How can I validate access to additional content downloaded via in-app purchasing when the device is offline? A user should still be able to access those resources when offline. In theory a hacker could copy an app's additional resources purchased legally, including the plist file, from one device to another and then access those resources on an offline device without a problem.
My initial thought was to encrypt with the user's apple id at purchase time, but I can't get access to it. I can't use the device id, that prevents sharing over the cloud. Just storing the transaction receipt is insufficient, that could be copied to the new device.
I know the problem would only occur for an offline device so perhaps it is not considered to be a major issue, but I would like to protect this additional content. All the examples I've seen seem to assume a device will be online.
Would a plist file copied in this way from one device to another still be work? If so, is there a recommended way to protect additional resources or am I being too paranoid?