Oh, so what you're saying is equivalent to "Apple should have cryptographically signed serial numbers/UUIDs, instead of accepting user-generated values"
But they already have a record of which serial numbers were actually sold (at least since some point), signing a device token/private key would be redundant and allowing user-generated serials to sign in with degraded trust is a policy choice.
But they already have a record of which serial numbers were actually sold (at least since some point), signing a device token/private key would be redundant and allowing user-generated serials to sign in with degraded trust is a policy choice.