I don't want this behavior because it is not a safe way.
I don't know why would say that, but I'm aware of one fact. I'm using my Gmail address on multiple devices and everything is very safe.
I only want a user can only log-in with an email address on a single device.
I'm wondering why would you do that? How about the situation when the user losses the device? Wouldn't you want the user to be able to use your app from another device? How about the situation in which you store some data in the database? Are you willing to tell the user that the information is lost?
Is it possible to do it in Firebase security rules?
You can think of a solution to secure that, but I don't think it's a good option to go ahead with. Secure your app using Security Rules, as much as possible, but let the user the option to access your app from multiple devices.
Edit:
what if someone who knows the user's email address and password can log in to the app and see all the user's data.
This can happen in the case of any app. If you lose the credentials, your app may be compromised. However, you can implement a two-step verification if you'd like, but still, let the user access your app from multiple devices.
Think of a situation in which your phone is lost and, you have a really important email to read. Would you like to be able to read that email from a friend's device instead of losing it forever?
Would such an event be the fault of the user or the developer?
I'm don't know how it can be a developer's fault if someone loses the credentials of an app? Is it Google's fault if you lose your email credentials?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
