If an app has a text filtering extension and associated server that the iPhone OS communicates with, then how can that communication be authenticated?
In other words, how can the server verify that the request is valid and coming from the iPhone and not from some spoofer?
If somebody reverse engineers the associated domain urls our of the app's info.plist or entitlement files and calls the server url directly, then how can the server detect this has occurred and the request is not coming from the iPhone OS of a handset on which the app is installed?