Question

App user id

  • 4 January 2023
  • 2 replies
  • 29 views

Badge

What is to stop someone sharing their app user id with a friend and so gaining the entitlements? In other words, how do we know whether it’s the same user legitimately using the app on a second device, or a different user illegitimately user the app on their device?


2 replies

Userlevel 1
Badge +4

This is quite complicated to achieve and not something that RevenueCat is intended for or supports at this time. Some companies automatically log you out of your old device once you log into a new device. Other's try to achieve similar based on location - if you seemingly time traveled 80 miles in 3 minutes, one of the devices is logged out etc. This would be something implemented on your own login system level. 

Badge

So if the app does not have the functionality (e.g. does not have its own backend) to make such checks, then it would be better the user does not know the app user id?

Maybe one way would be to make the user login to something like Google Sign In and then force that to be part (e.g. prefix) of the custom app user id?

Reply