Jean-David from GemPages
To get more details we got in touch with Jean-David Dos Santos, Growth Marketing Manager at GemPages. He was really helpful and answered all our questions below.
- In your community post, you mentioned a security breach. Do you have any evidence of an actual breach? If so, could you please clarify what information has been exposed and how many merchants were affected?
This is a potential security breach from the Mailchimp Newsletter element, but no actual breach is committed. The public API key is printed on the frontend of the pages, which resulted in the exposure of the email list recorded by the element. Approximately 3,000 stores are using the Mailchimp element, and we’ve manually updated and tested the secured API key.
- Is there any way how to install GemPages outside of the Shopify App Store?
Unfortunately, we are Shopify-exclusive, so there are no way to install the app outside the Shopify App Store. Shopify not only unlisted but also disabled installations.
- Are existing users of GemPages somehow affected, or should they be worried? How do they see the situation?
There is no direct effect to existing users as no actual breach occurred and the app is working as normal. There is a slight inconvenience when users cannot reinstall after uninstalling the app. However, the incident raised us caution about data security and we are doing everything in our power to enhance security with internal and external inspections.
- Having the app delisted from the app store for 6 months is probably a big challenge for your company. What are your plans and focus in these 6 months?
Yes it is a challenge as we cannot welcome new customers. However, as stated in our latest announcement, we will be allocating all resources to support current customers. This means: more features, elements, templates, and integration, app interface improvements, outstanding customer service, and heightened information security. All these efforts also point toward better GemPages when we are back in November!
What are the alternatives?
Apparently, the delisting doesn't have any impact on the existing users of GemPages. There's also no custom install flow outside of the Shopify App Store, so it's impossible to install the app at the moment.
If you are looking for some alternative page builder app go check our list of The Top 10 Best Landing Page Builder Apps on Shopify in 2021.