That's an interesting query, and I totally get where you're coming from.
For your token and security needs, iOS provides a unique identifier for each device called the "identifierForVendor" (IDFV). It's tied to the device and remains consistent until the app is uninstalled or the device is wiped. You can use this IDFV to tie the token you grant to a specific device.
And AFAIK, restricting access to certain features in this way shouldn't pose an issue with the app review process, especially if the core functionality of your app remains free and accessible to all users.
However, it's always a good idea to provide clear explanations while submitting your application for review regarding any access restrictions you implement. Additionally, you may also want to make sure that your provided account credentials have a way to access all features.
Cheers!
Topic:
Privacy & Security
SubTopic:
General
Tags: