If I notice fraudulent activity on my application by an authenticated user (by Firebase Authentication), can I block the device associated with this user so that he can no longer access my application? And if so, how do I do it?
Thanks for your attention !
A Firebase Authentication user has a UID, that you can use to allow them to access certain resources. To block a specific user from Firebase Authentication itself, you can disable their account. So don't delete it (as they can just recreate it in that case), but disable it. After doing that, they won't be able to sign in, and will be unable to refresh their ID token (which happens hourly).
If you use one of the Firebase databases (Cloud Firestore, or Realtime Database), you can also implement a list of banned UIDs in there, and then check against that in your security rules.