I guess I’m not understanding something. If you don’t want user’s to have to sign in with their email, then how are you authenticating users now? Aren’t you still using the whitelist of emails which would require a user to sign in with an email and pin? Signing in with an email and pin should still only be a one time process until a user explicitly signs out or clears their browser cache.
Restricting what is visible in the app is easy with the right visibility conditions and filtering, but keep in mind that the data is still downloaded to the device of any random user that would sign in, whether or not they can visibly see stuff in the app. The data is still there and the right user could snoop that data. If data security is of the utmost importance, then that’s where you want to restrict who has access to the app in the first place. Row Owners is another option, but when you have 200 users, it becomes clumsy to implement. You can apply psuedo Roles that are just visibility conditions base on a user profile column value, but it doesn’t secure the data. Using actual Roles (which are only available in Private Pro apps) will secure the data, just like Row Owners does. Proper Role security allows you to apply Row Ownership to a role as opposed to an email. I would recommend spending some time reviewing this documentation to understand proper data security.
Also, I think it was mentioned in a prior post several weeks ago (maybe where you were the one asking), but active user counts only apply to Private Pro apps and even then, probably not on legacy apps. Still, I don’t usually rely on that count on the dashboard. All that matters is that each user that signs into the app within a month is considered an active user. Even if they do it only once within that month.