I was setting up the free trial granted when someone purchases a subscription from my app, when I wondered how can I prevent someone from getting a new free trial by just creating a new gmail address? Did google think about that? How can I avoid being stolen?
I did not find anything in the official documentation.
On
Since emails are a dynamic and uncontrolled you shouldn’t base your logic based on just email, if it isn’t much trouble consider adding phone verification via Twilio, or perhaps try and request permission to store the device MAC or device ID; you just need one constant, controlled and difficult to modify variable or collect additional data when registering to use as checks and balances; identify patterns of data entered to be able to tell if a user was previously registered.
As someone mentioned before Google themselves made it a little difficult to register spam my addresses so it does take work to do such thing; most spammy registered addresses are used for one-time purpose and the user generally never logs in again; another tactic is to send a touch up verification email or something of the nature 3 days after the registration saying action required update or click the following to keep your trial; it’s another tactic that may deter these situations from happening.
Gmail addresses are by far the most commonly used addresses to sign up for another free trial [source: Upollo internal data]. Google, as far as I know, allows 4 email addresses per phone number over some period of time. I believe this is a recent change since this question was asked.
There are a few signals you can use to detect people signing up for another trial:
It is fairly trivial for a user to change email and change IP. Asking for phone number or additional permissions is likely to hurt your conversion rate, so it is good to use as a way of validating once you suspect someone of attempting to get another free trial.
You can use those signals yourself to detect repeated trials or you can try a tool like Upollo.ai which does this for you.