Dear Jason,
Thank you for confirming that the email was genuine.
Can you explain why such a short notice period has been chosen for the removal of this feature? Of course features are sometimes removed, but I can really never think of a case where there has been so little notice - just five weeks, or only three weeks if you start counting at then point when Apple stopped telling me that the email was a hoax. I had to double-check what year it is when I read "April 2022".
ODR content will ... have a similar level of security as other Apple-hosted content.
But not the same level of security as SKDownloads, which are restricted to users who have purchased the corresponding IAP. Here is a quote from the StoreKit documentation:
Most apps should use Apple-hosted content for downloaded files. You create an Apple-hosted
content bundle using the In-App Purchase Content target in Xcode and submit it to App Store Connect.
(snip)
Note
Alternatively, you can use On-Demand Resources (ODR) for more flexibility in downloading
data in your app. ODR is an Apple-hosted service you can use to store in-app purchase data for
the user to download content once you've verified the user's purchase using the app receipt.
The advantage of this alternative over SKDownload is that ODR doesn't require you to call to
restore transactions and authenticate the user to download content hosted on Apple's server.
My emphasis. You claim it is an advantage that ODR does not require authentication. What The?????
If you need technical advice implementing ODR, you can submit a Technical Support Incident.
Developer Technical Support does not assist with the implementation of anti-piracy / digital rights management features. (Unless that has changed. Please let us know if that policy has changed recently.)