This is something that the BBC did with iPlayer: http://po-ru.com/diary/device-discrimination-on-the-internet...
I've not quite worked out how to implement it though
How about this:
1. Use the current GMT date/time to generate an encrypted api point like adfa923asdf.yourdomain.com. 2. Make it change every day. 3. For all other hostnames besides the correct one for the day, dump random data so the fake app cannot tell whether or not the api is giving out the right results for sure. All your apps will be pining the right api end point where as the fake ones will have a hard time catching up.
Also, use authentication on top of all of this.
This is not possible. You should design your architecture so that this either does not matter or has a bounded cost.