Prevent abuse of promotion by preventing registration on same device from user

Question

I am developing an app that offers discounts on newly registered users. I want to avoid users from abusing this by preventing users from registering a different account on their device. The API I use is already checking if email and contact number (where verification code is sent) already exists and prevents the registration. I also use the device UUID and store it in the server to check if someone has registered from this device.

I have done some research for iOS and this is what I came up with:

• DeviceCheck API can be used on iOS 11+.
• UDID is deprecated.
• IDFA can be reset by the user.
• UUID can be changed once app is uninstalled or user has reset his/her device.

What would be the best way to avoid a user from abusing this business logic?

Answer 1

I have faced the same issue 2 years ago, I have resolved the issue by storing a value in the keychain.

I have used below library to store the value in the keychain.

Reference: Keychain wrapper class

Sample code to store uuid to device:

let deviceId = UIDevice.currentDevice().identifierForVendor?.UUIDString ?? ""
// Saving Id in keyChain
KeychainWrapper.defaultKeychainWrapper().setString(deviceId, forKey: "CurrentDeviceId")

Read data from keychain.

let previousDeviceId = KeychainWrapper.defaultKeychainWrapper().stringForKey("CurrentDeviceId")

if previousDeviceId value is nil or blank then, App install in device first time else your app installed into to device more than one time.

Answer 2

You can use identifierForVendor and store in your server. So that you can check with it and prevent multiple registrations in one device.