Right. Apple has an ongoing effort to deny apps access to persistent unique identifiers that are outside of the user’s control. For more about this, see… well… pretty much any WWDC privacy session over the last 10 years. However, IMO the most telling quote is the one I highlighted in the footnote of this post.
On the fraud prevention front, one good option is Sign in with Apple. However, I suspect that won’t work for you, in which case I recommend that you explore the options in the DeviceCheck framework.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"