Fake users in firebase with @gmail.com accounts

Question

I have a firebase project. The next sign-in methods auth are enabled:

• Google
• Facebook
• Apple
• Anonymous

A mobile app interacts with the firebase.

Each day I get some weird new users sign-ups with fake accounts with the pattern: [name][numbers]@gmail.com. They don't do anything except sign up via google oauth once.

Is it possible to prevent it? Maybe I missed something with the google oauth configuration?

Updated:

Also, I noticed that these sign-ups started to occur when I had sent out the mobile app to google/apple verification. May these two events are correlated?

Answer 1

If you are sure those fake users have a specific pattern from their email address, I would make a trigger function on Cloud Functions for Firebase.

You can use functions.auth.user().onCreate() event handler like below.

exports.checkFakeUser = functions.auth.user().onCreate((user) => {
  // You can check if the user has suspicious email patterns and delete them here.
});

Or you can also make a Schedule function on Cloud Functions for Firebase and daily check if there are fake users and automatically delete them.

Plus, it would be a good step if you figure out that fake users still joining even you didn't expose your mobile app anywhere if you want to find out the reason how they are joining.

Answer 2

Add the following Cloud Function will help you on check the email and delete the fake user

    exports.checkFakeUser = functions.auth.user().onCreate((user) => {
        const list = user.email.split(".")[1].split("@")
        const isFake = list[0].length === 5 && list[1] === 'gmail'
        if(isFake){
            admin.auth().deleteUser(user.uid)
            .catch(function(error) {
                console.log('Error deleting user:', error);
            });
        }
    });