I’ve the following problem with an app I’m developing who is going to be offered worldwide in Google Play.
The app asks for very very personal data, so I think that in order to decrease user’s suspicion it’s better to use an email instead of a phone number as a way of recognizing the user, indeed in configuration process I even tell the user that he can use the app through a proxy with Tor or similar to feel more secure.
Problem comes that I’d like the user not to do some operations in the app if he has done beforehand some of them, even if he uninstalls app.
But with email identification, if the user is slightly clever he’s going to realize that all he needs to bypass the protection is using another email account and I’ve no way to know it’s the same user, (this could also happen with the phone number, although to a very lesser degree).
So it looks like I have to choose into allowing the operations I’d like to avoid or having user distrust, it looks like I’ll have to choose the first thing.
Anyway maybe there’s something I could do so users get to trust the app more. Do you have any idea of what could I say?