Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 220
  • Last Modified:

New User (Again)


I have just built a small messaging app where users sign up with their mobile number, and a verification code is then sent to their mobile.

As soon as a user enters their name on the Sign Up screen, the account is created and the status is set to ‘created’.

Once the enter their phone number, the account status is updated to ‘pending’.

As soon as the enter the verification code, the account status is set to ‘live’.

How should i handle the following case:

A user signs up and is live on the app. They use it for 1 week, sending and receiving messages. The user looses their phone, and downloads the app on their new replacement phone, however the mobile number is the same as their previous account.

What is the best option:

A - allow the user to sign up on multiple devices with the same number (does this mean push notifications will be sent out to all of the devices AND all data will be downloaded to two devices)
B - make the mobile number unique and destroy all the previous data when a user enters a new mobile number AND verification code (if they have entered the verification code, then they obviously own the phone, so we should delete all previous data for this person)
C - any other suggestions

Thanks in advance for your help.
2 Solutions
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
I'm not sure but when someone loses their phone and gets a new one, the phone number associated will only work with the new phone once it's set up and will automatically stop working on the first phone.

If your app uses the phone number to identify users you shouldn't need to change anything.
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
BM is on the right track.   You want to identify the installation of the app not the device.  There are multiple ID's you can associate to your app but in this case, it is suggested to no use a physical device.  


How you actually do this will depend on the os or app system you are using.

I would also suggest building in some type of fraud detection.   If a user typically sends 10 messages a day and you detect 30 messages in an hour, some type of alarm should go off.    If you are using a 3rd party messaging app, there may be triggers available in the api.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now