Ad

Android Firebase: Prevent The Sharing Of Account On More Than One Device Issue

I am trying to manage users in my firebase app in a way that one account wont be able to be accessed on multiple devices at the same time, but I found a problem in this method:

The way that I am trying:

1) UserA signs in with email ([email protected]).

2) Database is updated to show that ([email protected]) is logged in by device id.

like this:

Users
|
|UserA_uid
|--------device_id= "A_CERTAIN_DEVICE_ID"

3) UserB attempts to sign in using ([email protected]), during that I overwrite the device_id of the userA_uid according to the account.

4) UserA listens to the change IF HE/SHE WAS CONNECTED TO THE INTERNET, and according to the device_id change I sign userA out of the app.

5) and so on.

Now All of the above seems to be a clean solution, that allows one account to be opened only once at a time (By kicking off the other user).

Problem:

I noticed a problem while testing, and that is:

If users are clever enough,they will do this:

1) UserA signs in with email ([email protected]).

2) Database is updated to show that ([email protected]) is logged in by device id.

like this:

Users
|
|UserA_uid
|--------device_id= "A_CERTAIN_DEVICE_ID"

3) User A shuts the wifi or internet off.

4) UserB attempts to sign in using ([email protected]), during that I overwrite the device_id of the userA_uid according to the account.

5) User A never listens to the change, because he/she is not connected.

6) I end up with user A and user B logged in.

If you are wondering (my app works offline).

Question:

Can I manage to solve this issue?

Thanks.

Ad

Answer

I thought of a solution. Check that if it works for you -

1) UserA signs in with email ([email protected]).

2) Database is updated to show that ([email protected]) is logged in by device id. Let the device be A1.

like this:

Users
|
|UserA_uid
|--------device_id= "DEVICE_ID (OF DEVICE A1)"

3) And when UserA log out from the device (A1), then you should set device_id to be null as -

Users
|
|UserA_uid
|--------device_id= "null"

4) When UserB attempts to sign in using ([email protected]), then you should fetch the device_id of device (say B1) and you shoud check if device_id (A1) (already existing device_id) is not equal to device_id (B1) (new device) means user has logged in certain device A1. And you should show a message that you are already logged in. And also check if device_id == null means UserA has not logged in any device. So he should be able to log in a device say B1, which will update the database as -

Users
|
|UserA_uid
|--------device_id= "DEVICE_ID (OF DEVICE B1)"

EDITED

One solution could be create a broadcast receiver in an app for listening the action "android.intent.action.QUERY_PACKAGE_RESTART" and match the "package name" in onReceive() method, if matches start a background thread that monitors the foreground running activities using ActivityManager.

When you found foreground activity to be "com.android.packageinstaller.UninstallActivity". It confirms that user wants to uninstall our app. Then start a activity that ask user to logout from the app. Also ensure mobile is connected to internet at this point of time.

Ad
source: stackoverflow.com
Ad