I had been too @thinginnovations , and then it stopped new devices from joining when I registered them. Something has changed...
It feels to me like there is a missing combination:
"Default" app key - means you do not need to register any devices, just give them the appeui and appkey and they're good to go. Downside is that you can't stop a device from using the app once it has the key.
"Unique" app key per device - so each device is registered and given its own appkey for the appeui. Plus side - control over which devices are allowed to use your app. Down side - really quite a big admin overhead because you need to update the appkey for each device in its code.
3 - the one that I'd like - "Single" appkey for the application, but each device needs to be registered. Plus sides - control over which devices are allowed to use your app, and you can use the same code image for all devices, so mass production more feasible. Downsides - ...seemingly not as secure as option 2
There's an alternative approach which Mike the Bee and I discussed last week, which is option 2 but where your device calculates its own appkey based on its Device EUI, so you can avoid some of the admin overhead. You would need to use the same hashing function to key in the appkey when you register the device, but I imagine that could be semi-automated.