• dohpaz42@lemmy.world
    link
    fedilink
    English
    arrow-up
    47
    ·
    3 months ago

    Apple urges developers to not use DeviceCheck for anything beyond basic device verification, and if you’re a developer that’s also misusing it, then you should definitely cease that—there are probably more reliable ways to check whether it’s the same user trying to access an account from a device or not.

    Sounds reasonable…

    But then, why would you use it?

    For example, you might use this data to identify devices that have already taken advantage of a promotional offer that you provide, or to flag a device that you’ve determined to be fraudulent.

    Oh, ok. Wait, what? But…

    • Giooschi@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      3 months ago

      Luckily Apple strictly controls the App Store and will never allow apps to abuse this, right? Right?

    • Deceptichum@quokk.au
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      3 months ago

      Yeah? That makes perfect sense, don’t use it beyond a basic device verification, for example verifying if the device has already been used in a promo or stolen.

      Those are instances where you need to check the device itself not the user.