Firebase anonymous authentication lost on app upgrades

Question

This is what I've come up with to handle auth in my Android app backed by anonymous authentication.

public class StartupActivity extends AppCompatActivity {
    FirebaseAuth.AuthStateListener mAuthListener;
    @Override
    protected void onStart() {
        super.onStart();
        FirebaseAuth.getInstance().addAuthStateListener(mAuthListener = firebaseAuth -> {
            if (firebaseAuth.getCurrentUser() != null) {
                LoggedInActivity.newInstance(this);
            } else {
                IntroActivity.newInstance(this);
            }
        });
    }

    @Override
    protected void onStop() {
        FirebaseAuth.getInstance().removeAuthStateListener(mAuthListener);
        super.onStop();
    }
}

This StartupActivity is the one defined in my AndroidManifest.xml to be my app's main launcher Activity.

The pattern works well: at the end of IntroActivity, my code authenticates the user anonymously and sends them to the LoggedInActivity. Every launch after, the anonymous authentication persists through and the user goes straight to LoggedInActivity.

However, some users report losing their anonymous authentication and effectively losing their data since my other inner-app screens are driven off Firebase nodes that correspond to the user's UID.

This is pretty bad, but it only happens to a few users it seems. And only for anonymous auth - if it happened for email auth, it wouldn't even be a big deal, since users could log back in. But for anonymous, it's a pretty big issue. The user loses everything.

The issue could be tied to either Firebase SDK updates or app updates - that's when it seems to happen most / be reported most by my users.

Why is this happening? Is this a bad pattern for auth? I love the concept of using anonymous authentication to allow users to simply use your app without login, and I believe this is Firebase's intention as well. It's almost like I need to give them the option of backing their account with an actual login though, since this bug has such bad effects.

Answer 1

I believe I was able to reproduce this issue myself.

After getting an angry mail from a user, I tested what would happen if I updated the app (raising the version code for good measure) and tried to open it while my device was offline. Turns out Firebase logs me out, as I believe it might consider the internal copy of the Database outdated and wipes it completely, so it's basically the equivalent of a reinstall with no credentials. This doesn't happen after updating and opening the app while online.

This would explain why this only happens to a very small percentage of users, as they need to be Anonymous users who update the app and then try to open it with no internet connection in their devices, which I don't think would happen often.