- Forcing auth before the first useful screen killed 82% of new users in our React Native app.
- We deferred authentication until the user tried to do something that required identity (saving a plan).
- Day-1 retention went 36% → 71%, Day-7 retention 14% → 28%, account conversion 18% → 38%.
- The trick: anonymous local-only state + a promotion path that migrates that state into the new account.
- Don't do this for banking, healthcare, or B2B apps where identity is needed from screen one.
We have a usability lab. We watch real users use our apps. Here's the most common pattern we see kill a React Native app in its first 90 seconds: forcing the user to authenticate before they can see anything.
This post is about what we tried instead, and how the numbers moved.
The setup
Our app — a meal-planning tool — had a textbook auth flow:
- Splash screen
- 'Welcome' + Sign Up / Log In buttons
- Email entry
- Password entry
- Email verification (open inbox, tap link)
- Then the actual app
Median time from app open to first useful screen: 4 minutes 12 seconds. Drop-off at each step:
| Step | Reach |
|---|---|
| Splash | 100% |
| Welcome screen | 87% |
| Submitted email | 54% |
| Submitted password | 41% |
| Verified email | 23% |
| Reached the app | 18% |
The 82% who never made it past auth weren't bad-fit users. We knew this because the same users reinstalled later, often weeks later — the install was an active choice, not an accident.
What we changed
We deferred authentication until the user tried to do something that genuinely required identity. The new flow:
- Splash screen
- Browse meal plans, view recipes, add items to a shopping list (all in local state)
- Tap 'Save my plan' — that's when we ask for email
- Single-step magic-link auth (no password)
Reach to the app: 100%, because there's no auth wall. Reach to the 'save my plan' step: 47%. Reach to a verified account: 38%.
The numbers that moved
| Metric | Before | After | Δ |
|---|---|---|---|
| Day-1 retention | 36% | 71% | +35pp |
| Day-7 retention | 14% | 28% | +14pp |
| Conversion to account | 18% | 38% | +20pp |
| Verified email after install | 18% | 38% | flat — same end-state |
The Day-7 number is the one that mattered. Twice as many people came back a week later, because they'd actually used the product before being asked to commit to it.
How to implement it in React Native
Two patterns make this clean.
1. Anonymous local-only state until promotion.
// stores/userStore.ts
type AnonymousUser = { id: string; isAnonymous: true; mealPlan: MealPlan[] };
type AuthedUser = { id: string; isAnonymous: false; email: string; mealPlan: MealPlan[] };
type User = AnonymousUser | AuthedUser;
const useUserStore = create<{
user: User;
promote: (email: string) => Promise<void>;
}>(/* ... */);
Every screen reads from useUserStore(). The screens don't care whether the user is anonymous or authed — they just render the data.
2. Promotion path that preserves local state.
When the user enters their email, your server creates an account and migrates whatever local state existed (meal plan, shopping list, preferences) into the new account. This is the part most apps get wrong: they auth the user, then start the experience over from scratch. The user is being punished for committing.
async function promote(email: string) {
const localData = useUserStore.getState().user.mealPlan;
const { token, refreshToken } = await api.post('/users/promote', {
email,
localData,
});
await saveTokens(token, refreshToken);
useUserStore.setState({
user: { ...newUser, mealPlan: localData },
});
}
The whole point: the existing meal plan survives the transition. Every authed user passed through the anonymous state for exactly one tap — you're migrating one object, not rebuilding a session.
When defer-auth is the wrong call
This pattern doesn't work for:
- Apps where personalisation requires identity from the start (banking, healthcare). The first screen is meaningless without knowing who the user is.
- Apps where storing anonymous state is expensive. If your 'browse' experience requires server queries the same way an authed experience would, you're paying for non-converting users.
- B2B apps where the install is enterprise-mandated. The user is going to auth regardless; the friction is happening on a calendar, not in the app.
For consumer apps that have any meaningful read-only or local-only mode, default to deferred auth. The friction you remove pays for itself within the first session.
Talking to the team
We had to convince eng that 'anonymous users with promotable state' was worth the complexity. The argument that won was: every authed user goes through the anonymous state for one tap anyway. We're not building a new state machine; we're letting the existing one breathe.
The argument that didn't win: 'users hate auth.' Everyone agreed in principle and resisted in practice. The lab footage was what flipped it — watching three users in a row close the app at the password prompt is harder to dismiss than a chart.
We share more of these patterns at RapidNative — building React Native apps that respect the first 90 seconds.
Got a defer-auth war story, or a case where it backfired? Drop a comment with what you're building.
