Suppose I have an app that does in-app purchase and verifies the receipt is good for a non-consumable purchase.
On a purchase, the app writes to some storage such as NSUserDefaults that is essentially a BOOL that unlocks the extra content.
Pirates can then make an ipa from this that other jailbroken devices can install, getting around the in-app purchase in the copies by purchasing it once in the original.
It seems like making some hash/checksum based on a unique identifier to the device or user, and verifying this on launch would be a reasonable piracy check (not meant to stop all crackers, but stops-the-bleeding for the average copy based ipa install pirate). However, I know that apple deprecated access to UDID, and some say to avoid using MAC addresses for this reason. Is there something else I could use? Is MAC still game? This level of a check seems like it would be non-invasive to the user and would store the data as a (lossy) one way hash/checksum.
Perhaps there is a completely different, much better method for dealing with the ipa based piracy for non-consumables?
