iOS Exploit: Restoring In-App Purchases to Multiple Game Accounts [closed]

Question

I am creating a server-driven game on iOS that allows players to create a Game Account for multi-device play. My game has In-App Purchases (IAP) that are non-consumable and can be restored or re-downloaded by the original purchaser.

I would prefer that players cannot restore their IAP to multiple Game Accounts. Is this possible given Apple's rules?

Taking Hero Academy for example, it is possible for.

• Player1 to buy all of the IAP on his Game Account and iTunes account
• Player1 to log in to Player2's Hero Academy Game Account
• Player1 to re-download the non-consumable IAP into Player2's Game Account, giving Player2 permissions to all of the IAP
• Player2 to login to his Game Account on his own device and now have permissions for all of the IAP

Result is: Player2 has gotten all of the IAP for free.

I may be able to read in their iTunes account and restrict iTunes restore purchases to a single Game Account. Implementing that solution seems contrary to Apple's guidelines for restoring non-consumable IAPs.

I may consider the purchases consumable and applicable only to a single account, but that seems to skirt Apple's guidelines and would be poor end-user design.

Answer 1

An easy solution to this would be to have a consumable IAP of soft currency that the user spends in-game to buy the non consumable item.

I.e. I buy a consumable IAP bundle of 100 Magic Coins for $5 in order to buy the Magic Bean item that costs 50 Magic Coins.