I have a CloudKit application that has data in publicDB. This is safe data that can be created and read by any authorized user, but I restrict it based on the requests made by my application. For example, a data object indicating a relationship to user A and user B, but not to user C, will never be requested by user C.
I am worried about the possibility that someone could potentially jailbreaking / hijacking my application and fulfill requests that an authorized application has the ability to do, but never will. How can I be sure that the "Authenticated" user is actually a genuine authenticated user using my application, and not some third user entering code into my application?
source share