For some apps, it's important to know who made each update. A prerequisite for this is that users must be required to sign in to use the app.
You can examine the Audit Log to determine who performed an add, update, or delete.
If your application requires sign in, the By User property in the Audit Log will contain the User Id of the person who performed the add, update, or delete.
If your application does not require sign in, the By User property in the Audit Log will contain the value -1 which is the "Guest User Id".
If your application does require sign in but that user has not yet granted consent, the By User property in the Audit Log will contain the value -2 which is the "Unconsented User Id".
You can keep track of which user performed the most recent Add or Update of each record, by adding an extra column of type Email to each record. You can populate this column with the USEREMAIL() of the most recent user to Add or Update the record. If you specify USEREMAIL() as the Default value of this column, then every new record will automatically contain the email address of the currently logged-in user who added the record. You can update this column when a user updates the record.
Some apps require a richer audit-trail to maintain the history of changes made by different users. Typically, the backend cloud storage provider has an auditing mechanism. For example, Google Sheets provides a Change History that shows a detailed list of changes made, when they were made, who made them, etc. In order to use this backend audit history, it's important that the AppSheet app run with the security setting "As App User". Each potential user should also be given permissions to access the backend spreadsheet.