What Privacy-Violating or Device-Changing Things How to Do on an Iphone

What privacy-violating or device-changing things can I do on an iPhone?

No. The whole thing is designed so developers can't do stuff like that. Imagine if you could. You'd do these things for beneficial purposes, of course. But how long would it take for malicious apps to appear? Users wouldn't like that, and Apple would like it less.

So, no.

Send notification when iPhone is turned on or off

No, this is not possible. You can detect your app is going to background or to foreground and more but not this.

__CRASHING_DUE_TO_PRIVACY_VIOLATION__

I had to add a string for NSCameraUsageDescription in the plist because user is allowed to take photos.

Method triggered by Change in orientation

Depends when you want to react:

If before rotation, override from UIViewController:

- (void)willRotateToInterfaceOrientation:(UIInterfaceOrientation)toInterfaceOrientation duration:(NSTimeInterval)duration
{
 // do something before rotation
}

If you want to perform something after rotation:

- (void)didRotateFromInterfaceOrientation:(UIInterfaceOrientation)fromInterfaceOrientation
{
 // do something after rotation
}

Reference:

http://developer.apple.com/library/ios/documentation/UIKit/Reference/UIViewController_Class/Reference/Reference.html#//apple_ref/occ/instm/UIViewController/willRotateToInterfaceOrientation:duration:

Can I prevent an iOS user from changing the date and time?

You won't be able to prevent a user either changing their clock or just hitting your API directly as other commentators have posted. These are two separate issues and can be solved by having a local time that you control on the device and by generating a hashed key of what you send to the server.

Local Time on Device:

To start, make an API call when you start the app which sends back a timestamp from the server; this is your 'actual time'. Now store this on the device and run a timer which uses a phone uptime function (not mach_absolute_time() or CACurrentMediaTime() - these get weird when your phone is in standby mode) and a bit of math to increase that actual time every second. I've written an article on how I did this for one of my apps at (be sure to read the follow up as the original article used CACurrentMediaTime() but that has some bugs). You can periodically make that initial API call (i.e. if the phone goes into the background and comes back again) to make sure that everything is staying accurate but the time should always be correct so long as you don't restart the phone (which should prompt an API call when you next open the app to update the time).

Securing the API:

You now have a guaranteed* accurate time on your device but you still have an issue in that somebody could send the wrong time to your API directly (i.e. not from your device). To counteract this, I would use some form of salt/hash with the data you are sending similar to OAuth. For example, take all of the parameters you are sending, join them together and hash them with a salt only you know and send that generated key as an extra parameter. On your server, you know the hash you are using and the salt so you can rebuild that key and check it with the one that was sent; if they don't match, somebody is trying to play with your timestamp.

*Caveat: A skilled attacked could hi-jack the connection so that any calls to example.com/api/timestamp come from a different machine they have set up which returns the time they want so that the phone is given the wrong time as the starting base. There are ways to prevent this (obfuscation, pairing it with other data, encryption) but that becomes a very open-ended question very quickly so best asked elsewhere. A combination of the above plus a monitor to notice weird times might be the best thing.

Is it possible to use iPhone's volume control buttons for some other purpose?

Changing the behavior of iPhone external hardware buttons is a
violation of the iPhone Developer Program License Agreement.

There is an app that was banned from the appstore for trying this.

Ironically, iOS5 Camera App allows to use the volume control as a shutter. Perhaps the SDK will eventually allow more.

How to block specific iOS Devices from using my App?

The DeviceCheck APIs were created for this purpose.

Using the DCDevice class in your app, you can get a token that you use on your server to set and query two binary digits of data per device, while maintaining user privacy. For example, you might use this data to identify devices that have already taken advantage of a promotional offer that you provide, or to flag a device that you’ve determined to be fraudulent.

Highlight mine.

Essentially, this API allows you to set a few flags on specific devices and check against them, without having to violate user privacy with unique IDs.

Like the documentation states, you will need to use a combination of these APIs with your server to block fraudulent devices.

It even provides a DCAppAttestService API you can use to validate the integrity of your app. As an extra note, it cannot check for jailbreak, but you can even check if your app has been modified in an unauthorized manner to act against that.