Apps must meet OAuth 2.1 with PKCE, sandboxed iframes with CSP, data minimization, and WCAG AA standards, increasing development overhead.
App visibility depends on unclear ranking; higher design/functionality standards are favored but criteria remain non-transparent.
Monetization via Agentic Commerce Protocol is announced but not yet live; fees and revenue share are undisclosed.
Moving to Apps SDK requires a full rebuild: MCP server, UI widgets, and OAuth 2.1 with PKCE.