[[ASIdentifierManager sharedManager] advertisingIdentifier];
[[UIDevice currentDevice] identifierForVendor];
CFUUIDCreate();
Developers who are upset that these IDs could be changed by the user if they restore their device or deliberately reset them are precisely the privacy violators that Apple are trying to eliminate. Yes, there are keychain tricks to create a more persistent ID (or MAC IDs to identify the device, regardless of user) but if you truly need long-term persistent, unique identification users, have them log into your service instead of trying to steal their identity without permission.
Edit: I forgot to mention another clean option for persistent identification... store a uuid from CFUUIDCreate() in an iCloud ubiquity container. Yes, the user will need to have an iCloud account and allow your app to store there. However, it does not require the user log into anything new and is the only measure that will follow a user through both app deletion and device changes (other than logging into your servers).
I think the idea here is that some services just plain don't have login flows, and are marginal enough that they might see massive use-decreases if they begin to hassle their users to create yet another account to use their service. If the user loses their vendor token for one of these apps, they'll have no way to get their data back; it'll be like their account just evaporated (which doesn't at all follow the Principle of Least Surprise, which to me might justify the use of these "more permanent" tokens to give users what they were expecting--persistent accounts tied to their device.)
This seems more like an argument for something like a "device profile" within your iCloud account--a generalization of device backups. Restoring the device and then logging back in with your iCloud ID would reattach the device to its profile, and then all your vendor tokens would be restored along with it, whether or not you chose to restore the whole device from a backup. Obviously, there would be an online interface to (selectively or completely) erase a device profile, achieving the same thing as a "token reset" but without the risk and allowing for a much clearer "you are doing something very permanent to your identity" signal.
UDIDs are fundamentally flawed methods of associating data on your server with your users. The data loss scenario is similar to a scenario inherent in using UDIDs. Buying a new device means that you've lost all your data, with no way to restore it to the new device (besides creating a fully-fledged sign up system, which you've ruled out.)
Vendor identifiers fix this. The vendor identifier is only lost when the app is uninstalled. It's backed up and can be restored onto new devices when you upgrade.
Do you really think it's surprising to lose your data when you uninstall an app? It completely follows the "Principle of Least Surprise" to lose your data, it explicitly says you'll lose it when you uninstall apps. If you want to persist data beyond the lifecycle of an app installation, you should probably consider a sign up system at that point.
Using "CFUUIDCreate" IS WRONG, though. It generates a GUID. That's what CFUUIDCreate is supposed to do. But it's the wrong method to call to get the advertising identifier.
You get the advertising identifier from ASIdentifierManager, and it does not change unless the user resets it.
https://github.com/gekitz/UIDevice-with-UniqueIdentifier-for...
MAC Address based solutions are still okay right?
Also, if you don't need to identify devices per se, you can fallback on a generated GUID which you persist via NSUserDefaults.
It'll identify the user for the lifespan of that app install on the device.
The progress (some) OS vendors have made at keeping people current is really pretty fantastic when you compare to the situation 10 years ago.
Ubiquity container: Does anyone use and track this? How many % of people have iCloud enabled for third-party apps? (Just asking because I turn this off on all devices; I don't have any app that uses this, so all I am disabling is abuse)
Now this wouldn't be an issue except that Apple doesn't allow you to support the iPhone 5 without targeting iOS 4.3 or higher. So this kills off support for iOS 3.1.3-4.2. This might not seem like such a bad thing, but if you're targeting certain demographics like kids (as I am), it cuts off a significant percentage (7% in my case) of users.
Google has been focused on enabling backwards compatibility since at least Android 1.5 (well before anyone knew how Android updates would play out in practice): http://android-developers.blogspot.sg/2009/04/backward-compa...
Meanwhile, Apple seems to prefer to make achieving backwards compatibility as hard as possible (short of explicitly banning it).
Still it is a hack that Apple could start disallowing at any time.
Anyone bothered by this is probably doing something wrong.
See: https://developer.apple.com/library/ios/#releasenotes/StoreK...
The bit about non-public APIs on that page is interesting though - if there is a genuinely necessary use case for device IDs it may not be affected.
iOS 6 - use vendor identifier iOS 5 - create an ID via CFUUIDCreate() and save it iOS 4 - can be safely excluded from support
I'm asking this as an end user - I want to see this usage banned so that apps cannot track me using the MAC address.
An update to the testflight sdk should be sufficient for production applications with testflight integration.