In 2024, Shopify removed more than 1,000 apps from its App Store. That's roughly 6-8% of the entire catalogue, pulled in a single year. The tech press covered it as a housekeeping story. It was actually a platform governance story, and understanding the difference matters for anyone building an extensible platform.
Platform governance is the least-discussed dimension of extensibility strategy. It's also the one most likely to determine whether the flywheel keeps spinning. The failure modes piece in this series covered what happens when platforms get governance wrong: quality collapse, developer distrust, flywheel stall. This piece covers what getting it right actually looks like.
The case for curation
The instinct on marketplace design is usually toward openness. More apps means more choice. More choice means more customer value. The flywheel, as described in the anchor piece, runs on extension volume, so the natural assumption is that volume is what to optimise for.
That assumption breaks down past a certain scale. An app store with 12,000 listings and no quality bar is not a curated marketplace. It's a directory. Directories have a discovery problem: the signal-to-noise ratio degrades as listings accumulate, good apps get buried under mediocre ones, and merchant confidence in the marketplace as a reliable source of tooling erodes.
Shopify's 2024 culling was not a sign of ecosystem weakness. It was a signal of ecosystem seriousness. Of the 419 apps removed in Q4 2024 alone, 41% had received zero product reviews. Zero merchants had any opinion to share about them. Another 13% had exactly one review. A marketplace that keeps listing apps nobody uses is not serving merchants; it's degrading the experience for the developers who built apps people do use.
The data supports the counter-intuitive conclusion: Shopify paid out more than $1 billion to developers in 2024, the same year it was aggressively pruning the catalogue. Quality curation and developer economics are not in tension. The platform that removes low-quality apps protects the revenue of the developers who built high-quality ones.
What quality signals look like in practice
Curation is a blunt tool if the only mechanism is removal. The platforms with the most mature governance frameworks have built systems that signal quality before customers have to find out the hard way.
Shopify's Built for Shopify program is a certification that signals to merchants that an app meets elevated standards: performance, design, and support quality benchmarks, not just basic functionality. It changes the discovery dynamic. Merchants filtering for Built for Shopify apps have a much shorter path to finding tools that will work reliably. For developers, achieving the badge is a distribution advantage that compounds over time.
Atlassian has taken a similar approach but structured it around enterprise trust requirements. Their Cloud Fortified and Runs on Atlassian badges signal different things to customers: Cloud Fortified indicates an app has met performance and security standards; Runs on Atlassian identifies Forge-built apps that keep data within the Atlassian environment, a requirement for organisations with strict data residency policies. The badge system is not bureaucratic overhead. It's infrastructure for the enterprise sales motion, making it possible for security-conscious buyers to filter for apps that meet their requirements without conducting individual vendor assessments.
Atlassian has gone further in 2024 and 2025, requiring Platinum Marketplace Partners to hold SOC 2 Type II or ISO 27001:2022 certification. Gold partners must be actively working toward one of those standards. Third-party trust center links now appear directly on app listings. The logic is consistent: as Atlassian's customer base moves upmarket toward larger enterprises, the governance framework has to move with it.
The Apple contrast
No discussion of app store curation is complete without addressing the Apple comparison, and what the comparison typically gets wrong.
Apple's App Store is highly curated. It is also deeply distrusted by developers. The reason is not that Apple enforces quality standards. The reason is that Apple's governance framework is perceived as optimised for platform revenue extraction rather than ecosystem health.
Apple charges 30% commission. When a court ruling required it to allow developers to link users to external purchases, Apple responded by charging 27% on external link sales, higher than the standard in-app rate after subtracting payment processing. In 2024, the EU fined Apple 1.8 billion euros for anticompetitive behaviour in app distribution. The developer resentment is not about curation. It is about who the curation serves.
Shopify and Atlassian have avoided this perception because their governance decisions have consistently been explainable in terms of ecosystem health and customer value rather than platform margin. When Shopify removes apps with no reviews, the explanation is coherent: those apps are making the marketplace harder to navigate. When Atlassian requires SOC 2 certification from top-tier partners, the explanation is coherent: their enterprise customers have procurement requirements that unverified apps can't meet.
Platform governance that developers trust is governance with a clear, consistent rationale. Developers are sophisticated. They can tell the difference between rules designed to protect the ecosystem and rules designed to extract from it.
API deprecation as a governance signal
Governance isn't only about what gets listed and removed from a marketplace. The way a platform manages its API lifecycle sends equally important signals about long-term reliability, and whether building on that platform is a rational multi-year bet.
Platforms that deprecate APIs without notice, change developer agreements retroactively, or sunset frameworks that developers have invested years building against are making the same error in a different domain. They're optimising for their own short-term flexibility at the cost of the developer trust they've spent years building.
The discipline that earns trust on API deprecation is specific: announce early (before a decision is final, when possible), publish a clear timeline, mark deprecated endpoints directly in the API contract, and maintain a sunset window long enough for developers to migrate without emergency engineering work. These practices create predictable change rather than chaotic change. Predictable change is what allows developers to make multi-year commitments to a platform.
Atlassian's approach to the Connect-to-Forge migration is instructive. Rather than mandating an immediate cutover, they published the end-of-life timeline for Connect well in advance (full deprecation by late 2026), introduced 0% revenue share on the first $1 million in Forge lifetime earnings as an incentive to migrate, and kept Connect operational throughout the transition. Developers building on Connect today know exactly what the runway is and what the destination looks like. That clarity of timeline, combined with economic incentive and maintained parallel support, is how you govern a major platform transition without destroying the goodwill that took a decade to build.
Why governance is a developer value proposition
The framing that matters here is not governance versus openness. It's governance as a feature.
Developers choosing which platform to invest their next two years in are making a bet on platform longevity, ecosystem quality, and the reliability of the rules. A platform with clear, consistently applied governance: quality standards, deprecation policies, transparent review criteria, is a safer bet than one with ambiguous rules or rules that change when they become inconvenient.
The developer acquisition playbook covered how to attract developers before your marketplace reaches critical mass. Platform governance is how you keep the ones you've attracted. The developer who built a serious business on Shopify or Atlassian is not there despite the quality standards. They're there in part because those standards protect the value of what they built. When the platform culls low-quality apps, it removes competition that was degrading the signal. When it requires security certifications at the top tier, it opens enterprise distribution channels that solo developers couldn't access on their own.
This is why governance done well is not a tax on the ecosystem. It's a subsidy for the developers who've invested in quality, which is precisely the cohort every platform wants to attract more of.
The consistency requirement
The hardest part of platform governance is not designing the rules. It's enforcing them consistently over time, as the platform grows and the commercial pressures to make exceptions multiply.
Shopify removing 1,000 apps from an 11,000-app store is a meaningful act of governance. Doing it once and then loosening standards when the next cohort of low-quality apps accumulates is not governance. That's episodic housekeeping. The developers who've invested in building to the standard need to know the standard is durable.
The platforms with the most durable flywheels, including Shopify, Atlassian, and Salesforce, have maintained consistent governance frameworks across multiple years and multiple economic cycles. The rules evolve, but they evolve transparently and in directions the ecosystem can predict. That consistency is the foundation on which developer confidence accumulates. And developer confidence, once built, is one of the hardest things for a competitor to replicate.