In the app, you're always logged in once you register. Yes, I know it is a security breach, but so is losing your stupid phone.
You enter your email to register. And if you ever change phones, you simply do what is commonly known as a "password recovery", but don't actually get a password, you just get perma logged in.
Here's a secret for people who deal with hackers: Have the app generate a keygen unique to the phone: Time stamp it, time stamp it again on the first click, get the X/Y position, and you have a pretty unique code. Keep that code permanently with the installed app, so if they're banned and forget to uninstall your app, they're banned again. Also this key could be used to login automatically without even registering! But if they ever want to recover their account if they lose their phone, they should enter their email in the settings.