New User (Again)

oo7ml used Ask the Experts™

I have just built a small messaging app where users sign up with their mobile number, and a verification code is then sent to their mobile.

As soon as a user enters their name on the Sign Up screen, the account is created and the status is set to ‘created’.

Once the enter their phone number, the account status is updated to ‘pending’.

As soon as the enter the verification code, the account status is set to ‘live’.

How should i handle the following case:

A user signs up and is live on the app. They use it for 1 week, sending and receiving messages. The user looses their phone, and downloads the app on their new replacement phone, however the mobile number is the same as their previous account.

What is the best option:

A - allow the user to sign up on multiple devices with the same number (does this mean push notifications will be sent out to all of the devices AND all data will be downloaded to two devices)
B - make the mobile number unique and destroy all the previous data when a user enters a new mobile number AND verification code (if they have entered the verification code, then they obviously own the phone, so we should delete all previous data for this person)
C - any other suggestions

Thanks in advance for your help.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Big MontyWeb Ninja at large
I'm not sure but when someone loses their phone and gets a new one, the phone number associated will only work with the new phone once it's set up and will automatically stop working on the first phone.

If your app uses the phone number to identify users you shouldn't need to change anything.
Developer & EE Moderator
Fellow 2018
Most Valuable Expert 2013
BM is on the right track.   You want to identify the installation of the app not the device.  There are multiple ID's you can associate to your app but in this case, it is suggested to no use a physical device.

How you actually do this will depend on the os or app system you are using.

I would also suggest building in some type of fraud detection.   If a user typically sends 10 messages a day and you detect 30 messages in an hour, some type of alarm should go off.    If you are using a 3rd party messaging app, there may be triggers available in the api.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial