Imagine the following scenario: I wish to build a photo-sharing social network app similar to Instagram (iOS only for the sake of conversation), and I want to make sure that users are using only my app to upload the photo. If it's not uploaded from inside of the app, I want to discard that photo.
Since anyone can capture the request endpoint, I imagined generating a hash that only my server can interpret. However, the hash algorithm could be found out by reverse engineering/decompiling the app.
Are there any other fool-proof concepts, or is what I'm looking for just not possible?
Thanks!