So I'm making an app where I want the users to be able add, edit and rate content, but I do not want to force them to register. Instead I was planning on just using their device id or device token to identify them. I'm planning on making both an iPhone and Android version, so I'm looking for a general solution, but the iPhone version has higher priority, so an iPhone specific solution would also be welcome.

The problem is that I don't want just anyone to be able to use my web service by sending a phony device id or someone else's device id.

How would the client prove to the server that it is providing the correct device id?