Firebase Auth SignOut not working on Uninstall

Question

I'm using Sign-in with Google method to sign-in a user in my app.

Problems - Update:

1. If I uninstall the app (after sign-out or without sign-out) and re-install the app, FirebaseAuth.getInstance().getCurrentUser() comes non-null. So, the user gets access to the account.

2. I even tried by clearing the app data, the problem still exists.

The app was working fine before adding 'FirebaseInstanceIdService' and 'FirebaseMessagingService' services. Means, it was signing-out automatically after uninstalling.

Manifest.xml

    <meta-data   
android:name="com.google.firebase.messaging.default_notification_channel_id"
        android:value="@string/default_notification_channel_id"/>
    <meta-data android:name="firebase_messaging_auto_init_enabled"
        android:value="false" />
    <meta-data android:name="firebase_analytics_collection_enabled"
        android:value="false" />

....

<service
        android:name=".services.MyFirebaseMessagingService"
        android:exported="false">
        <intent-filter>
            <action android:name="com.google.firebase.MESSAGING_EVENT"/>
        </intent-filter>
    </service>

    <service
        android:name=".services.MyFirebaseInstanceIDService"
        android:exported="false">
        <intent-filter>
            <action android:name="com.google.firebase.INSTANCE_ID_EVENT"/>
        </intent-filter>
    </service>

....

MyFirebaseMessagingService.class

public class MyFirebaseMessagingService extends FirebaseMessagingService {

private static final String TAG = "MessagingService";

@Override
public void onMessageReceived(RemoteMessage remoteMessage) {
    super.onMessageReceived(remoteMessage);

    Log.e(TAG, String.valueOf(remoteMessage));
}
}

MyFirebaseInstanceIDService.class

public class MyFirebaseInstanceIDService extends FirebaseInstanceIdService {

private static final String TAG = "InstanceIdService";

@Override
public void onTokenRefresh() {
    super.onTokenRefresh();

    if (FirebaseAuth.getInstance().getCurrentUser() == null){
        return;
    }

    String tokenId = FirebaseInstanceId.getInstance().getToken();

    saveTokenIdToDatabase(tokenId);
}
}

signOutAccount method

private void signOutAccount(){

FirebaseAuth.getInstance.signOut();

            Intent intent = new Intent(getApplicationContext(), LoginActivity.class);
            intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP);
            intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK);
            startActivity(intent);
            finishAffinity();
}

Answer 1

You're not the only one struggling with it. I had similar issue. After reinstalling (or updating) the app, in BaseActivity I checked if user is logged in. And he was.. FirebaseAuth.getInstance().getCurrentUser() returned non-null value. So when I used the uid to get data from firebase database I got a mess - some random items.

Also note, that I could reproduce it only on some devices. For examples, I got non-null value on Nexus 5x but not on Oneplue 3t (8.0.0).

After some investigation I found out several interesting facts.

Fact #1 (docs)

There are some cases where getCurrentUser will return a non-null FirebaseUser but the underlying token is not valid.

In fact, when getCurrentUser() != null you can't be sure that user is actually signed in. My conclusion was, I can't rely on getCurrentUser and I should reconsider the way how I check if user logged in (as an option).

Fact #2

Android app sometimes remembers its data after reinstalling the app, because of automatic backup. See the post for more details.

Solution

<application
  android:allowBackup="false"
  android:fullBackupContent="false"
  ...>

I set android:allowBackup and android:fullBackupContent to false. So when I reinstall the app (or update it), firebase current user is null.