I’ll be honest here, and although I’ve no voting powers, and don’t mean this personally, I don’t think this should qualify as a verified account and think the concept of verification needs re-evaluation.
The only metrics I can get of this app are from the Android release, which suggests a total of 5 users ever.
While the other platforms could be vastly more popular, IMO, Canonical marking someone as verified is Canonical giving a seal of approval in the quality of your work; especially moreso now that there’s more recent stricter reviews on submissions from non-verified/stared publishers.
The requirements for a star developer account are sustained contributions over months, and is the lesser of the two account distinctions. The requirements of a verified account cannot simply be “has a domain and viable business model” but backed by so little actual usage.
The domain for the website can be verified and the account name can be set to whatever the publisher chooses; but I don’t think especially in light of recent policy changes (approval required for all snap revisions from non-star/verified publishers) that it makes sense to give less review here than say individuals in the forums who’ve been around for 5+ years with 1000x the downloads.
Apologies that this comes off personal, but I feel this should be applicable everywhere, and this is merely an example. I don’t feel we can reasonably place the same acolades as given to Mozilla or Proton & etc with millions & hundreds of thousands of users, to 5+ downloads.
Ideally that’s a conversation that Canonical would have in private because I can understand this being sensitive to a lot of businesses, but the public data to me doesn’t look satisfactory for how I feel people interpret verified accounts, when domain verification exists and feels far more appropriate here.
This is an app marketed for healthcare. Whilst the criteria is arbitrary, would I be obscene in suggesting Canonical could be presumed to check things like if they’re actually regulated, and the likelyhood of things like data protection compliance, given the importance of such infrastructure? Introduce them to Ubuntu Pro whilst you’re at it, because that’s the kind of business relationship people could reasonably infer from the status, an actual commercial relationship and not just mere usage of snaps.
Whilst often I’m fine with seeing this requirement get dropped when there’s other reasonable balances, I don’t think there is in this instance, because Canonical can’t claim to reasonably know a company that is still to earn a reputation, so that’s the “let’s start a conversation” part.