I'm building an iPhone app. It talks to a server. I want each iPhone to only be able to have _one_ account on the server -- I don't want people creating lots of separate accounts and having them collude.
Now, my iPhone app and my server are talking to each other over TCP/IP. In theory, anyone can build a computer program that fakes the protocol my iPhone app uses (not very hard -- just download the app, log the packets, reverse engineer the API; I can encrypt my traffic, but they can run the app under a VM / extract the key).
So, although I'm generally not a big fan of Trusted Computing -- does the iPhone support anything like this? Where my server can remotely detect "is this device an iPhone?" + "give me a non-forgable UUID" (even if I force the device to be an iPhone, the attacker can still create another iPhone app and have it talk via the same API).
Thanks!
(Sorry: I realize the business man in me says "err, build the product first, worry about this later"; but I'm kind of curious -- both from a technical perspective and a design perspective -- if I know that creating each account requires purchasing an iPhone / iPod touch, I can know up front that people are less likely to create silly accounts & try to screw around).
