In secure apps, the app creator has the ability to set a white list of authorized accounts. Normally, a user can’t access the app unless the rely on one of these accounts.

I recently received an alert from Appsheet informing me that i need to purchase additional license(s). After looking at the app usage historic, i noticed that one of the users signed in using a gmail account that wasn’t white-listed.

My question is, how is this possible? How can Appsheet manage to count 7 Gmail accounts while only 6 are white-listed?