Blog Icon
Upollo Blog
← Back to Blog

Detecting Account Sharing and Repeated Trials in Firebase Auth with Upollo

How to detect account sharing and repeated trials in Firebase Auth with Upollo.

Stephen Nancekivell
Stephen Nancekivell
Senior Software Engineer
Detecting Account Sharing and Repeated Trials in Firebase Auth with Upollo

Firebase Auth is a great tool to add account management to your app or service. It takes care of the myriad of ways people like to login.

However, Firebase can't tell you anything about the people behind those accounts. It can't tell you if Bob creates a new account every month so he can get the free trial again and again. It also can’t tell you that Peter and Patsy have created one account and share the password so they only have to pay once.

With Upollo you can detect these events and nudge the user onto the right path. You can detect that Bob is creating his 10th account, stop giving him the free trial and convert him into a paying customer. You can tell Peter and Patsy that you know they are sharing an account which is against your policy and get them to upgrade their account.

To learn more about the opportunities in converting repeat trial users and account sharers see Turn Repeated Trials Into Growth and Grow By Understanding Account Sharing

This article will focus on web applications but the same applies to mobile apps as well.

Detecting account sharing and repeated trials in Firebase

Consider, if you are logging in using signInWithPopup from the Firebase SDK.

Consider, if you are logging in using signInWithPopup from the Firebase SDK.

import { GoogleAuthProvider, signInWithPopup } from "firebase/auth";

const authProvider = new GoogleAuthProvider();
authProvider.addScope("profile");
authProvider.addScope("email");

await signInWithPopup(auth, authProvider);

Instead of continuing your login flow after that you would use the assess method from Upollo Web Library with the user details returned from firebase. In the returned flags you can see if it is a repeated action or account sharing.

import { UpolloClient, EventType, FlagType } from "@upollo/web";

const upollo = new UpolloClient(“ADD_API_KEY_HERE”);

const userCredential = await signInWithPopup(auth, authProvider)
const user = userCredentials.user

const identifyResponse = await upollo.assess(
  {
    userId: user.uid,
    userEmail: user.email,
    userPhone: user.phoneNumber,
    userName: user.displayName,
  },
  EventType.EVENT_TYPE_LOGIN
)

const flagTypes = identifyResponse.flags.map((flag) => flag.type);

if (flagTypes.includes(FlagType.ACCOUNT_SHARING)) {
  // The user was account sharing
  // let them know they should create their own account.
}

if (flagTypes.includes(FlagType.REPEATED_SIGNUP)) {
  // The user was repeating the trial
  // dont offer the trial for free.
}

// otherwise let the user continue normally

For an even more secure solution, you can repeat the same checks server side by using the Upollo token and one of our server side libraries to validate the flags on your server.

If you are interested in this space and would like to hear more, please sign up and follow us on LinkedIn or Twitter.

Read the Report: Upollo SOC 2 Type 1
PDF • 2.4mb

Join the Wave

Ready to revolutionize how you recognize opportunities? Sign up for the waitlist below and be among the first to experience its transformative power when it launches.

Thanks! We'll let you know when you're off the waitlist.
Oops! Something went wrong while submitting the form.
About the Author
Stephen Nancekivell
Stephen Nancekivell
Senior Software Engineer

You Might Like:

All Posts
How to Convert Account Sharers without Alienating your Users
Effective strategies to convert account sharers into paying customers without pushing away the people who love your app the most
B2B Businesses are Applying Netflix and Disney’s Tactics and it is Paying Off
Netflix added billions in revenue by converting account sharers. Here's how B2B companies are doing the same:
Password Sharing Impact & Solutions
Understand password sharing's impact on your business and convert password sharers to paying customers.

Get Started for Free

Start understanding and upselling your customers today.