This is precisely why SmartThings, despite repeated requests from various members of the Development Community, will not entertain the idea of making a significantly easier distribution method for unreviewed / QA’d SmartApps and Device Type Handlers. We understand and support this decision!
The “Shared OAuth method” (or, more bluntly called the OAuth “Backdoor”) that was used by SmartTiles and a few others, was firmly closed this past week. While SmartTiles was comfortable and honest in assuring our users that we believe that the security risks and concerns of the OAuth shared version of our SmartApp were well understood by us, and are manageable and can be self-mitigated, we are also fully aware and grateful of the benefits of the review process for both the security and performance perspective. SmartTiles is an officially reviewed and published SmartApp now, and our installer webpage can only install this protected ST managed edition from this point forward.
All the more reason, of course, that while “Platform / Product Stability” is the #1 focus of SmartThings (per CEO @Alex and team…), I’m sure this highlights the impact interconnections between all functions of the organization on product quality, especially key factors like security and performance. No company can do only one task at a time!
@jody.albritton and @slagle’s team needs to muster more resources to speed up the submit / review / approve / publish cycle for SmartApps and DTH’s so that this is not an onerous disincentive to officially publish, and thus minimize the distribution of ad hoc code to Customers who do not have the interest or ability to review code in order to add valuable functionality to their account.
Meanwhile, I have also posted a response comment to @Alex’s blog entry: