If transactions for a certain coin are truely anonymous, then how can they really protect against double spending?
Which sense of double spending are you referring to?
Sub 51%, where you somehow come up with a way to execute double spends without a hashrate .. or where you have over 51%?
Over 51% involves different chains .. so it's pretty easy to tell when you're on a new chain that you weren't before. Same problem in Bitcoin, someone get's >51%, it's theoretically possible.
Below 51%, I'm pulling from CN website .. bolded important part (though other currencies I don't have a good source to explain how this is achieved) :
Fully anonymous signatures would allow spending the same funds many times which, of course, is incompatible with any payment system's principles. The problem can be fixed as follows.
A ring signature is actually a class of crypto-algorithms with different features. The one CryptoNote uses is the modified version of the "Traceable ring signature" [1]. In fact we transformed traceability into linkability. This property restricts a signer's anonymity as follows: if he creates more than one ring signature using the same private key (the set of foreign public keys is irrelevant), these signatures will be linked together which indicates a double-spending attempt.
To support linkability CryptoNote introduced a special marker being created by a user while signing, which we called a key image. It is the value of a cryptographic one-way function of the secret key, so in math terms it is actually an image of this key. One-wayness means that given only the key image it is impossible to recover the private key. On the other hand, it is computationally impossible to find a collision (two different private keys, which have the same image). Using any formula, except for the specified one, will result in an unverifiable signature. All things considered, the key image is unavoidable, unambiguous and yet an anonymous marker of the private key.
All users keep the list of the used key images (compared with the history of all valid transactions it requires an insignificant amount of storage) and immediately reject any new ring signature with a duplicate key image. It will not identify the misbehaving user, but it does prevent any double-spending attempts, caused by malicious intentions or software errors.