[credo]

no, the iPhone doesn't provide a "non-forgable UUID" The [UIDevice currentDevice] uniqueIdentifier isn't going to work because it is trivial to spoof the deviceIdentifier.

You could potentially design your own authentication mechanism and implement the appropriate client-code and server-code to verify (over ssl) that the server request really came from the client that you implemented and from a valid user/subscriber. If your client-code can only run on the iPhone, that may be sufficient to prove that the client is an iPhone and that the user is a valid subscriber.