Hey folks,
I know that simple uninstalling of Android app does not clear user credentials because of cookies in CustomChromeTabs.
BUT
I see that ChatGPT app on Android and their Android app does not store user credentials after uninstall. So it is possible.
What auth0 API to use to achieve the same behavior?
Hi @oleksandrpriadko, and welcome to the Auth0 Community!
An Android app cannot selectively clear the browser’s session cookie only upon uninstallation. This is because the Android OS provides no mechanism for an app to execute code (like a logout call) as it’s being removed.
Apps like ChatGPT likely achieve this behavior by using an embedded WebView for their login process instead of a Chrome Custom Tab. A WebView is an in-app browser component whose data (including cookies) is stored as part of the application’s private files. When you uninstall the app, the Android OS deletes all of this private data, including the WebView’s cookies, effectively clearing the session.
An alternative would be to use an ephemeral session, but that would clear the cookies every time the app is closed, and I assume that is not what you want.
I’m sorry I couldn’t provide you with a solution.
Have a great day!
Teodor.
Hey @teodor.andrei thanks for the reply! I see.
- Is it safe to use WebView instead of ChromeCustomTab?
- Is there a way to make cookies on Android device irrelevant by terminating session through the auth0 management api?
Thanks.