I'm building a photo editing app with a token-based subscription system using RevenueCat and StoreKit. Users purchase subscriptions that grant tokens for AI generations. There are no user accounts, the app is fully anonymous.
Currently, I generate an anonymous account ID via RevenueCat SDK and store it in iCloud Keychain. This allows users on the same iCloud account to restore both their subscription and token balance across devices. However, users on a different iCloud account can restore their subscription via Apple, but their token balance is lost because there's no way to link the anonymous IDs.
The problem is that if a user switches iCloud accounts or gets a new device without the same iCloud, their purchased tokens are orphaned. The subscription restores fine through Apple, but the token balance tied to the old anonymous ID becomes inaccessible.
I have a few constraints: no user accounts, no email or phone sign-in, must work across devices owned by the same person, and must comply with App Store guidelines.
My questions are: Is iCloud Keychain the right tool for this, or is there a better approach? Would CloudKit with an anonymous record zone be more appropriate? Are there any recommended patterns for persisting consumable balances tied to anonymous users across device migrations?
Any guidance would be appreciated.