Authentication – Will users tolerate starting over when their key identification changes?

The main function of my application:

  • Two users select by phone number
  • None of them is aware of each other at the beginning.
  • Depending on certain activities over time, an event occurs for both

Because of Hans-Martin Mosner's answer, I will give more details.

When the user selects another user, he writes data to a server in an entry with a certain identifier. Unless the other user selects this first user to read this identifier, he or she will not be able to read this data anymore. For a while, even if this is the case, nothing will indicate that he has been able to do more things happen.

It is true that, theoretically, once the first reading done, I would be able to define a new identifier for communication, but because of some of the internal data that the input with the identifier would already have, and limitations that the server seems to have. , I would not be able to do this with a check on the server, although I can do it on the client, but it would open the door to malicious users, with at least computer hacking knowledge, to easily cheat with the app.

It is highly undesirable for the server to be modified at this stage of development, which would defeat the expected behavior of the application because it would need to be changed. If the problem is not so serious, the phone number I will have to stick to that, maybe it is also possible that the limitation I mention does not exist, but after a good investigation, I could not get any proof that, in my case, it could be done so I want to know how difficult it is to continue working with a modified phone number and to take into account this information.

Problem

If one of the users changes phone number during the process, my current solution requires both users to start from the beginning again, select again and start the whole process again.

The only solution to this problem that I could think of would make my application much more likely to be handled by malicious users.

Hypotheses

I think changing the phone number is not so usual (I have not changed mine in my life, and I know few people who have changed in general) so although it may be embarrassing for some users, maybe the percentage of people affected are low enough not to worry too much.

Question

I would like to know with reliable data how much it would be a problem.