Apple urges developers to not use DeviceCheck for anything beyond basic device verification, and if you’re a developer that’s also misusing it, then you should definitely cease that—there are probably more reliable ways to check whether it’s the same user trying to access an account from a device or not.
For example, you might use this data to identify devices that have already taken advantage of a promotional offer that you provide, or to flag a device that you’ve determined to be fraudulent.
Sounds reasonable…
But then, why would you use it?
Oh, ok. Wait, what? But…
Luckily Apple strictly controls the App Store and will never allow apps to abuse this, right? Right?