[wzhack]

I am not sure Apple can differentiate Apple devices over HTTP except UA header. Maybe they can develop a proprietary streaming protocol but is it worth?

[pedrocr]

There are probably a bunch of ways of checking with javascript that are much harder to spoof than the UA.

[jcfrei]

yes, for example with device fingerprinting. the Electronic Frontier Foundation has a nice test page online: https://panopticlick.eff.org/ however apple could apply a much simpler filter by checking whether the screen size fits the exact specs of their iphones / ipods and ban any other devices.

then again, you might always access the source directly, circumventing the need for js entirely.

[hmert]

I am not sure related native iOS streaming libraries integrate JavaScript security just to protect iTunes previews.

[w1ntermute]

That could be easily updated if necessary. Moreover, it's entirely possible that there are dormant APIs precisely in case this sort of thing happened.