Skip To Content

Security considerations for using third-party apps

The ArcGIS platform allows users with valid accounts to create, share, and store geographic content as well as access ready-to-use analytic tools such as geocoding, routing, GeoEnrichment, and spatial analysis. The platform also allows users to access a variety of apps built by developers and made available through ArcGIS Marketplace. These apps are often optimized to work in conjunction with the user's content or the platform tools by allowing the user to sign in to the platform through the app and directly access their content.

As a user, it is your responsibility to verify the security of the apps you use in conjunction with your content. Keep the following considerations in mind as you decide whether or not to use an app.

Access to your content

Signing in to your account through an app gives the app access to all the resources and functions that your account has access to, including content you own, content shared to you, and any premium content and capabilities to which you have access.

Apps may include capabilities that require service credits. Because you are signing in to these apps with an account tied to an organization, that organization incurs the credit cost.

Trusted provider

Only use apps developed by providers you trust with your content such as Esri, your organization, and trusted business partners, consultants, and independent software vendors. Apps listed in ArcGIS Marketplace are published by Esri Business Partners and Esri Distributors whose identities and business practices have been reviewed by Esri. Esri has vetted the organizations listing apps to ensure that they are interested in building apps that enhance the productivity of your work, but Esri does not vet their individual apps.

Authentic app

You are responsible for verifying that the app you use is the trusted app from the trusted provider it claims to be, including that the app conforms to the following:

  • Hosted at the expected website URL
  • Downloaded from a well-known mobile app store that asserts the identity of the trusted app and app developer
  • Installed from certified media purchased from a trusted independent software vendor (ISV)

The above checks are needed to minimize the chances of a malicious app masquerading as a trusted app. Once you sign in to an app using your account credentials, the app can gain access to your account and its contents.