fix: backfill-consent-event cp-7.73.0

[ieow]

Description

Social login (Google / Apple) users who completed onboarding before the
ANALYTICS_PREFERENCE_SELECTED event was emitted on the marketing-consent
screen never had that event fired for them. This PR introduces a one-time
post-rehydration backfill so those users are counted correctly in analytics.

How it works (three-step design kept intentionally pure):

1. Migration 131 – runs at startup before the Redux store is live. If the
   persisted state contains a SeedlessOnboardingController.authConnection
   value, it writes a
   marker into onboarding.seedless.pendingSocialLoginMarketingConsentBackfill.
   The migration never fires analytics itself; it only stamps the persisted
   state so the side effect can be done safely after rehydration.

2. Redux slice – a new SET_PENDING_SOCIAL_LOGIN_MARKETING_CONSENT_BACKFILL
   action/reducer/selector manages the marker in state.onboarding.seedless.

3. Saga – backfillSocialLoginMarketingConsent runs once inside
   startAppServices (after setAppServicesReady). It reads the marker from
   the live store, fires ANALYTICS_PREFERENCE_SELECTED with
   saveDataRecording: true, calls updateDataRecordingFlag, and clears the
   marker. If the marketing consent is no longer enabled at run time (e.g. user
   toggled it off between migrations) the marker is cleared without sending any
   analytics. If trackEvent throws, the marker is left in place so a future
   run can retry.

Changelog

CHANGELOG entry: null

Related issues

Fixes:

Manual testing steps

Feature: One-time marketing consent analytics backfill for social login users

  Background:
    Given I have a device with a previously installed version of MetaMask Mobile
    And I am a social login (Google or Apple) user
    And I previously accepted marketing data collection during onboarding

  Scenario: backfill event fires once on first launch after upgrade
    Given the app has not yet run migration 129
    And state.security.dataCollectionForMarketing is true
    And state.engine.backgroundState.SeedlessOnboardingController.authConnection is "google"

    When user launches the app and the store rehydrates
    Then migration 129 sets onboarding.seedless.pendingSocialLoginMarketingConsentBackfill to "google"
    And the backfill saga fires an ANALYTICS_PREFERENCE_SELECTED event with has_marketing_consent true
    And the pending marker is cleared to null
    And on subsequent app launches no duplicate event is fired

  Scenario: backfill is skipped when user has opted out of marketing consent
    Given state.security.dataCollectionForMarketing is false
    And state.engine.backgroundState.SeedlessOnboardingController.authConnection is "google"

    When user launches the app and the store rehydrates
    Then migration 129 does NOT set the pending marker
    And no ANALYTICS_PREFERENCE_SELECTED event is fired

  Scenario: stale marker is cleared without analytics when consent is revoked before launch
    Given the pending marker was set in a previous session (e.g. "google")
    And the user has since revoked marketing consent (dataCollectionForMarketing is false)

    When the app launches and the saga runs
    Then the pending marker is cleared to null
    And no ANALYTICS_PREFERENCE_SELECTED event is fired

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Adds a new persisted onboarding marker, a state migration, and a login-triggered saga that sends analytics/updates consent flags; mistakes could cause missed or duplicate analytics and unexpected consent state changes after rehydration.

Overview
Adds a one-time post-rehydration analytics backfill for legacy social login (Google/Apple) users who never emitted ANALYTICS_PREFERENCE_SELECTED for marketing consent.

This introduces a new onboarding state marker (pendingSocialLoginMarketingConsentBackfill) with action/reducer/selector support, sets it via new migration 131 based on SeedlessOnboardingController.authConnection, and runs a new backfillSocialLoginMarketingConsentSaga after LOGIN to optionally query OAuth marketing opt-in, emit the analytics identify/event (with saveDataRecording: true), update recording via updateDataRecordingFlag, then clear the marker and sync setDataCollectionForMarketing.

Wallet deletion now also clears the marker, and tests were added/updated across onboarding reducer/selectors, migrations, and sagas.

^{Reviewed by Cursor Bugbot for commit 2a0bacd. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

There are 3 total unresolved issues (including 1 from previous review).

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit e1c2f11. Configure here.}

[Cal-L]

Lgtm

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeWalletPlatform, SmokeAccounts, SmokeIdentity
• Selected Performance tags: None (no tests recommended)
• Risk Level: medium
• AI Confidence: 78%

click to see 🤖 AI reasoning details

E2E Test Selection:

The PR introduces a one-time analytics backfill mechanism for social login (seedless onboarding) users. Key changes:

1. Store migration 131: Runs on every app startup and marks existing social login users with a pendingSocialLoginMarketingConsentBackfill marker in the onboarding Redux state. This migration is safe but touches the persisted state that all E2E tests rely on.

2. New Redux action/reducer/selector: Adds pendingSocialLoginMarketingConsentBackfill to the onboarding state. The initialOnboardingState is updated, which affects all tests that initialize with default state.

3. New saga (backfillSocialLoginMarketingConsentSaga): Hooks into UserActionType.LOGIN and fires an analytics event for social login users. This runs after every login in the app, potentially affecting login flow timing.

4. Authentication.ts: The deleteWallet flow now dispatches setPendingSocialLoginMarketingConsentBackfill(null) to clear the marker. This affects wallet deletion/reset flows tested in E2E.

Tag Selection Rationale:

• SmokeWalletPlatform: Covers wallet lifecycle analytics (wallet creation, SRP import events), which is directly related to the analytics backfill being added. Also covers the login flow where the saga fires.
• SmokeAccounts: Covers SRP export flows, account management, and wallet deletion flows that are affected by the Authentication.ts change (clearing the backfill marker on wallet delete).
• SmokeIdentity: The changes touch seedless onboarding (social login) state and sync features. SmokeIdentity covers account syncing and multi-SRP flows that interact with the onboarding state. Per tag descriptions, when changes touch multi-SRP architecture or account sync, SmokeIdentity should be selected alongside SmokeAccounts and SmokeWalletPlatform.

The changes are primarily analytics/tracking infrastructure and don't affect core wallet functionality like transactions, swaps, or network management, so other tags are not warranted.

Performance Test Selection:
The changes are analytics backfill infrastructure (a one-time saga that fires after login for social login users). While the saga adds a small async operation post-login, it's a one-time backfill that won't affect regular users or repeated login performance. The migration is lightweight (only reads and writes a string marker). No significant performance impact is expected on account lists, onboarding flows, login times, or other measured performance metrics.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
15 value mismatches detected (expected — fixture represents an existing user).
View details

[tylerc-consensys]

lgtm