First, this is a recipe for a case when spammers abuse your service, I.e. there is a problem already. If you do not have this problem, you can give them any subdomain they want.
Second, the verification is only if they want google.myapp.com. If not, easy: they get trial1234.myapp.com
(About late edits I made to this post: How the phones these days manage to auto-corrupt your text after your attention already moved to the next word? Spying - I made my peace with, but this is really annoying!)