It's totally feasible, the problem is whether the people who are distributing the pirated version are also capable of cracking the client the same way e.g. Photoshop cracks work to nullify phone home checks.

Fighting piracy always comes with an effort/reward calculation like that.

You got it wrong.

If it's an online game, the license check is performed on the server side and no amount of clever client cracking won't get around that. When you buy a license, the licensing server associates some sort of ID with your installation, the same ID that must be presented to the server for an online play. No valid license -> no valid ID -> no online play. That's how all massive online games with free clients work. Easy-peasy. The question here is what can be used as an ID in case of iOS games, but, again, this is a solvable problem.

Moreover, the same scheme applies to the standalone software, except there's an extra step involved with strengthening the executable against any modifications. What Photoshop did is the lamest thing possible (and I think it's a valid theory that they did it on purpose to facilitate the piracy rather than to curtail it). A simple option is to sprinkle 100s of conditionals around the code (with a simple pre-processing script if need be), do not issue any sort of messages, but instead just make the code corrupt heap, stack and do other things that would cause the program to go down after a while. Then simply sign the executable. This is very effective. For every complain in the support forums that the program crashed (and a crash dump that shows the absence of a valid file signature), there's a automatic reply that it's a cracked copy, you get what you paid for.

It sounds like you have a lot of experience in this area. I admit I've only really touched on it before on projects I've worked on. Do you know if there's any good books or online guides on this subject, as I find it quite hard to devise these systems myself?

You may want to go through fravia.org archives. It's old, but basic protection principles don't change that quickly (or, looking at it from the other end, rudimentary cracking techniques are the same as well).

Looks like the domain expired? Oh well, thanks anyway :)

That doesn't work if there is significant functionality server-side.

I've seen games do that, mostly Gameloft's, but it's not perfect (the message was shown to me when I restored my backup with a legitimate copy to another, new device, and wouldn't let me play it. Needless to say, I was annoyed).

I'm guessing they're using the device's UDID (or some roll-your-own analogue).

One solution might be to let the user tie their copy to an external authentication service (Facebook, Google, some other OpenID provider). If you wanted to minimize user hassle, you could only require this step if the user wants to move the game to another device (and of course you could limit the number of devices allowed at any one time, similar to Apple's authorize/deauthorize for devices). An inconvenience, sure, but not as annoying as not being able to move the app at all.

Note that I'm not saying that this is THE solution, just the one that comes to mind immediately.

Does anyone see a problem with it?