I am looking for a way to limit the reuse of a one-time offer in an app. For example, a feature that is available for a period of time and subsequently must be purchased through an IAP. I am concerned that the 'free trial' period in a 'free' non-consumable IAP or an autorenewable subscription can be 'hacked' by creating multiple App Store accounts. (Is that concern unwarrented?) While I am concerned about multiple App Store accounts, I am not concerned about multiple Apple ID's because it is a sufficient pain to change a device's Apple ID that I can allow that 'hack'. I do not need to know who the user is - I just need a permanent identifier for the user (or the device) that records 'first use of app' by the user or by the device. (DeviceCheck requires a server and is just a bit too complicated.)
1) I can't use identifierForVendor because it gets reset on app delete-and-reinstall.
2) I am told I can no longer reliably use the keychain (my current solution) because in various betas and perhaps the latest iOS it gets wiped out on app deletion.
3) I am told that the user's iCloud key-value can be deleted by the user through the Settings app after app deletion.
A) Can I use the user's CloudKit private database as a place to store permanent information? Will it survive deletion of the app and the user removing the app from being able to access CloudKit?
B) Can I use the user's userRecord in the public database in CloudKit? Will it survive deletion of the app and the user removing the app from being able to access CloudKit?
C) Is there any other way to leave a permanent record on a user's device or elsewhere?
A) Can I use the user's CloudKit private database as a place to store permanent information?
Yes, but this associates the info with the user, not the device, which isn’t what you’re angling for.
B) Can I use the user's userRecord in the public database in CloudKit?
Ditto.
C) Is there any other way to leave a permanent record on a user's device or elsewhere?
That’s a very broad question, so I can only give a general answer.
Apple’s general take on this is that the user should be in charge of all the persistent identifiers you might use for this sort of thing. The only planned exception to this is DeviceCheck. You can also use the keychain but, as I explained in the post I referenced above, Apple has tried to close that loophole in the past, and you can reasonably assume that we will eventually succeed.
To reiterate, DeviceCheck is exactly what you’re looking for here. Use it.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"